5 min read

Billion Dollar Problem - Legacy Cybersecurity Standards Fail Crypto Businesses

Billion Dollar Problem - Legacy Cybersecurity Standards Fail Crypto Businesses

It's a glaring truth that has, until now, been shrouded in a cloud of misplaced trust and false assurance: traditional cybersecurity certifications like SOC 2 Type 2 are not sufficiently protecting crypto companies from being hacked. According to the REKT database of top crypto hacks, a staggering $77 billion has been lost to various crypto exploits since 2011. Among the massive collection of crypto hack victims, the recent hack of Floating Point Group (FPG), a well-known crypto prime broker, stands as a stark testament to this harsh reality.

Despite being the proud bearer of the SOC 2 Type 2 certification, FPG fell victim in June 2023 to a hack that resulted in staggering losses. In the wake of this disaster, one thing has become painfully clear: SOC 2 Type 2 certification, a beacon of trust and reliability for traditional companies, now falls short in the face of the sophisticated threats that crypto companies face. It's time to shift gears, to move towards supplementing existing SOC and ISO standards with more specialized requirements for crypto companies.

The answer? Cryptocurrency Security Standard (CCSS).

CCSS is a globally recognized standard of security that addresses the unique threats facing the crypto industry. It's not just a simple patch to an existing framework but a comprehensive and specific solution designed to safeguard digital assets. It is the only standard that is laser-focused on private key management, which is not covered by legacy standards.

In a groundbreaking initiative, crypto crime fighting company CAT Labs is joining forces with the non-profit organization C4 (CryptoCurrency Certification Consortium) to champion the adoption of CCSS in the crypto industry. This strategic partnership aims to accelerate the implementation of the CCSS security standard via educational programs, certifications and political outreach, fostering a robust shield of protection for digital asset custodians, crypto hedge funds and other businesses dealing in digital assets.

The first initiative emerging from this partnership is a basic training course on mastering the CCSS Level 1 standard designed for crypto asset managers, hedge funds, insurance companies, family offices and executives at crypto companies. This course will provide a firm understanding of what is needed to obtain CCSS Level 1 Certification. Interested parties can pre-register HERE.

"C4 has been a trailblazer in open blockchain education and crypto cybersecurity standard setting. Their mission perfectly aligns with our goal to bolster cybersecurity within the crypto industry, " said Lili Infante, CEO of CAT Labs. "Together, we are set to make the CCSS standard the industry norm, paving the way for a safer Web3 ecosystem."

“CAT Labs is dedicated to protecting users of crypto and mitigating vulnerabilities associated with holding digital assets and C4’s CryptoCurrency Security Standard (CCSS) is a way to hold organizations accountable for the way in which they manage private keys,” said Jessica Levesque, Executive Director of C4. “Our shared mission will make the Web3 ecosystem safer, increasing protection from bad actors and overall key mismanagement, thus driving crypto adoption.”

This strategic initiative is supported by major crypto industry leaders including crypto infrastructure providers, investors and cybersecurity auditors to ensure a safer and more prosperous future for the cryptocurrency industry.

"Digital assets and the cryptocurrency rails are actively transforming the financial industry. As the first company to achieve Level 3 CCSS certification, we at Fireblocks understand the importance of robust cybersecurity measures required to safeguard cryptocurrency assets. We applaud the efforts of CAT Labs and C4 in their partnership to drive the wider adoption of the CCSS security standard. It is initiatives like these that will solidify the security infrastructure necessary for digital asset custodians, crypto hedge funds, and other businesses in our industry. Now is the time to embrace the future of finance and ensure its safety for all participants," says Michael Shaulov, CEO of Fireblocks - the leading enterprise crypto management platform in the industry.

"At Halborn, we recognize the unparalleled importance of safeguarding digital assets in this rapidly evolving crypto landscape. With our team of dedicated CCSS-certified auditors, we have seen firsthand the efficacy of the CCSS framework. It's more than just a security standard; it's a testament to the maturation and sophistication of the crypto industry. We wholeheartedly endorse the CCSS standard initiative and believe it represents the future of crypto security," said David Schwed, COO at Halborn - an elite cybersecurity company for blockchain organizations.

"As a leader in crypto hedge fund investments, Amphibian Capital recognizes that the legacy cybersecurity standards are not enough to protect crypto asset managers from cyber exploits. We stand firmly with CAT Labs and C4's initiative to implement the CCSS security standard across the industry. It's high time we fortify the infrastructure of digital finance to safeguard our future," asserts James Hodges, General Partner and Co-Founder of Amphibian Capital - a leading fund of funds focusing on investing in crypto hedge funds.

“Cybersecurity and overall risk management are of the utmost importance to the continued development of the digital asset ecosystem. Lockton believes that consistent and attainable industry standards are key to bridging the gap between growing companies looking to build comprehensive risk management frameworks and the insurers they need to support them. Standards like the CCSS and the efforts of companies like CAT Labs and C4 provide companies looking for insurance with an opportunity to credential themselves and insurance markets with a measurable benchmark to aid their underwriting processes. We are excited to see what the future holds as the CCSS initiative continues to gain traction,” said Sarah Downey, Blockchain & Digital Assets Advisory Leader at Lockton - the world’s largest insurance brokerage.

“Insurers of digital assets would greatly welcome an industry wide adoption of an appropriate certification specifically designed for the assessment and qualification of digital asset systems. Insurers can underwrite more traditional, physical asset classes in a fraction of the time it takes to underwrite a digital asset risk and the disproportionate time cost of underwriting has to be accounted for as part of the insurance premium calculation. The creation and adoption of a digital asset system specific set of standards would potentially significantly improve the efficiency of our underwriting and this time cost saving can be passed onto the insureds in the form of a premium cost saving,” said James Croome, Underwriter at Arch Insurance Group - a market-leading specialty insurer.

About CAT Labs:

CAT Labs is building digital asset recovery and cybersecurity tools to enable the public and private sectors to fight crypto-enabled crime. CAT Labs team is the “Special Forces” protectors of the crypto industry with unparalleled blockchain security experts, cryptographers, former U.S. Department of Defense computer scientists, ethical hackers and U.S. Department of Justice investigators, who spent the past decade taking down some of the most prolific crypto criminals. CAT Labs is developing cutting edge encryption technology for key management, insider threat management, ML-powered anti-phishing solutions, and digital asset recovery tools.

About C4:

C4 is a non-profit organization dedicated to fostering education, certification, and standards in the fast-evolving blockchain technology space. C4 offers certifications for professionals to validate their knowledge of open blockchain technology and standards, as well as educational programs for those new to the industry. C4 is also the developer of the first-ever CryptoCurrency Security Standard, which provides a clear security rating for private key management.