A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.
The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.
Cryptocurrencies, particularly Bitcoin, have become increasingly popular over the past years. However, several security incidents, such as the ones involving Mt. Gox and more recently Bitstamp, have had a negative impact on the industry.
C4 and BitGo believe security standards can help address many of the current challenges. The CCSS is designed to encourage the cryptocurrency industry to take steps toward the adoption of security best practices.
C4 has noted that a cryptocurrency security standard will be beneficial for both service providers and consumers.
“Established organizations will be more open to joining the space as the risk of missing key aspects due to misunderstandings are less likely to occur. Insurance companies will now have that measuring stick to verify operations looking for financial protection for themselves and their clients. Investors will have the ability to understand the readiness and maturity of the projects they choose to back,” Joshua McDougall, C4’s director of operations, explained in a blog post.
The standard covers a total of 10 key security aspects focusing on the storage and usage of cryptocurrencies within an organizations. The list consists of key/seed generation, wallet creation, key storage, key usage, key compromise policy, keyholder grant/revoke policies and procedures, third-party security audits/pentests, data sanitation policy, proof of reserves, and audit logs.
An organization that meets these requirements at a minimum will achieve “Level 1” security, which indicates that they have “proven by way of audit that they protect their information assets with strong levels of security.” There are three levels of security defined in the CCSS and while Level 1 is the lowest, it still indicates a strong level of security.
“With a standard, companies will no longer need to ‘go it alone’ and hope they’ve covered everything; they’ll have a checklist to follow that will help prevent them from being ‘goxed’,” said McDougall.
A whitepaper on CCSS and the draft are available online.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
