New security council debuts with Coinbase, Anchorage as founding members
The council, helmed by 10 firms, aims to set standards for security across the blockchain industry
lefthanderman/Shutterstock modified by Blockworks
Industry stalwarts including Anchorage Digital, Coinbase, Kraken and Fireblocks have come together to form the Blockchain Security Standards Council.
The council, helmed by 10 firms, aims to set standards for security across the blockchain industry. Halborn, Bastion, Figment, OpenZeppelin, Ribbit Capital and Sentinel Global will also be on the council.
“What’s happening [is] reducing confidence in blockchain technologies, and ultimately, until we can take some action, it’s going to stunt the growth of the industry,” Greg Kohn, the BSSC’s executive director, told Blockworks.
With the pick up of institutional interest, an industry-wide “unified response” could “support” the confidence of potential entrants, Frieder Weichelt, chief information security officer at Anchorage Digital added.
Right now, however, there isn’t a set of standards…yet. Those will come by the end of this year, Kohn said.
Read more: What CertiK-Kraken says about crypto exchange security
“We’re starting with our nucleus of founding members to do the foundational work of identifying the standards and audit frameworks that we feel can make measurable progress in addressing the security needs in the industry,
”It’s work to find consensus and to get alignment, but we also have a sense of urgency, and we are trying to get our first deliverables out to the marketplace by the end of this year. We don’t know exactly what the scope and scale of those will be, but we definitely want to move and act.”
By the end of the year, not only will the council be releasing its initial standards, but it’ll also plan to launch an audit scheme to accompany them.
Weichelt explained that one of the goals could be for every protocol to receive a seal of approval showing it met the council’s standards.
But the council doesn’t plan to stop at standards. Kohn said the council also plans to “engage with regulators and policymakers as well, just to make sure that they understand the work we’re doing, to make sure that we collect their feedback and inputs along the way too. So we want to really be broad and inclusive and really be the trusted resource promoting secure and resilient blockchain.”
While the announcement comes just weeks after Kraken publicized a security issue with auditor CertiK, the firms have been working behind the scenes since last year to develop the council.
But Kraken’s situation with CertiK — which started with Kraken’s Nick Percoco calling out an unnamed auditor for exploiting a bug rather than following the standard practice of reporting it to the bug bounty program — played out in the public town square of X. CertiK defended itself, which then exposed it as the aforementioned auditor and folks were quick to take sides…Kraken’s, for the most part.
While BCCS was already well underway out of the private eye, the situation highlights one of the goals of BCCS: to create standards for an industry that has relied on white hats and ethics.
Read more from our opinion section: Blockchain needs standards
But, perhaps speaking to Kohn and Weichelt’s earlier points about the need for such councils, BSSC isn’t the only organization focused on security to launch this year. The Crypto Information-Sharing and Analysis Center (ISAC) launched just a few months ago, with the plan to legitimize information sharing. Earlier this year, Paradigm’s head of security, Samczsun, also launched SEAL-ISAC, which shares a similar goal.
While Crypto ISAC shares a few of the same founding members — Fireblocks, Coinbase, Kraken and Ribbit Capital — the two councils won’t step on each other’s toes. Kohn explained it as sharing “parallel streams.”
“[Crypto ISAC’s] really about threat intelligence and information sharing, and we’re about setting the standards and the audit frameworks. And we see a very deep linkage — where, if they’re seeing consistent threads of incidents and other patterns, they can pass it over to us, and we can build that into our standards work so that we can get into new products, or products can improve their security posture, and so forth,” Kohn said.
The council plans to “unlock crypto’s potential by bringing industry players together to set the standard for security. Created by the ecosystem for the ecosystem, the BSSC’s security framework will position the crypto industry for growth,” Coinbase’s Adrienne Allen said.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
