PeckShield Token Security Rating Comes Online, Various Security Issues Found
PeckShield security rating is a public service provided by the leading blockchain security company PeckShield.
This security rating is jointly published by PeckShield and the pioneering blockchain media, Mars Finance International. Under the principles of “Professional, Objective, and Authoritative”, PeckShield security team, using the tokens’ total market cap as guidance, selected a list of 350 ERC20 tokens, which are traded on major exchanges. Following the PeckShield Security Rating Model (PSRM), we assigned nine security levels, A, A-, B, B-, C, C-, D, D-, and F. By referring to these security levels, exchanges and investors can determine tokens’ security status, avoid high risk tokens, and minimize possible security risks.
Currently security issues exist everywhere in the blockchain ecosystem, including public blockchains, exchanges, digital wallets, and smart contracts, etc, and they are becoming one of the key elements hindering the growth of blockchain companies. As shown by public data, only in the first half of 2018, hackers have stolen cryptocurrencies worth US$731M (CNY4.8B). Coincheck exchange of Japan was attacked in January, and lost US$500M worth of cryptocurrencies. Coinrail exchange of Korea was also attacked in June, and lost more than US$40M. Facing continuous attacks, the market urgently needs a public service platform for possible risks and security warning, and protecting investors’ digital assets. Also, ranking the tradable tokens can push the exchanges to strength their token audit and problem repair, so to lower investors’ security risk.
PeckShield’s security rating can be used in the following three scenarios: 1. Investors can use the information to understand the tokens’ security status and evaluate risk; 2. Exchanges and wallet providers can evaluate tradable tokens’ security risks, and ensure the safety of their digital assets; 3. Relevant projects (tokens) can ask for the rating report, fix the exposed issues, and avoid financial loss.
To make sure that the selected tokens can reflect the overall cryptocurrency market, we used the token market cap data from coinmarketcap.com, picked the top 250 tokens, then randomly selected 100 more tokens. Also, our token ratings were conducted using OWASP risk evaluation method.
We’d also like to point out, this is an independent, objective, and third party rating, done by PeckShield’s world-class blockchain security experts, and under the supervision of Mars Finance International from the very beginning.
Finally, here is the result of the rating:
Among the 350 tokens rated, all have various security issues;
13.7% of the tokens have high risk loopholes, and they have a total market cap of US$1.2B, among them the highest market cap is US$255,577,012;
56% of the tokens have low risk loopholes, and their security levels are relatively good;
Out of the 350 rated tokens, 9, or 2.5%, of them are not open source;
Risky tokens are widely traded on mainstream exchanges, and 15% of these tokens are high risk.
Our security rating website is online currently, and users can login to query tokens’ security status, including smart contracts security rating status, contracts execution status (total number of holders, total execution time in 24h, active address in 24h, and open source status), and the historical information of this rating, etc. These information can directly reflect the tokens’ security status, help investors to know the risk, exchanges to fix issues, and help lower the overall security risk for everybody involved.
PeckShield Inc. is a leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquires (e.g., smart contract auditing), please contact us at telegram, twitter, or email.