A recent report from cybersecurity certification platform CER has raised concerns about the security measures adopted by cryptocurrency wallet brands. The report, released in July, found that only 13.3% of 45 examined wallet brands have conducted penetration testing to identify potential security flaws. Even among those, only half have tested the latest versions of their products.
Penetration Testing: A Vital Security Measure
Penetration testing is a critical process in cybersecurity, where a security researcher attempts to hack into a system or software to uncover vulnerabilities. This method simulates real-world hacking attempts, helping to identify weaknesses before the product reaches the market.
According to CER's findings, only three brands—MetaMask, ZenGo, and Trust Wallet—have conducted up-to-date penetration tests. Rabby and Bifrost performed tests on older versions, while Ledger Live's version was unknown. The remaining brands provided no evidence of having conducted these essential security tests.
Why the Lack of Testing?
The report speculates that the lack of penetration testing may be due to the high costs associated with these tests, especially for companies that frequently update their products. Each new update could render previous tests irrelevant, leading to continuous expenses.
Security Rankings and Alternatives to Penetration Testing
CER's report also ranked the security of various wallets, with MetaMask, ZenGo, Rabby, Trust Wallet, and Coinbase Wallet topping the list as the most secure. The rankings were based on factors such as bug bounties, past incidents, and security features like restore methods and password requirements.
While most brands have not conducted penetration testing, many rely on bug bounties to discover vulnerabilities. This alternative method has often proven effective in preventing hacks. Out of 159 individual wallets (including different versions of the same brand), 47 were rated as "secure" with a security score above 60.
The Importance of Wallet Security
The issue of wallet security has become increasingly urgent in 2023, with significant breaches leading to substantial losses.
Over $100 million was lost in the Atomic Wallet hack on June 3, and the exact vulnerability remains unknown. Additionally, the web wallet MyAlgo suffered a breach in late February, resulting in an estimated loss of over $9 million.
Conclusion: A Call for More Robust Security Measures
The report's findings highlight the need for more robust security measures within the cryptocurrency wallet industry. Popular wallet brands, with more significant funds and visibility, tend to adopt more comprehensive security measures. This trend creates a positive feedback loop, attracting more users to secure wallets.
However, the overall lack of penetration testing across the industry is a concerning revelation. As the crypto space continues to grow, the implementation of rigorous security protocols, including penetration testing, will be vital to protect users and maintain trust in digital assets.