Wall STreet
Cryptocurrencies,  Regulation

Coinbase completes two security audits to woo institutional investors

Grant Thornton conducted rigorous evaluations for the crypto exchange’s custody solution, certifying it SOC1 and SOC2 compliant

In a move to lure more institutional money into the space, U.S. crypto exchange Coinbase just completed two major security audits for its custody solution. 

As detailed in a blog post Tuesday, Coinbase Custody, the exchange’s custody subsidiary, said it recently underwent its SOC1 Type 2 and SOC2 Type 2  compliance certifications for the second half of 2019.

“These two certifications highlight the procedures and security we have in place to provide a world class experience on our custodial platform,” Coinbase said.  

SOC stands for “service organization control,” and Type 2 simply means the audit was done over a minimum period of six months, as opposed to a snapshot in time. Built on standards set by the American Institute of CPAs, the SOC1 looks at an organization’s financial reporting, while the SOC2 focuses on how a company secures and protects its customer data.

Accounting giant Grant Thornton carried out the rigorous audits, which took several months and by some estimates, can run from $30,000 to even $100,000 each. In all fairness, data breaches can cost a lot more. 

Custody solutions

Crypto custody solutions are offline storage and security systems designed to safely hold massive sums of cryptocurrency. As one of the latest innovations in the crypto industry, they have been expected to herald the entry of great sums of capital from Wall Street investors. 

That hasn’t quite happened yet, but the hope is still there. And regular security audits could mean a lot to pensions, hedge funds, endowments, and other institutional investors, who are considering put capital into bitcoin, ether, or other digital assets. But safety is, of course, a numero uno concern, especially given the history of hacks on crypto exchanges.

To make the big money feel more comfortable, Coinbase said it plans to perform regular SOC1 and SOC2 examinations in the future to maintain a consistent level of “rigorous security and oversight standards.” 

It also claims to be the first crypto custodian to attain both compliance certifications. Although a year ago, Gemini, the New York-based crypto exchange operated by Cameron and Tyler Winklevoss, said it had completed an SOC2 audit for the full year 2018 for both its exchange and Gemini Trust custody platform. Around the same time, Gemini started an ad campaign saying that crypto “revolution needs rules” to position itself a safe harbor in a space rife with fraud.  

In a competition to show who is the safest, both exchanges have been playing up to regulators and rules for cryptocurrency investing. Coinbase’s announcement comes only a month after Gemini announced its captive insurance solution, which covers losses up to $200 million for customers of its custody solution. 

Amy Castor has more than 20 years' experience in journalism. Her work on crypto and blockchain has appeared in consumer and trade publications throughout the U.S., including CoinDesk, Forbes, Bitcoin Magazine, and The Block.