Which cryptocurrencies are the most secure?
Security within the crypto industry is a hot topic, with influential protocols hacked and the black swan event that was the Terra Luna disaster.
CryptoSlate recently talked about several DeFi insurance protocols, which raised the potential need for an independent body to help assess cryptocurrencies regarding risk. Timely, CoinGecko has now integrated with CER.live to include cryptocurrency ratings. Bobby Ong, co-founder and COO of CoinGecko, commented,
“Investing in cryptocurrencies comes with certain additional risks compared to other asset classes. As crypto investors, one area we need to be mindful of is the level of token security. With the integration of CER 2.0, we hope to improve user awareness of token security and enable all CoinGecko users to make informed decisions.
CoinGecko users can now view ratings regarding security, audit, bug bounty, and insurance. Safety reports are sourced from CER, Certik and others when available. Interestingly, there is no data for Bitcoin or Ethereum.
However, going down the list of top 10 cryptocurrencies by market capitalization, the first interesting one is Binance Coin which has a score of 95/100 from Certik but only 55/100 from CER.
Discrepancies in Reporting Methodologies
The discrepancy between these two scores highlights significant issues within the scoring capacity of third-party organizations. The BNB page on Certik shows it to be the highest rated project of all cryptos, while CER ranks it at 195.
Another example, Shiba Inu, has three scores; 36/100 from Defi Safety, 94/100 from Certik and 46/100 from CER. The median score stands at 58/100, or 42% less than Certik’s score of 94.
In a conversation with leading DeFi insurance protocols, Dan Thomson of InsurAce suggested that a community-enabled bug bounty program could replace the need for a third-party organization.
The large difference in ratings for the fourth-largest cryptocurrency by market capitalization undoubtedly indicates that work is needed to iron out the criteria and method for evaluating projects.
The best and worst of the top 100
However, an argument can be made for the methodology implemented by CER, which allowed Binance Coin to receive such a low score. BNB was penalized for not having a token or platform audit available for review. Similarly, Ripple’s XRP only reached 27/100 due to similar issues.
CER goes so far as to say: “Investment in this project is very risky. Conversely, Maker Dao received the highest possible rating according to CER’s methodology with a rating of AAA. However, the score shown on CoinGecko is less than perfect 90/100 due to poor insurance options and bug premium process.
Given the inconsistent coverage even among the top 100 crypto projects, this could potentially lead to skepticism among newcomers to crypto. Neither Bitcoin, Ethereum, Tether, or USDC with a visible security rating on CoinGecko can give an inaccurate picture of the projects to those unfamiliar with the space. Some of the best project safety ratings according to the CER can be viewed below:
- Solana – 81/100
- Gimbal – 80/100
- Dogecoin – 17/100
- Peas – 40/100
- TRON- 89/100
- Shiba Inus – 46/100
- Avalanche – 55/100
Disturbing stats from the top 1,500
A report by the CER detailing the overall security level of the top 1,500 cryptocurrencies revealed disturbing statistics highlighted below:
- Only 1.2% meet all security requirements
- Less than 10% meet CER’s four basic security requirements
- 20% did not fix bugs identified by security audits
- 32% have a code that differs from the audited submission
- Only 43% of DeFi projects had a token audit
- Only 4% have a token audit that covers most smart contracts
Security tools and platforms are valuable resources to use as part of an overall search strategy. However, investors need to be aware of their confirmation bias when looking at such variable data.
Additionally, it is important to consider why a platform assigned a specific score to a particular project. Each security platform has its risk assessment methodology, and users of their services must therefore assess whether this methodology corresponds to their requirements for investing in a project.