Reddit Posts
s19j Pro Red Light On (not flashing)
Kraken completes SOC 2, Type I for custody and funding services
iTrustCapital Suspended ALGO and MANA Trades
Gemini is a Full-Reserve Exchange and Custodian - 1:1 custom funds
Is Gemini “safe”? Check this out
Gemini is Built on Trust, Safety, and Compliance
Gemini Sends Statement on FTX to Users
It is still on the world agenda on Twitter!!! | LEVE Token | KYC Team ! | Amazing DAPP ! | 10 years Locked Liquidity |Chart RISING !!!
It is still on the world agenda on Twitter!!! | LEVE Token | KYC Team ! | Amazing DAPP ! | 10 years Locked Liquidity |Chart RISING !!!
LEVE Token | KYC Team ! | Amazing DAPP ! | 10 years Locked Liquidity | Cmc - Cg Listed | Chart RISING !!!
Crypto.com Completes SOC 2 Type II Compliance
Crypto.com Completes SOC 2 Type II Compliance
Son Of Chihuahua ($SOC) | Fair Launch in 10 minutes | Massive marketing | Low Mcap Gem | LP locked
ShibaEternity We are inspired by Shiba token's new game ShibEternity - $SHETY Project is run by the best team in the | LP Locked 5 year (All Link Proof) (Fair launch in 1 hour 18:30 UTC)
ShibaEternity $SHETY Inspired by Shiba token's new game ShibEternity Project is run by the best team in the BSC space GEM x1000 Moonshot | LP Locked 5 year (All Link Proof) (Fair launch on Aug 5, 18:30 UTC)
Crypto Proof of Funds and Investor Accreditation – Would Appreciate Feedback!
Crypto Proof of Funds and Investor Accreditation – Would Appreciate Feedback!
CannabisBs| Just Launched |Lowcap Gem|Low Tax 10% Buy/Sell | Meme Coin | Massive Marketing and Massive Giveaways|
CannabisBs| Just Launched |Elon Tweet |Lowcap Gem|6% Cake Rewards |Low Tax 10% Buy/Sell | Meme Coin | Massive Marketing and Massive Giveaways|
CannabisBsc | Just Launched 30 Minutes Ago |Elon Tweet |Lowcap Gem 3k|6% CAKE Rewards |Low Tax 10% Buy/Sell | Meme Coin | Massive Marketing and Massive Giveaways| Easy 1000X | Join The Community
CannabisBsc | Just Launched |Elon Tweet |Lowcap Gem|6% CAKE Rewards |Low Tax 10% Buy/Sell | Meme Coin | Massive Marketing and Massive Giveaways| Easy 1000X | Join The Community
ThugPug Launch approx. 20 UTC 🚀10% fees only 🐶 x1000 Moonshot Gem | LP Lock 5 year, renounce | Safu ✅ Best meme on BSC ❤️Active Community 🔥
BabyShibDoge Launch approx. 20 UTC 🚀10% fees only 🐶 x1000 Moonshot Gem | LP Lock 5 year, renounce | Safu ✅ Best meme on BSC ❤️Active Community 🔥
BabyShibDoge Launch 18:30 UTC 🚀3% Doge & 3% Shib Rewards 🐶x1000 Moonshot Gem | LP Locked 5 year | Safu ✅Cutest meme on BSC ❤️Active Community 🔥
💎Baby Floki Doge Just launched today 🔥Ownership Renounced💎 Project is run by the best team in the BSC space 🔥GEM x1000 moonshot | LP Locked 1 year
💎Baby Floki Doge Just stealth launched 10 minutes 🔥Ownership Renounced💎 Early Low Cap just launched | No Airdrop | BFDOGE New 1000x - Project is run by the best team in the BSC space 🔥GEM x1000 moonshot
I requested the Crypto.com SOC2 audit report and got denied. As a customer, you should request it too, and here's why:
Gemini Login: Cryptocurrency Exchange to Buy Bitcoin and Ether
Stealth launched Son Of Chiku - $SOC ,low mcap lp locked renounced ,x100 from now
Son of ADA | • Stealth Launch Now • | The Next x100 token🚀 | Parabolic Chart incoming… 📈 | 6% ADA Rewards | Join Telegram Community Now! | Time To Moon! 🔥
Just Launched Son Of Cheems $SOC | already 10x | Potential 100x | CG and CMC listing soon | Time to the moon
Mentions
\>The firm aims to achieve the SOC 2 Type II certification by the end of 2025 So.. NO WHERE NEAR the gold standard.
Lmao, SOC2 isn't even particularly hard to pass.
