Security Standard Proposed for Bitcoin Exchanges and Wallets

The Cryptocurrency Security Standard draft proposal calls for 10 standardized approaches to bitcoin security.

AccessTimeIconFeb 17, 2015 at 11:30 p.m. UTC
Updated Sep 11, 2021 at 11:33 a.m. UTC

A group composed of developers and security professionals has proposed a set of rules aimed at standardizing security protocols used by companies that handle or store digital currencies for their clients.

The proposal, created by the Cryptocurrency Certification Consortium (C4) and formally unveiled on 11th February during the DevCore bitcoin development conference in Boston, Massachusetts, aims to provide an industry-level standard by which exchanges and wallet providers can operate.

The Cryptocurrency Security Standard (CCSS) draft proposal calls for 10 standardized approaches to key and seed generation, storage and usage, proof-of-reserve and security audits, among other areas. The framework consists of three levels per section, with each grade signifying a higher degree of security based on the proposed guidelines.

C4 offers a bitcoin-focused professional certification test and its board includes Canada-based Bitcoinsultants founder Michael Perklin, Ethereum creator Vitalik Buterin, CryptAcademy founder Russell Verbeeten and Coindroids co-founder Joshua McDougall.

In conversation with CoinDesk, Perklin said that a number of companies in the bitcoin space, including many of those that work with bitcoin security firm BitGo, have expressed active interest in the standards. The proposal was developed in partnership with BitGo, with support provided by wallet service provider Armory.

He said the proposed standard can help set a baseline of security protocols for exchanges at risk of theft or fraud, explaining:

"Up until now, our cryptocurrency industry hasn’t had a similar standard for how to secure cryptocurrencies. Every company has had to sort of 'go it alone' and do what they think is best with respect to securing their funds – and their customers’ funds– which has lead to some good success stories, but also some spectacular failure stories."

An aid for regulators

The release of the proposal comes as governments in countries around the world continue to debate the future of cryptocurrencies.

Perklin said he expects regulators to support standards as they discuss or develop frameworks for cryptocurrencies, particularly among agencies that were prompted to look at the sector after events like the failure of the now-defunct bitcoin exchange Mt Gox.

At the same time, Perklin questioned whether governments are ready to begin regulating bitcoin in the first place, instead advocating for the industry itself to develop solutions that work.

"It’s one thing for government to mandate that the cryptocurrency industry take care when securing the public’s funds," he said. "But frankly they’re still scrambling to learn about cryptocurrencies in the first place."

Looking ahead

According to Perklin, the next steps for the CCSS will consist of reviewing and responding to community feedback, which he has described as both positive and constructive.

He cited the response from wallet and exchange service providers as notable, telling CoinDesk:

"We’ve received emails from principals at major exchanges around the world who have reached out to offer their assistance in fine-tuning the draft to make it even stronger and ensure it acts to raise the bar on actual security rather than offer barriers of entry for compliance."

C4 will soon launch a Lighthouse crowdfunding campaign later this month to raise seed capital to support the ongoing development of the standard, Perklin said.

The full text of the CCSS draft proposal can be found below:


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.