The number of cryptocurrency users has grown exponentially, increasing from a mere 5 million in 2016 to 575 million in 2023. Simultaneously, cryptocurrency hacks have risen from less than 20 in 2016 to over 230 in 2023. In terms of value lost, a staggering $3.7 billion was stolen through such hacks in 2022 alone. These increasing instances of hacks and other emerging security challenges have forced stakeholders and institutions to look beyond traditional asset custody providers.
Modern-day asset custody providers need to do much more than just secure assets. As more institutions enter the market, the stakes continue to rise daily. An effective crypto custodian must be equipped with advanced security techniques to tackle sophisticated challenges. It should also possess leading security certifications to instill trust in partners. One such certification is CCSS or CryptoCurrency Security Standard.
What Is CCSS
CCSS (CryptoCurrency Security Standard) is a comprehensive security certificate awarded to the best crypto asset custody providers. Developed by the CryptoCurrency Certification Consortium (C4), CCSS provides guidelines for safeguarding cryptocurrency assets and operations from external cybersecurity attacks and internal fraud. It comprises a comprehensive document of recommended practices and latest guidelines, which is updated regularly by the C4 Steering Committee in line with emerging security trends.
It is a security protocol designed to enhance industry-standard and globally accepted ISO certificates, such as ISO 27001:2013, by complementing existing security measures.
Founded in 2014, CCSS certification has played a crucial role in establishing standard practices for information security in digital asset custody, emerging alongside the rise of Bitcoin. It has developed a comprehensive set of rules and metrics to evaluate platforms, wallet providers, and custody platforms. These certifications are categorized into different levels to represent varying adaptations of safety frameworks, making the CCSS certificate a rare commodity in cryptocurrency asset security.
CCSS covers multiple custody and wallet systems within an entity, grading them from Level 1 to Level 3 based on their specific security alignment: Self-Custody, Quality Service Provider, and Full System.
CCSS and Private Key
A private key is the only way a user or institution can access funds in their crypto wallet. Thus, securing the private key is paramount. Remember the saying “not your key, not your coins”? If the private key of a wallet is compromised, the funds stored in the wallet are as good as lost. It is this private key that CCSS’s security framework secures.
The framework primarily focuses on developing the best guidelines for implementing security controls that address:
- Private key generation and storage
- Wallet creation and storage
- On-chain transactions
This blog primarily focuses on the role of CCSS in improving private key security and enhancing the capabilities of a crypto custody solution provider.
Types of CCSS Certifications
While the CCSS framework is open source and any custody solution provider can use it to enhance their security offerings, the distinction comes in the form of the three certification levels. Here’s what each of them means:
Level 1:
If a crypto custody solution provider or any other information system has a Level 1 CCSS certification, it means that it has proven, through an audit, that it has implemented a comprehensive set of security controls. Furthermore, it also means that the custody platform has a process to mitigate cyber threats and other security risks, as well as a process for responding to security incidents.
To sum up, a custody solution provider with a Level 1 CCSS certification can be trusted to have foundational level security standards needed to support a cryptocurrency project. However, with the emerging level of cyber risks in the crypto space, a Level 1 certification might not be sufficient for institutional-grade asset custody.
Level 2
Level 2 CCSS certification indicates that the corresponding crypto asset custody provider exceeds Level 1 requirements. This means the platform has incorporated enhanced security measures specifically designed for decentralized systems. A Level 2 certification enhances the capability of an asset custody provider to withstand cyberattacks that target the cryptographic components and mechanisms underlying cryptocurrencies. This could be an ideal criterion for emerging crypto projects looking to proceed with third-party custody. Again, it is better to opt for the top standard for institution-level asset custody.
Level 3
Level 3 CCSS certification is the best any crypto custody provider can possess. Level 3 CCSS-certified crypto custody solution providers build on the requirements of Levels I and II while incorporating more stringent security controls, advanced risk management practices, regular security audits, and continuous monitoring.
A crypto custody provider with a Level 3 certification is highly likely to withstand online risks and provide protection from both known and emerging crypto-threats by using advanced security controls tailored to the unique needs of decentralized, geographically distributed cryptographic systems. Such custodians can help exchanges, hedge funds, DeFi-native banks, and other leading protocols mitigate emerging security risks while offering tailor-made solutions to suit various geographic requirements and regulatory obligations.
The Only Two Platforms To Possess Level 3 CCSS
It doesn’t take much to make a decision as an institution when selecting a reliable crypto custody solution provider, with Level 3 of the CCSS framework serving as a key differentiator. Currently, there are only two reputed crypto custody solution providers that possess the highest level of CCSS certification:
Liminal Custody
Liminal Custody, a leading crypto custody solution provider with over $700 Million under its custody, obtained the CCSS Level 3 certification in 2023. Liminal has operations in 12+ countries and supports 1200+ different cryptocurrencies. Besides CCSS Level 3, Liminal Custody also possesses ISO and SOC certificates SOC2 Type 1 and 2, ISO 27001, and 27701. Liminal has successfully processed transactions worth over $10,000 million and helped different crypto businesses and institutions save 1,000+ manual hours.
Fireblocks
Fireblocks, one of the largest crypto custodians globally, has been CCSS Level 3 certified since 2022. It also possesses SOC2 Type II, ISO 27001, ISO 27017, and ISO 27018 certifications. Fireblocks secures transactions worth a whopping $4 Trillion and is trusted by 1,800+ leading crypto businesses around the globe. A pioneer in world-renowned SGX and MPC Wallet technologies, Fireblocks supports 50+ blockchains and all the leading token standards. The platform promises 8x transaction speed and a 90% reduction in transaction fees.
CCSS: The Gold Standard of Bank-Grade Security In DeFi
CCSS certification levels provide a structured and comprehensive approach to securing information systems in the cryptocurrency space. By achieving Level I, II, or III certification, organizations demonstrate their commitment to implementing rigorous security controls, managing cyber threats, and continuously improving their security posture. This ensures that cryptocurrency projects are supported by robust and resilient security frameworks. Level III is the gold standard of crypto custody, and platforms like Liminal are key to ensuring a seamless and risk-free expansion of DeFi.
@manhar@lmnl.app @nikhil@lmnl.app