Lol such a misleading title. How are they making a SOC audit seem groundbreaking 😂
tldr; Tether has successfully completed a System and Organization Controls 2 (SOC) audit, demonstrating the highest level of security compliance. The audit, developed by the American Institute of Certified Public Accountants, highlights Tether's commitment to secure user experiences. Tether plans to undergo annual SOC 2 audits and aims to achieve SOC 2 Type II certification by the end of 2025, assessing the effectiveness of its internal controls over a 12-month period. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
They literally have SOC audit reports to verify this is the case for their institutional offering.
On direct security side, we focus on ISO27001, SOC 2, SOC 3 and PCI DSS. Outside of that there are many jurisdictions that have security requires we comply with that are for the most part just the same requirements written by different people in slightly different ways.
tldr; Nexo, a cryptocurrency lending platform, has joined the association of certified sanctions specialists (ACSS) to enhance its compliance standards. The ACSS offers training and certification for sanctions professionals across various industries. Nexo intends to require its compliance staff to be ACSS certified, adding credibility to its team. This move comes after Nexo acquired an American Institute of Certified Public Accountants (AICPA) certificate and completed a Service and Organization Controls (SOC) 2 Type 2 Compliance audit. In the past, Nexo faced regulatory scrutiny and paid penalties to the SEC and state securities regulators. The company has decided to wind down its operations in the U.S. due to regulatory uncertainty. Nexo's efforts to comply with regulations align with other major cryptocurrency exchanges and service providers. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.*
> so far none of the watches have that function built-in That would be completely ridiculous, and doesn't even solve the issue. 1. Most of these types of watches barely even have electronics, much less a fully functioning SOC with network stack and radios that can be expected to be connected online at all times. 2. The idea that we'd artificially ruin a perfectly functional watch like this over software issues that might not even be intentional makes planned obsolescence look consumer friendly. 3. Someone is still building the local hardware/software for the watch. The oracle problem isn't something you can work around, it's a fundamental constraint. 4. It doesn't address any of the added complications around key management/loss/accidents, nor does it change anything about the need for legal liability to actually work.
You can literally insert hundreds of different businesses and entities into this category. Banks, hospitals & doctors offices, credit reporting companies, brokerages, educational institutions, federal, state, local agencies like the IRS, DMV, state taxation etc… Are all holding your PII data, and not for nothing most of their cybersecurity protocols are far less sophisticated than a SOC 2 - type 2 certified company like Coinbase. To be clear, I’m not defending CB if they did violate biometric data privacy laws. But if you think your data is safer anywhere else I have a bridge to sell you.
These two guys owe $90 million worth of cryptocurrencies to their customers. They were partners in a high yield investment scheme that went bust, and they lost their customer's coins. >Even though Gemini has SOC I Type 2 and SOC II Type 2 security certificates to operate as a trustworthy custodian, the SEC doesn't seem to care. They are *not* trustworthy custodians of anyone else's coins. Now, they want to open an offshore bucketshop. A place where you can make bets that the price of bitcoin will go up or down. They will be the casino. Bucket shops are an especially scammy business, but not very innovative. Their high yield investment scheme that went bust, losing everyone's money but their own, was not very innovative either.
I’ll be looking for the orange cat wearing the white hat with SOC on it
Could you clarify your question again? The bill is extremely vague and I suspect that to be for the purpose of giving SOC more power and discretion when it comes to deciding what is a National threat or potential adversary. The bill will likely need further explanation in these areas so I expect aspects of it to change, but exactly how those changes will be implemented is still in question. There are also concerns that this bill could criminalize VPN usage in the states when trying to access services blocked from doing business in the US under the Act. The scenario you presented with the group of Americans being a threat would likely depend on how they’re “lined up” with the foreign adversaries on the list states in the previous comment.
