CER.live token rating update. Only 2% of tokens are fully secure
We have updated the token security score. Now, by choosing the category “token” in the cryptocurrency rankings by security, you will see 168 tokens.
Tokens are virtual assets created by platforms building on top of a specific blockchain protocol. Tokens serve multiple purposes such as allowing participation in DeFi mechanisms, playing games, or accessing platform-specific services. In the CER.live rating, tokens are those virtual assets that are not attributable to any other category. For example, the tokens with the biggest market cap listed on the CER.live rating are Wrapped Bitcoin, Lido Staked Ether, Theta Fuel, cUSDC, and Huobi BTC.
The tokens have been evaluated under the updated token security methodology that does not count platform audit in the final score. All other types of cryptocurrencies need to have a platform audit in place to get the highest score. The final security score given to tokens consists of the following indicators and each indicator has its pre-determined weight:
- Is token audited – 0.15
- Auditors score – 0.1
- Findings fixed – 0.15
- Findings published – 0.1
- Project verified – 0.03
- Audit relevance – 0.15
- Is team public – 0.02
- Insurance – 0.15
- Hack cases – 0.15
Thus, the main token security indicators are token audit and its relevance, insurance, and the project’s focus on improving security in the form of following bug fixing recommendations provided by an auditor.
Brief description of main security indicators
Token audit: professional code review performed by a third-party cybersecurity provider. It is aimed at detecting security and logic vulnerabilities that may affect user experience and cause financial damage to them. The token audit is a cybersecurity must-have for Web 3.0 projects;
Token audit relevance: the project has undergone a token audit but deployed the other code. So, the deployed code may be insecure for users and there is a risk that the audit is just a manipulation aimed at creating a false image around the project;
Are audit findings fixed: a project is not obliged to follow security recommendations provided by a vendor. There are unethical players for whom speed is more important than security. They pass token audit just for a tick and do not do anything to introduce required fixes thereby leaving their products vulnerable to hacks;
Insurance: even the most professional and top-notch token audit cannot guarantee the ultimate security of users’ assets. Insurance allows projects to get at least a partial refund of stolen assets if a hack takes place.
Based on the new results, the level of token security is not adequate.
Token security: scaring facts
- 106 tokens (63%) don’t have audit and insurance;
- 58 tokens (35%) have audit;
- 16 tokens (10%) have insurance;
- Only 4 out of 168 tokens (2.4%) have both relevant audit and insurance.
Tokens mostly neglect undergoing basic forms of security testing. However, even with token audits in place, virtual assets cannot be considered secure for end-users. Why? Look at the facts provided below.
Among 58 cryptocurrencies with token audit:
- Only 36 cryptocurrencies (62%) have token audit codes matching the published ones;
- 17 сryptocurrencies (29%) have not fixed issues detected during a token audit or have not published token audit results;
- 4 сryptocurrencies (7%) with relevant token audits have insurance in place.
Top 10 tokens by security
Overall, the cryptocurrencies included in the category “token” are mostly not secure for users since only 8 tokens have a security rating of A or higher. It is reasonable to conclude that the majority of the projects covered by the category “token” do not invest enough resources into building their own security and, thus, put their users at risk of losing money. Before investing your money in any token, double-check its security status at CER.live and DYOR by analyzing its website, social media, and feedback shared by other users or independent industry experts.