A July report from CER, a cybersecurity ranking and certification platform, revealed that merely 6 of 45 cryptocurrency wallet brands hired external professionals to perform penetration tests to find security vulnerabilities. Of these, only half have performed tests on the latest versions of their products.
The report highlights that @MetaMask, @ZenGo, and @TrustWallet are the brands that have undertaken recent penetration tests. Meanwhile, @Rabby_io and @BifrostWallet carried out testing on prior software versions, and Ledger Live conducted that kind of testing on unspecified versions of their products. All other ranked brands did not provide any evidence of having done such tests.
Penetration testing is a method for finding vulnerabilities in computer systems or software. In this process, a security researcher endeavors to hack into the device or software, exploiting it for unintended purposes. Typically, the researcher operates with limited knowledge about how the product works. The objective is to simulate real-world hacking attempts and uncover potential vulnerabilities before they can be exploited.
As for the 39 out of 45 wallets that opted not to carry out penetration testing, not even on previous software versions, CER speculated it might stem from the significant expenses involved, especially for companies frequently updating their products.Wallet security has become a hot issue in 2023, as vividly demonstrated by the disastrous Atomic Wallet hack in June. @AtomicWallet fell victim to a sophisticated hack that had significant financial repercussions. Comparing Atomic Wallet’s security measures with that of its counterparts, the report emphasizes the compelling link between the effectiveness of security measures and a wallet’s resilience against cyber threats. While the Atomic team speculated that the breach might have been triggered by injecting a virus or malware into the company’s infrastructure, the exact vulnerability exploited remains undetermined.