Crypto.com, a payments and cryptocurrency platform, has completed an external security assessment which, it claims, proves its ongoing commitment to security in the cryptocurrency space. Crypto.com argues it has built its offerings on a solid foundation of security, privacy and compliance which satisfies Cryptocurrency Security Standard Level 3, ISO 27001:2013 and PCI:DSS 3.2.1, Level 1 compliance.
Andrew Howard, CEO of Kudelski Security said: “We consider Crypto.com a critical project and an example of a fully transparent company that operates its exchange and crypto offerings with security and data privacy at the forefront. Through our collaboration, we were able to resolve any found vulnerabilities, showing the value that exchanges can derive from partnering with a comprehensive security company.
“Programs built upon NIST Cybersecurity Framework or similar compliance, standards, and testing have proven to be successful within traditional banking communities and as the crypto market matures, it’s great to see Jason and Crypto.com leading mature adoption of security practices.”
Crypto.com, founded in 2016, asserts that: “it’s a basic human right for everyone to control their money, data and identity”. To support this it has created a platform with >1M users which offers an alternative to traditional financial services. It turns the idea of a ‘cryptocurrency in every wallet’ into reality where users can:
- buy and sell 7 fiat and 53 cryptocurrencies
- access, manage and spend funds with the MCO Visa Card
- top up with bank transfers, debit or credit cards or crypto
- buy crypto with fiat (currency) or with a credit card
- send crypto and fiat currencies to the Crypto.com Wallet App without fees
- withdraw crypto to external wallet addresses (for a small fixed fee)
- track and monitor 200+ coins (prices, volumes, market caps, % changes and more)
- view charts (US$, BTC—8H, etc).
Crypto.com tries to make it simple to sign up. New users only need:
- an email address
- a phone number
- one identification document.
Jason Lau, Chief Information Security Officer of Crypto.com said: “A key component of any cybersecurity strategy is to engage with external security auditors to provide additional assurance. Security threats can come from many different areas, and my philosophy is to work with the best in the industry to help safeguard our systems, and further shows our commitment to cybersecurity in the crypto-space.”
Kudelski Security’s involvement
Kudelski Security offers cybersecurity innovation and advice to security-conscious client organisations/enterprises. Its services enable it to:
- evaluate, on a continuous basis if necessary, an organisation’s security posture
- recommend solutions which will reduce business risk, maintain compliance and increase overall security effectiveness.
Clients include Fortune 500 enterprises and government organisations in Europe and the US – because its services address the most complex environments and issues. It delivers via capabilities which include:
- managed security services.
Kudelski Security launched its Blockchain Security Center (BSC) earlier in 2019. This provides a suite of services, including cryptography expertise, to the blockchain crypto, exchange, developer, and enterprise community – which is what Crypto.com sought.
Before engaging Kudelski Security, Crypto.com completed its own detailed security assessment, embracing:
- external penetration testing
- threat modelling
- risk control reviews.
To ensure the completeness of its security controls, Crypto.com then engaged the Kudelski Blockchain Security Center to conduct:
- a thorough external security test
- a full threat modeling exercise.
Kris Marszalek, Co-Founder and CEO of Crypto.com said: “Crypto.com is already CCSS (Level 3), PCI-DSS (Level 1) and ISO 27001:2013 compliant. Assurance by Kudelski Security is yet another step to safeguard out platform. We will continue investing heavily in our people, technology, and processes to maintain the highest standard of security in the industry.”
Enterprise Times: what does this mean
The crypto world is catching up. Security audits are common enterprise activities, though (perhaps) not as common as they ought to be.
The challenge in the past, for the crypto world, for organisations like Crypto.com, was finding third party organisations capable of providing the understanding and technological capabilities applicable to the crypto/blockchain environment. This is what Kudelski Security’s BSC possesses.
That said, as with every security audit, there is no proof that all is well, only that reasonable steps have been taken. Nevertheless, Crypto.com’s engagement of Kudelski Security and the Blockchain Security Center should provide greater confidence to its users.