Crypto certification |
certified logo


CertificationPenetration test
(1 year)
Proof of fundsBug bounty
Uncertifiedicon absenticon absenticon absent
icon logoicon 1 staricon mixedicon mixedicon close
icon logoicon 2 starsicon presenticon presenticon close
icon logoicon 3 starsicon presenticon presenticon present
    • Uncertified
    • Proof of funds

      icon close
    • Penetration test (1 year)

      icon close
    • Bug bounty

      icon close
    • certified logoicon 1 star
    • Proof of funds

      icon mixed
    • Penetration test (1 year)

      icon mixed
    • Bug bounty

      icon close
    • certified logoicon 2 stars
    • Proof of funds

      icon yes
    • Penetration test (1 year)

      icon yes
    • Bug bounty

      icon close
    • certified logoicon 3 stars
    • Proof of funds

      icon yes
    • Penetration test (1 year)

      icon yes
    • Bug bounty

      icon yes
  • 01

    CyberSecurity Score (CSS)_

    The CyberSecurity Score is a combination of server security, user security, preventive security and historical hack cases.

    • AAA>9,5
    • AA>9
    • A>8,5
    • BBB>8
    • BB>7,5
    • B>7
    • CCC>6,5
    • CC>6
    • C>5,5
    • D<5

    The CyberSecurity Score calculates as a sum of factors

    • 1.75

      Server security

    • 1.75

      User security

    • 2.5

      Penetration test

    • 2.5

      Bug bounty

    • 1

      ISO 27001

    • 0.5

      Funds insurance

    • Server Security

      • SSL TLS
      • WAF CDN
      • DNS SEC
      • SPF
      • Open ports
      • Http security headers
      • Spam db
      • Cookie security flags
    • User Security

      • 2-factor auth
      • Captcha
      • Password Requirements
      • Device management
      • Anti-phishing code
      • Withdrawal whitelist
      • Previous hack cases
    • Preventive security

      • BugBounty
      • Penetration test
      • ISO 27001
      • Funds Insurance
  • 02

    Penetration Test_

    Penetration Test icon

    Penetration testing, also known as Ethical hacking is a critical tool for analyzing the security of IT systems. The objective of a penetration testing is to identify ways to exploit vulnerabilities to circumvent or defeat the security features of system components by simulated attacks in a controlled environment carried out by third-party security specialists who employ the same techniques as attackers located outside the system infrastructure.

    Penetration tests submitted for certification should meet generally recognizedrequirements

  • 03

    Proof of Funds_

    Another important criterion to be certified is the proof of funds as claimed by cryptocurrency exchanges. Insolvent exchanges can lead to massive damages to users, especially when withdrawals exceed the available funds on the exchange. To combat this, CER requires exchanges to:

    • proof icon

      Identifiable Wallets

      All wallet addresses owned by the cryptocurrency exchange must be publicly disclosed and provable on blockchain explorers.

    • proof icon

      Minimum Funding Limit

      Certification of cryptocurrency exchanges will only be conducted for exchanges with a wallet balance of more than $1 million USD (in ETH and BTC terms).

  • 04

    Bug Bounty_

    The fourth component of certification is a Live Bug Bounty program, which is an activity aimed at finding vulnerabilities by leveraging the power of the ethical hackers’ community. A pool of thousands of individuals with varied skills and backgrounds produces robust results and thanks to continual testing, crypto exchanges can improve the quality of their infrastructures by eliminating high-frequency functional bugs before they can do significant damage.
    Self-hosted bug bounty programs are evaluated twice less than third-party managed (1.25 from 2.5 points). Currently, we dont provide a certificate for self-hosted programs.
    A self-hosted bug bounty program may be evaluated as third-party managed if the platform provides a review from a well-known third-party auditor company.

Become CERtified

To obtain a CERtificate, please contact us to provide relevant data about the latest penetration testing, wallet balances, and a bug bounty program.