We are working on our SOC II compliance and our custody partners at Prime Trust have their SOC II compliance, which is basically the gold standard for any financial institution. As for control, here is a portion from our Terms: Third-Party Custodial Services; Ownership and Control. 1 Digital Asset Custody and Title. All Digital Assets held in your Digital Asset Wallet are custodial assets held by Prime Trust, LLC, a Nevada chartered trust company (such trust company and its successors “Prime Trust”) for your benefit, as described in further detail below: 1 Ownership. Title to Digital Assets shall at all times remain with you and shall not transfer to Prime Trust or to us. As the owner of Digital Assets in your Wallet, you bear all risk of loss of such Digital Assets. Neither Prime Trust nor us shall have any liability for Digital Asset fluctuations or loss. Except as required by law, or except as provided in these Terms, we will not sell, transfer, loan, or otherwise dispose of Digital Assets in your Wallet unless instructed by you. 2 Control. You control the Digital Assets held in your Digital Asset Wallet. At any time, subject to outages, downtime, and other applicable policies, you may withdraw your Digital Assets by sending it to a different blockchain address. Prime Trust shall retain control over electronic private keys associated with blockchain addresses operated by it, including the blockchain addresses that hold your Digital Assets until such time as you withdraw or sell such Digital Assets. 3 Digital Assets Not Segregated. Prime Trust, as the custodian for all Digital Assets may use shared blockchain addresses, controlled by Prime Trust, to hold Digital Assets on behalf of you. Although Prime Trust maintains separate ledgers for Accounts, neither Prime Trust nor Heaps shall have no obligation to segregate by blockchain address Digital Assets owned by you from Digital Assets owned by other customers.
Stated in another comment that our compliance guy is grabbing a doc to share on how we are structured. Frankly, we are a US regulated exchange based in the Midwest. So at a bare minimum it would be an easily prosecutable crime to rug pull. But I also understand the hesitancy of users. I had a decent chunk of money in my old exchange that was lost due to their insolvency. That's why we chose Prime Trust as our custody partner, who is SOC II compliant and houses funds in Trust accounts. Heaps is currently being reviewed for our SOC II compliancy and I will update the community when we get it (we expect it shortly).
If anybody here works in cybersecurity, you’d know this exact type of “hack” happens constantly. It’s the reason why company wide MFA & password policies are a hard requirement when it comes to ISO and SOC compliance audits. The employee literally gave the hackers their username and password, and still nothing was able to be stolen due to the security checks on MFA. This isn’t a warning to keep your shit off of exchanges, it’s a warning to utilize MFA absolutely everywhere that has some type of monetary value attached to an account login.
There is no reason why an enterprise level company should not be required to follow the CIS and SOC compliance benchmarks. Especially when handling consumer assets. It’s really unfortunate.
yup... 10-K and 10-Q reports, SOC-1 reports, Ligma reports, just to name a few...
[https://www.mazars.ie/Home/Services/Consulting/Risk-consulting/Third-party-assurance-SOC-1-SOC-2-ISAE-3402](https://www.mazars.ie/Home/Services/Consulting/Risk-consulting/Third-party-assurance-SOC-1-SOC-2-ISAE-3402)
Fidelity appears to be marketing to those who want crypto as sn invedtment but don't want to take the time and effort yo self-custody. I'm a noob, but it seems yo me that self-custody has it's own risks. I think I read here that a large amount of bitcoin is considered permanently list due to the owners losing their keys. For some of us, a combination of self and corporate custody might be a valid practice. Unfortunately Fidelity Digital is not yet available in my date. Fidelity is not an exchange and appears to be actually holding the crypto as they are holding hardware wallets in cold storage as well as hot storage. Per their faqs: "Holdings in the Fidelity Crypto℠ account are stored securely by Fidelity Digital Assets℠. Fidelity Digital Assets℠ manages omnibus wallets with client assets segregated at the books and records level. Fidelity Digital Assets℠ maintains both online wallets as well as various offline wallets. The proprietary design of the various offline wallets allows for risk segmentation with varying service level standards, geographic dispersion, and number of associates required to initiate transactions, with the majority of assets held in the most secure “deep cold” storage. Additionally, multiple sets of controls and procedures are in place to prevent unauthorized access to your crypto. Fidelity Digital Assets℠ holds SOC 1 Type 2 and SOC 2 Type 1 audit reports covering the operational and technology controls for our services. The report is issued by a Big Four accounting firm."
What resource is there to check tokens' institutional status? For example: GBTC is currently SOC Type-1, with trade permitted for 401(k) by: Chase
Fiat on and off ramp Audited reserves, SOC2 compliance Earn crypto daily for interacting with app Prepay credit card earning crypto for each purchase Daily draw to pay for random member credit card purchases Earn cash rewards or credit card purchases paid for, just for contributing to the online community Earning crypto when anyone on my 5 person 'squad' uses their credit card Earning 8% in crypto weekly on prepay credit card amount balance Free swag when reaching membership milestones. Abundant use of the numbers '420' and '69' in their contests and community engagement.
Compare a smartphone from 5 years ago to today. It's clearly better and maybe even cheaper. There is an advancement of technology and it's fantastic. But, bitcoin did nothing about that. It did not design a better SOC or better screen glass, it didn't build any factories to assemble the phones. So, the economic rewards do and should be going to whoever is making those better phones but why should passive holding of bitcoin keys be rewarded?
