Security within the crypto industry is a hot topic, with influential protocols being hacked and the black swan event that was the Terra Luna catastrophe.
CryptoSlate has recently spoken to several DeFi Insurance protocols, which raised the potential need for an independent body to assist in rating cryptocurrencies concerning risk. In a timely move, CoinGecko has now integrated with CER.live to include ratings for cryptocurrencies. Bobby Ong, co-founder, and COO of CoinGecko, commented,
“Investing in cryptocurrencies carries certain additional risks compared to other asset classes. As crypto investors, one area we should be mindful of is the security level of tokens. With the integration of CER 2.0, we hope to improve user awareness of token security and enable all CoinGecko users to make well-informed decisions.”
CoinGecko users can now view ratings concerning security, audit, bug bounties, and insurance. Security reports come from CER, Certik, and others where available. Interestingly, there is no data for either Bitcoin or Ethereum.
However, going down the list of the top 10 cryptocurrencies by market cap, the first one of interest is Binance Coin which has a score of 95/100 from Certik but just 55/100 from CER.
Discrepancies in reporting methodologies
The difference spread between these two scores highlights significant issues within the rating ability of third-party bodies. The BNB page on Certik shows it is the most highly rated project in all crypto, while CER has it ranked at 195.
Another example, Shiba Inu, has three scores; 36/100 from Defi Safety, 94/100 from Certik, and 46/100 from CER. The median rating comes out to 58/100, which is 42% lower than Certik’s rating of 94.
In a conversation with the main DeFi Insurance protocols, Dan Thomson from InsurAce suggested a community-enabled bug-bounty program could replace the need for a third-party organization.
The vast difference in rating for the fourth biggest cryptocurrency by market cap undoubtedly indicates that work is needed to iron out the criteria and method by which projects are assessed.
Best and worst of the top 100
However, an argument can be made for the methodology implemented by CER, which resulted in Binance Coin receiving such a low score. BNB was penalized for not having either a token or platform audit available for review. Similarly, Ripple’s XRP achieved just 27/100 due to similar concerns.
CER goes as far as to say, “Investment in this project is highly risky.” Conversely, Maker Dao received the highest rating possible according to CER’s methodology with a rating of AAA. However, the score listed on CoinGecko comes out at a less than perfect 90/100 due to poor insurance options and bug bounty processes.
Given the inconsistency of coverage among even the top 100 crypto projects, it could potentially lead to skepticism from newcomers to crypto. Neither Bitcoin, Ethereum, Tether, or USDC having a viewable security rating on CoinGecko may give an inaccurate picture of the projects to those unfamiliar with the space. Some of the top projects’ security ratings according to CER can be seen below:
- Solana – 81/100
- Cardano – 80/100
- Dogecoin – 17/100
- Polkadot – 40/100
- TRON – 89/100
- Shiba Inu – 46/100
- Avalanche – 55/100
Disturbing statistics of the top 1,500
A report from CER detailing the overall security level of the top 1,500 cryptocurrencies revealed some disturbing statistics highlighted below:
- Only 1.2% meet all security requirements
- Less than 10% meet CER’s four basic security requirements
- 20% have not fixed bugs identified by security audits
- 32% have code that differs from the audited submission
- Only 43% of DeFi projects have had a token audit
- Just 4% have a token audit that covers most smart contracts
Security tools and platforms are valuable resources to be used as a part of an overall research strategy. However, investors should know their confirmation bias when viewing such varying data.
Further, it is important to review why a platform has given a particular project a specific score. Each security platform has its methodology for assessing risk, and thus users of their services should evaluate whether that methodology matches their requirements for investing in a project.