CoinLoan partners with Blaze Information Security for advanced protection

The crypto industry is plagued by security concerns — hackers have looted over $1 billion worth of digital assets since the beginning of 2022. Like other web applications, crypto platforms may have frontend and backend vulnerabilities that expose their critical components.

As evidenced by its zero-incident track record, CoinLoan has always been proactive in cyber defense. This approach is now enhanced through our partnership with Blaze Information Security, a prominent cybersecurity firm with an international presence.

Rising cyber threats

Six of the ten biggest crypto heists occurred between 2021 and 2022, with the most spectacular one as recent as March 2022. Exploiting DeFi protocols is the fastest-growing way to steal crypto, but CeFi platforms shouldn’t let their guard down. This year, a massive breach on a major exchange resulted in losses totaling $30 million.

CoinLoan is committed to protecting users’ data and funds. We are constantly raising the bar to keep up with the threats, and not just to CoinLoaners — in April 2022, our team helped prevent what could have been a massive wallet scam.

Gone are the days when platforms could fully rely on inherent security. As attacks are growing more elaborate by the day, we have made third-party assessments an integral part of our strategy. Here is how Max Sapelov, CoinLoan’s CTO, explains the company’s decision to undergo testing by Blaze:

“While CoinLoan’s security experts regularly perform internal security audits and code reviews, and our Bug Bounty program lets white-hat hackers test our system for bugs and vulnerabilities, we believe that every company that puts the highest priority on security must undergo penetration testing by a professional third-party auditing company. We chose Blaze because they have the experience and know-how needed to test specific factors unique to the crypto sphere.”

Our partnership with Blaze

Since 2016, Blaze Information Security has delivered over 1,500 penetration testing projects for financial institutions. In the words of Julio Cesar Fort, the Managing Partner & Director of Professional Services, “we have seen multinational banks with untold numbers of cybersecurity issues, and crypto companies struggling to stay on top of the rising tide of crypto-related cybercrime.”

Blaze provides tailor-made assessments and real-life attack simulations to demonstrate the highest possible impact. Aside from the gold standard — OWASP Top 10 and its variations — the team uses additional criteria born from its years of combined experience. As a result, it can detect vulnerabilities that go unnoticed in baseline checks.

Penetration test

On June 14, 2022, Blaze launched a 15-day penetration test involving targeted attacks on CoinLoan’s infrastructure. Based on OWASP Top 10, OWASP Top 10 Mobile, OWASP API Security Top 10, and additional security methodology testing, the firm assessed CoinLoan’s resistance to issues in multiple areas:

  • Business logic issues
  • Race conditions
  • Currency rounding manipulation
  • Financial fraud scenarios
  • KYC circumvention
  • Data leaks

According to the results, CoinLoan’s security standards stand out as exceptionally rare, with profound knowledge of potential threats and a 2-hour response time for issue resolution. Julio Cesar Fort concluded, “Our team was very impressed with CoinLoan’s initial security standards, and we are proud to have helped them further strengthen these standards and provide their customers with a transparent look at the steps they are taking to keep their investments safe.”

Security goes a long way

Cybersecurity is a crucial issue for the industry. Combined with a company’s inherent protection, regular third-party audits are not just crucial for trust — they also boost transparency. Given the sheer variety of threats, we believe every crypto business must be upfront about its processes and procedures.

Assessments by Blaze will help us monitor our exposure to threats and elaborate strategies to manage and mitigate risks. Third-party testing complements our internal security systems, ensuring that cyber defense is updated and meets the highest standards 24/7. This gives our team and customers peace of mind and helps us contribute to the growth and security of the crypto industry.