The CryptoCurrency Security Standard (CCSS) is rapidly becoming the benchmark security framework for Web3 custody and exchange services, and a crypto exchange Bitso has demonstrated it is ready to meet these requirements head-on. By partnering with Hacken for CCSS certification, Bitso demonstrated that its custody services meet industry-leading security standards and that customer assets stay protected.
Bitso Achieves the CCSS V9 Level 2 Full System Certification
In December 2025, Bitso successfully completed a CryptoCurrency Security Standard (CCSS) v9 Level II Full System audit, covering its Cryptocurrency Custody Services for Distributed Ledger Technology Providers.
The certification was awarded following a comprehensive CCSS assessment conducted by Hacken and validated by the C4 Board of Directors, confirming Bitso’s alignment with one of the most demanding custody security frameworks in the industry.
- System Type: Full System
- CCSS Level: Level 2
- Certificate ID: 9.0-CCSS.00002
- Certification Date: December 4, 2025
- CCSSA: Dmytro Yasmanovych
- CCSSA-PR: Charné Van Heerden
What Is CCSS?
The CryptoCurrency Security Standard (CCSS) was created to address a critical gap in Web3 security. While Web2 ecosystems rely on mature frameworks such as ISO 27001, SOC 2, and PCI DSS, these standards do not fully address the unique risks of cryptographic key management and digital asset custody.
CCSS provides a purpose-built framework for the decentralized economy by:
- Establishing clear requirements for secure key generation, storage, and usage
- Offering stakeholders an objective way to assess custody security maturity
- Increasing trust in custodial and exchange services handling digital assets
Learn more about the CCSS standard
The Bitso Scope and Security Assessment
As part of Bitso’s CCSS preparation and certification, Hacken conducted an in-depth security assessment focused on protecting customer assets throughout their entire lifecycle. This scope ensured that Bitso’s custody services were evaluated across technical, organizational, and physical layers, in full alignment with the CCSS framework.
Scope of Assessment
More specifically, the engagement covered the following custody security domains:
Key Material Generation. Evaluation of entropy sources, key generation ceremonies, and controls ensuring keys are created in secure, controlled environments.
Wallet Creation and Configuration. Review of wallet architecture, multi-signature or MPC configurations, role segregation, and enforcement of least-privilege principles.
Backup Handling and Recovery. Assessment of backup generation, secure storage, tamper-evident protections, redundancy, and controlled recovery procedures.
Transaction Validation and Signing. Analysis of approval workflows, signing mechanisms, quorum enforcement, and controls preventing unauthorized or unilateral transactions.
Operational Security and Access Control. Review of IAM practices, role-based access control, monitoring, logging, and operational oversight of custody processes.
Physical and Environmental Protection. Assessment of physical security measures, secure facilities, access restrictions, and environmental safeguards protecting custody infrastructure.
Bitso and Hacken: Advancing Custody Security Together
We are proud to support Bitso in achieving CCSS Level 2 certification, building on Hacken’s prior experience conducting a CCSS audit for WhiteBIT. This engagement further strengthens our expertise in evaluating complex custody systems against modern requirements and advancing best practices for digital asset security.
CCSS certification is a demanding process that requires deep technical maturity, well-documented procedures, and strong operational discipline. Through the audit, Bitso demonstrated a high level of readiness, efficient collaboration with auditors, and mature custody controls aligned with real-world threat models. Achieving CCSS Level 2 confirms that Bitso has implemented robust safeguards for private key protection, operational integrity, and long-term resilience of its custody environment.
With this milestone, Bitso joins a select group of organizations moving the security baseline of Web3 forward, alongside industry leaders such as BitGo Trust, Blockchain.com, Fireblocks, WhiteBIT, and KuCoin. By meeting CCSS requirements, Bitso reinforces its commitment to responsible custody operations and contributes to the broader adoption of CCSS as a foundational security framework for Web3 infrastructure providers.
About Bitso
Bitso is Latin America’s leading digital financial services company, evolving from a crypto pioneer into a comprehensive investment platform with a community of over 9 million clients. Bitso offers a secure, regulated, and user-friendly digital platform to buy, sell, hold, earn, and transact with more than 120 cryptocurrencies and 5,000 global stocks and ETFs, democratizing finance by combining the transparency of blockchain technology with the strength of the stock markets.
Founded in 2014, Bitso has more than 500 employees in 35 countries and continues to make crypto useful by unlocking the power of secure, borderless, and easy-to-use financial products. Bitso remains committed to empowering the region by providing universal access to the digital economy of the future and promoting a fairer monetary system.
For more information, visit bitso.com — #newbitso
