A report published in July by the cybersecurity certification platform CER has revealed that only 13.3% of 45 cryptocurrency wallet brands had undergone penetration testing to identify security vulnerabilities. Furthermore, of those that had undergone testing, only half had tested the latest version of their product . MetaMask, ZenGo, and Trust Wallet were the only brands that completed the latest penetration tests. Rabby and Bifrost tested older versions, while Ledger Live conducted tests on unspecified versions.
Penetration testing is a technique used to uncover security flaws in computer systems or software. It involves security researchers attempting to breach devices or software to identify vulnerabilities before they are exploited by malicious actors. The report ranked wallet s security overall, listing MetaMask, ZenGo, Rabby , Trust Wallet, and Coinbase Wallet as the most secure options. The testing process aims to simulate real-world hacking attempts to identify potential vulnerabilities before a product is released.
The report found that 39 out of 45 wallet brands had not conducted any penetration testing, including testing on older versions of the software. CER speculated that the cost of these tests, especially if companies frequently update their products, might be a limiting factor. The report also highlighted that popular wallet brands are more likely to conduct security audits, such as penetration testing, due to their higher financial resources and larger user base, which attracts more potential threats.
CER's wallet ranking encompasses various factors, including bug bounties, past security events, and features like recovery methods and password requirements. Although penetration testing is not widely adopted, many wallet brands use bug bounties to uncover vulnerability effectively. Out of 159 wallets assessed by the company, 47 were deemed "safe" overall, having a security score above 60. Wallet security has become increasingly important in 2023, as demonstrated by the $100 million damage caused by the Atomic Wallet hack and the security breach at MyAlgo that is expected ed to result in over $9 million in losses for users.
