Celsius security undergoes audit and receives ISO/IEC 27001 certification.
With crypto-insurance hard to come by, asset security is a high priority for crypto holders – particularly when it involves moving your crypto to crypto finance platforms conducting centralized lending and borrowing. Here, clients must pass their private keys to service providers like Nexo, Gemini and BlockFi when they loan their crypto for interest yield or provide it as collateral for borrowing. In such a scenario the security of the assets is entirely dependent on the security protocols in effect at the platform concerned.
Celsius says after an external audit of its information security management system (ISMS) it has achieved ISO/IEC 27001 certification for the development and maintenance of its cloud-based financial services platform. Regarded as an industry excellence benchmark, ISO/IEC 27001 is an internationally recognized set of security controls put out by the International Organization for Standardization (ISO), that regulates the security management of assets such as intellectual property, financial information, and employee details.
“Celsius has always made the security of our customers and their data a top priority, and this certification is just another measure of that commitment,” says Celsius Co-Founder Daniel Leon. “Our customers trust us with billions in crypto assets, and we don’t take that responsibility lightly. Our security group will always be working to enhance our security systems so they remain at the highest standards possible.”
BlockFi mistakenly pays out $20 million in Bitcoin
The Celcius news comes during what has been a disastrous week for many in the crypto finance sector. On May 14th, BlockFi accidentally sent account holders their interest payments denominated in Bitcoin instead of US dollars. As a result, instead of sending out $700 in interest, the company paid out over $20 million of Bitcoin to account holders.
While BlockFi says it has learnt from its mistake, the fact that this could even happen is certainly not reassuring to BlockFi account holders. In this case, the only good news is that all BlockFi clients have to go through Know Your Customer (KYC) processes to onboard with the company, so BlockFi at least knows who it sent the Bitcoin to. Despite this, a week after the error, $10 million of Bitcoin had still not been returned.
In the pure DeFi sector, Pancake Bunny is thought to have lost around $50 million in a flash loan exploit that saw the value of its token devalued by over 90%. The DeFi project has since announced what amounts to a hardfork to keep the project going, and the issuance of a new token to compensate users for losses.
Security risks in crypto-finance remain high
The BlockFi and Pancake Bunny losses are a timely reminder of the continued frailty of the crypto-finance sector from a security perspective. Although BlockFi claims its distribution of Bitcoin instead of USD was accidental, the incident shows just how easy it would have been for a bad actor employee to drain the project’s vaults. Similarly, the Pancake Bunny disaster illustrates the ease at which a smart contract can be exploited resulting in massive losses for a protocol and its clients.