A cybersecurity company has launched certification standards for crypto exchanges—in the hope that it can help users avoid trading platforms that don’t invest enough in security.
Hacken’s CERtified standard is based on four factors. The first looks at server security, user security, and historical hacking incidents.
Second, penetration tests are used to imitate the actions of malicious actors attacking an exchange.
Third, platforms are urged to disclose their wallet addresses so proof of funds can be verified—delivering accountability and an objective way of ranking the risk of insolvency.
And lastly, exchanges are scrutinized based on whether they engage in bug bounty programs where cybersecurity experts and hackers are rewarded for detecting software and configuration errors that their developers may have missed.
This criteria is then used to calculate a “CyberSecurity Score,” with top-performing exchanges receiving a maximum of three stars.
Hacken’s new feature follows the launch of the Crypto Exchange Ranks website in 2018, which it claims was the first platform to set cybersecurity standards among exchanges. The company says the CERtified methodology has already been embraced by the industry, and more than 50 exchanges are listed on CER.live.
Cybersecurity is ‘paramount’
Hacken says the stakes are high when it comes to security on crypto exchanges given how they are responsible for digital assets that can be worth tens or hundreds of millions of dollars, making them a prime target for cybercriminals.
The company doesn’t just champion exchanges that pass its stringent tests. It also publishes data on platforms that fail. As a blog post setting out its methodology explained: “This means that users can easily choose a reputable and highly rated cryptocurrency exchange and have the ease of mind to trade their digital assets.”
Looking ahead, Hacken said it is planning to introduce digital asset financial audits, as well as reviews of internal controls at exchanges, in order to prevent exit scams. One notorious case mentioned by the cybersecurity company is that of QuadrigaCX, the doomed exchange which collapsed following the alleged death of CEO Gerald Cotten in India in December 2018. Almost $140 million is still missing—and although it was initially thought these funds couldn’t be retrieved because Cotten was the only one with access to private keys to cold storage, it’s reported many of these reportedly inaccessible wallets were virtually empty.
“Hacken and our CER.live initiatives are here to help educate and protect the community against malicious actors and hackers,” said Hacken Group CEO Dyma Budorin. “We are strictly impartial and independent in our assessments, and we are confident that CER will be more and more important moving forward.”