A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.
The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.
Cryptocurrencies, particularly Bitcoin, have become increasingly popular over the past years. However, several security incidents, such as the ones involving Mt. Gox and more recently Bitstamp, have had a negative impact on the industry.
C4 and BitGo believe security standards can help address many of the current challenges. The CCSS is designed to encourage the cryptocurrency industry to take steps toward the adoption of security best practices.
C4 has noted that a cryptocurrency security standard will be beneficial for both service providers and consumers.
“Established organizations will be more open to joining the space as the risk of missing key aspects due to misunderstandings are less likely to occur. Insurance companies will now have that measuring stick to verify operations looking for financial protection for themselves and their clients. Investors will have the ability to understand the readiness and maturity of the projects they choose to back,” Joshua McDougall, C4’s director of operations, explained in a blog post.
The standard covers a total of 10 key security aspects focusing on the storage and usage of cryptocurrencies within an organizations. The list consists of key/seed generation, wallet creation, key storage, key usage, key compromise policy, keyholder grant/revoke policies and procedures, third-party security audits/pentests, data sanitation policy, proof of reserves, and audit logs.
An organization that meets these requirements at a minimum will achieve “Level 1” security, which indicates that they have “proven by way of audit that they protect their information assets with strong levels of security.” There are three levels of security defined in the CCSS and while Level 1 is the lowest, it still indicates a strong level of security.
“With a standard, companies will no longer need to ‘go it alone’ and hope they’ve covered everything; they’ll have a checklist to follow that will help prevent them from being ‘goxed’,” said McDougall.
A whitepaper on CCSS and the draft are available online.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