>I can't wrap my head around an exchange having 3,000 employees. What the heck are they all doing? Its one banana how much could it cost? $10? Seriously, its a multinational bank complying with huge legal demands, SOC requirements, and unique security issues. Some ass hat in the Bahamas just blew up 8B with a crew of twenty and apes on this sub are like 'why does kraken have employees its a website'
No one uses ROT13 anymore or Cesar cypher. But you know society persevered and created more advanced algorithms and technologies. SOC in your phone would be the greatest threat to old cyphers, not unlike quantum computers are perceived to be for ECDSA. BTW, who is going to accept a coin broken by (still impractical) quantum computers? So it won't be spent. It will just become worthless. As for fees and miner incentives perhaps storage and bandwidth pricing will catch up to allow for larger blocks. 4K YouTube videos weren't a thing in 56K modem era. No one really knows though. You can observe and take action when it feels like bitcoin is in danger. No one is forced to keep using it.
Jokes aside, there will be banks that practice 100% reserve banking for this purpose. You will deposit funds and pay the bank to keep them safe. There will be audits and SOC2 compliance, etc. If you want to earn on your bitcoin, you’d have to agree to lock it up for term deposits so the bank could invest those funds but it could be subject to loss. This will be the future of bitcoin banking. Reputation will be of the utmost importance.
Not trying to be a dick, but I don't think that's really due diligence. ​ You have to assume anything these exchanges advertise is bullshit. Did you think Gemini would post all their issues on their own website? A lot of them advertise being SOC-2 compliance as being audited/regulated. In reality that doesn't mean *regulated* in the way most people think. Sure your information may be protected by some proper security and controls - but that doesn't mean an auditor has reviewed their financials. Your money will likely be gambled away by exchanges/lenders, but at least it won't be stolen by third parties!
I swear to fuck for all of you who scream "DYOR" you're all a bunch of dumb asses when it comes to crypto. There was barely any concern CDC would go under. You think a company doing shady shit is letting themselves be audited for SOC2 and throwing excessive money round on sponsorships? Fuck this sub is stupid and swayed easily.
Sure. But what other exchange has gone to the points of CDC? CDC insures peoples crypto against attacks and are SOC2 compliant. Do people really think an exchange up to shady shit is letting anyone audit them for anything voluntarily?
Ya'll forgetting CDC are the only SOC2 exchange, right? You really think an exchange up to dodgy shit is going to voluntarily get audited for *literally anything*?
Advertising is fine with me since that is good value bringing in customers. What is more important is the regulatory focus they highly broadcast getting SOC compliance and many regulatory licensing across the globe that no other CEX has. It’s a good strategy to so compliance first and I don’t know if another CEX that is superior to CDC in this area. The ETH transfer is another good example to me of good controls. They only send to whitelist addresses which makes any transfer low risk. Not sure the FUD around that transfer it appears to me like their controls work. Can’t hate low risk transfers.
That is probably an old documentary. You can read in their website that they use multisig now `Xapo will always be committed to safekeeping our members' funds. Our self-custody crypto solution relies on state of the art Multi-Party Computing (MPC) "keyless" wallets, whose signing shares are managed by Xapo as well as a trusted SOC2 Type II compliant third party. They are secured using Hardware Security Modules (HSM) devices and we employ strict controls and access rights to both the assets and supporting infrastructure. Cold storage of key material is supported by bank-grade Class III vaults in geographically dispersed locations.` The cold storage key material bit is for their own keys as they are the owners of their wallets instead of just relying on a third party for that
https://dfi.wa.gov/sites/default/files/securities/enforcement-actions/S-21-3225-22-SOC01.pdf
Well you cant define auditable until theres regulations to follow. An audit is just following a framework essentially. And that weak ass language is natural in the audit world so GT cant be held liable. Auditors sample they dont do a 100% check. Thats why its always to a reasonable extent. Its an attestation as most audits are for instance SOC reports are attestations.
I know several people who work at BitPay, and I’ve used it as do many, many companies. I’m surprised by the hatred for it. Maybe their tech isn’t as secure? Large companies use it, and I thought they had a SOC but maybe not?
This is a super weird take and it is not country specific at all - not to mention Coinbase has an international presence and international employees. Most financial companies or companies where there is sensitive access and strict controls in place (Anyone PCI or SOC compliant), regardless of the country of origin, have a policy where access is cut prior to notice of termination. It's par for the course.
