At the beginning of April 2022, CER.live released a new security rating for cryptocurrencies, covering more than 1,500 virtual assets. It was one of the most anticipated updates in our crypto industry in H1 2022. Why?
In Q1 2022, $1.3B in cryptocurrencies have been stolen by malicious actors, a 40% increase compared to the same period in 2021. 97% of stolen assets were derived from DeFi protocol exploits compared to 72% in 2021 and 30% in 2020. Thus, users still face considerable risks when investing in crypto. CER 2.0 aims to mitigate the scope of crime in the crypto industry significantly.
CER 2.0 covers the top-1,500 cryptocurrencies by CoinGecko that constitute more than 10% of all coins circulating in the crypto universe. As of now, this means that all tokens with >$5M market cap are covered by this rating (with a few exceptions).
From 25 May 2022, CER 2.0 data regarding the security of cryptocurrencies is integrated into CoinGecko. Users can see this information on the cryptocurrency’s page in the section titled “security”.
In this section, CoinGecko viewers will see four indicators:
- Security score
- Platform audit coverage
- Bug bounty score
- Insurance score
These indicators allow users to realize whether their chosen project meets the best security practices and whether the project invests enough resources to prevent hacks.
As a result, before investing in projects, users will be able to easily check how secure their chosen projects are. Also, the majority of retail investors cannot interpret code audit reports written in technical language. Thus, instead of spending hours analyzing the code and its audit report, users will just need to look at the platform audit coverage and total security score given to a project by CER.
“Investing in cryptocurrencies carries certain additional risks compared to other asset classes. As crypto investors, one area we should be mindful of is the security level of tokens. With the integration of CER 2.0, we hope to improve user awareness of token security and enable all CoinGecko users to make well-informed decisions,” said Bobby Ong, co-founder and COO of CoinGecko.
CER 2.0 Rating Development
Data collection process
CER 2.0 rating has become a reality thanks to active community involvement. In October 2021, the company Hacken launched the initiative called Hacken Scout that provided for rewarding active users for finding and sharing requested data regarding the security of cryptocurrencies.
42 scouts were given tasks to find security information about more than 1,500 tokens following easy-to-understand instructions on where to look for the required data. In the two weeks following the launch, the data collection process was completed and the CER team started validating data.
The purpose of this initiative was to carry out a comprehensive audit of the global cryptocurrencies market since it is evident that many projects are failing to take adequate security measures.
According to the CER 2.0 methodology, the final security score given to a project is formed based on 12 indicators, with three main indicators displayed on CoinGecko. The maximum point for each indicator is 10. Each indicator has its predetermined weight in the final score depending on the project type. Some indicators are relevant only for specific project types. In this case, the weight for the other indicators will be larger.
CER.live & CoinGecko: why does this integration matter?
CER.live and CoinGecko became partners in July 2020 when CER’s crypto exchanges cybersecurity score was integrated into CoinGecko’s Trust Score. The security component now weighs 20% of the Trust Score (2/10 points). Thus, the exchanges that are interested in appearing at the top of the rating will have to improve their cybersecurity practices.
As a result, between 2020 and 2021, the number of exchanges with audits and bug bounty programs doubled.
According to CoinGecko, there are close to 400 active crypto exchanges (24H trading volume >0) and 305 of them are covered by CER 1.0 rating.
Crypto exchange hacks have now become rare; only four crypto exchange hacks took place in 2021. The integration of CER 2.0 into CoinGecko will give a positive impact to cybersecurity in the cryptocurrencies market.
Currently, only 18 out of more than 1,500 projects meet all security requirements, including insurance. The infographic above demonstrates alarming indicators of the low-security status existing in the cryptocurrency market since only less than 10% of all projects may be considered safe investment options. It is also important to consider that the results for the other cryptocurrencies that are not included in the top 1,500 list may be much more terrible since these projects have smaller budgets.
The purpose of CER 2.0 integration into CoinGecko is to protect hundreds of millions of USD of users’ assets from being stolen by malicious actors as a result of theft or by unethical project owners as a result of scam such as rug pull. Those projects that do not spend enough (or even any) resources on security testing are much more likely to be scams than those projects that heavily invest in security. Investing in security means respecting users.
May 25 – this day will change the global Web 3.0 cybersecurity landscape.