CoinGecko Penetration Testing
CoinGecko x Hacken’s strategic partnership has changed Web3 for the better. Read about it, and how we conducted penetration testing.
🇺🇦 Hacken stands with Ukraine!Learn more
Coinmetro is Hacken’s long-time client, and we want to highlight the exchange’s unquestionable approach to security.
Coinmetro is a centralized cryptocurrency exchange founded in 2018. The Estonia-based exchange is among the largest European custodians, with an average daily trade volume of around $1 million.
Security has been the top priority for the exchange from day 1, and Hacken can attest to it. Their team incorporated a comprehensive approach to keep user deposits safe, including encryption of sensitive data, secure server infrastructure, input validation, 2FA, cold asset storage, regular audits, penetration testing, risk management, and regular library updates.
Every exchange on the crypto market is operating under a threat of cyber attacks. Ongoing threat monitoring, alert mechanisms, and swift response are crucial in mitigating a security breach. Dozens of crypto projects might fail in similar circumstances, but not Coinmetro. Ongoing threat monitoring, alert mechanisms, and swift response were crucial in mitigating a security breach. Dozens of crypto projects fail in similar circumstances, but not this one.
A security-first mindset has been a point of difference. While incidents plagued other crypto projects, Coinmetro’s reputation as an exchange improved. It remains this way.
2022 brought many alarming signals. There were times when crypto exchanges unilaterally suspended withdrawals. Most importantly, FTX’s collapse put the crypto market ablaze. Web3 projects struggled for mainstream credibility.
Concerned for the community, Coinmetro decided to integrate external review into existing security controls. Driven by the internal will to improve and make the service more secure, the team wanted to have external eyes on security solutions.
After scanning the Web3 security market and gathering references, Coinmetro decided Hacken is the most trustworthy and reliable option. The team approached us because, among the well-known auditors, Hacken demonstrated excellent results – 0 hacks in 2022. Zero incidents for Hacken audited clients is strong evidence of the high quality of Hacken security standards.
Coinmetro requested grey box penetration testing for Web / mobile apps and API. There’s also an active public bug bounty program at HackenProof.
Hacken scope of services provided has expanded over the past two years. The team remarked highly certified Hacken experts who provide tested, stable and secure environments.
Bug bounty is an ongoing crowdsourced protection measure where external security researchers find bugs in the system for rewards. As a crowdsourced measure, a bug bounty galvanizes the most active and security-savvy part of the crypto community. Something that has always been important to Coinmetro.
The client requested a bug bounty at HackenProof for the web application and API. Researchers who find and report in-scope vulnerabilities can receive prizes of up to $3,000. The program has recently attracted 112 white-hat hackers who have submitted 59 valid reports.
HackenProof Triage team validated every bug report to ensure they are in-scope and match the claimed severity level. As a result, Coinmetro is only getting relevant and verified vulnerabilities.
On top of that, HackenProof handles all the payments. The triage service has already saved countless client hours and makes crowdsourced defense as effective as possible.
The bug bounty program not only increases safety but also engages the community. The most active members can contribute to a more secure product. The ongoing program is open to the public, and anyone interested in finding bugs for rewards can join it.
One way Hacken has been helpful relates to scanning and fixing libraries. Coinmetro uses stable libraries, but the extra layer of assurance won’t hurt. Among many other things, Hacken conducted frequent library scans. Proactive scanning is an instrumental step toward fixing potentially vulnerable dependencies.
Library version control is vital for secure software development, but it takes away precious engineering resources. Hacken takes care of proactive scanning and fixing libraries, freeing up developer resources for more creative tasks.
Transparency and trust is the only winning approach for Web3 projects aimed at long-term success. After FTX’s incident, people started to value and notice highly secure, trustworthy, and transparent brands like Coinmetro.
From Day 1, the team focused on building a reliable exchange where hackers cannot steal users’ funds. Kevin Murcko, the CEO, gives frequent AMAs where he answers and explains everything related to strategy, innovation, safety, and compliance.
Coinmetro continues to prioritize user safety and reliability. Over the years, Hacken external review has enhanced the client’s proactive defense. Together, we continue making Web3 a safer place.