In the realm of cryptocurrency, where the discussions of coins, tokens, and the blockchain technology often take center stage, the topic of security never loses its relevance. A recent revelation was made by the cybersecurity certification platform, CER, which paints a concerning picture of the existing state of wallet security. Their report uncovered the astonishing fact that out of 45 reviewed crypto wallets, only six have conducted penetration testing to identify security vulnerabilities.
Among those few that have demonstrated a proactive approach towards security are MetaMask, ZenGo, Trust Wallet, Rabby, Bifrost, and LedgerLive. Interestingly, only MetaMask, ZenGo, and Trust Wallet were found to have their latest software versions tested. With only 13.3% of the wallets being penetration tested, one has to wonder about the remaining 86.7%.
In the realm of software, penetration or ‘pen’ testing is synonymous with identifying potential weaknesses. It involves a simulated hacking attempt, often carried out by a security researcher, designed to detect vulnerabilities. In the light of recent security breaches, such as the Atomic Wallet hack in June 2023 that resulted in a loss of over $100 million, the scarcity of such testing in wallet brands raises eyebrows.
The report speculates that the lack of frequent testing could be an issue of cost and frequent software updates. Despite the apparent lack of penetration testing, a silver lining is that wallets frequently opt for bug bounties to uncover vulnerabilities. This trend suggests the presence of alternative efforts to support security is encouraging, even if the conducted penetration tests are few and far between.
Ultimately, CER’s findings show that the wallets with larger user bases are generally more likely to implement robust security measures. This inclination could be attributed to a higher volume of funds to secure, increased visibility, and consequently a higher number of potential threats. However, it also creates an unsettling dynamic where wallets with fewer resources, potentially making them more susceptible to security oversights.
The evolving state of crypto wallet security fosters a pertinent dialogue. While bug bounties are a viable strategy in unveiling vulnerabilities, the necessity for comprehensive and frequent penetration tests is clear. Although cryptocurrencies revolve around decentralization and self-governance, the need for vigilance in security cannot be sidestepped. As we venture forth in this expanding world of digital finance, the question remains, are wallet brands doing enough to safeguard your assets?
Source: Cointelegraph