>Lol internet is crazy. Started as soc analyst in 2010. Engineer for Arcsight siem and IDS/IPs environements using mcafee nsm until 2016. Ran my first 24/7 SOC after becoming lead siem engineer. Curently manage all enterprise security tool teams- including Splunk, Crowdstrike, Arbor DDoS, Gigamon, Fortinet UTM and FW environments. Oh a soc analyst. Sorry, I thought you meant some actually sort of technical person and not just a tool button presser. >Yes. R&D. Just like Google, Facebook and every other Fortune 100 company. We active collaboration with IBM with regards to billing and retail. Will it work out? I dont know. Not my group. But work is being done. Yeah all big companies do. It doesn't mean the technology is going anywhere. All big companies have an R&D team predominantly so that when someone mentions buzzword technology X they can say 'we have a team looking at that'. >If you want to take that as a “win” for your argument. Go right ahead. Nothing to prove to you. Ill just keep makin money Not a win. It's just funny that you tried to claim some sort of technical deep knowledge but you watch tool screens in a soc all day. The last security company I worked for had a soc team and they were very much the least technical team.
Lol internet is crazy. Started as soc analyst in 2010. Engineer for Arcsight siem and IDS/IPs environements using mcafee nsm until 2016. Ran my first 24/7 SOC after becoming lead siem engineer. Curently manage all enterprise security tool teams- including Splunk, Crowdstrike, Arbor DDoS, Gigamon, Fortinet UTM and FW environments. I mean I guess I am lying? Lol
>By your definition of Ponzi scheme >A Ponzi scheme (/ˈpɒnzi/, Italian: [ˈpontsi]) is a form of fraud that lures investors and pays profits to earlier investors with funds from more recent investors. https://en.wikipedia.org/wiki/Ponzi_scheme >then everything in the Defi/Crypto space is a ponzi scheme. So let me get this right you loan me your currency and because you did now i will pay you a % percent back of that currency as long as you are lending me it so I can in turn lend it out to others. Am I starting a ponzi scheme? No I am a bank. Yes but DeFi relates to algorithmic based rates and not an arbitrary rate. Where are you getting the % from to return to your initial investors, is it from the value of other people lending you money based on a promised rate? Banks don't do that. >No the interst rates and earn rates werent the only thing giving the coin value. They have an exchange with fees paid in Cro & a blockchain with the 9th highest TVL which is also powered by their coin. You don't think the price of CRO will fall the same rate people are able to unstake and I do. We just have a difference of opinions. The rewards is why they had such high TVL in the first place, the same thing happens to every new incentive based platform, take the incentives away and well. >If you went to stake a stable coin feel free there are options for that, if you like the outlook of CRO in the future feel free to stake that as well. Imo NO cryptocurrency should be tied to the performance of a company. To me it looks like they're only doing it to skirt securities laws and avoid regulation, otherwise they could have offered the same service without endorsing their *own* coin using coins that have an established use case already or given their coin more use cases instead. >Lol what do you mean no one locks their money up for 6 months? You can go to any bank and lock your money in a CD between 3 months to 5 years and get a return based on the time lock. No one locks stocks up for months, you said stocks and so did I... When you lock money up for months at a bank you pull put as many dollars as you put in even if the investment went bad. If you are forced to trade your dollars for Beanie Babies and promised they'll be worth more later (because someone is making so much money buying and selling your beanie babies) and the investment goes bad normally you don't get to watch it go from bad to worse to worse before you're allowed to withdraw. And if everyone was allowed to withdraw (like any reputable self-regulated company would enable) the price would crash because the rewards people were promised during lock in is all that's holding it up, meaning the only people who benefit now are people who locked in before those people aka the earlier investors. >See below for info on their security & regulations feel free to visit their website > >Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO 22301:2019, ISO/IEC 27701:2019, ISO/IEC 27001:2013 and PCIDSS v3.2.1 Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks, as well as Service Organization Control (SOC) 2 compliance. Crypto.com has also engaged globally recognised security consulting and auditing firms like Kudelski Security to stress test and audit our core Blockchain systems. ??? Do you know what Bitconnect is. They had the same continuity plans, so does Binance, and a ton of totally obscure foreign exchanges that go up and down every day. There is no law saying they can't do what they did, that's my point. What they did was so unethical that's what creates laws. Tether isn't against any law but minting money out of thin air is so unethical it might be one day, that's why I'm against it. It doesn't matter what I think because I use algorithmic based protocols instead of promise based ones anyway. I don't want to argue with you. I just don't think what they did was transparent and I think it robs the last ones who enter so I'm just calling it how I see it. Don't take it personally.
By your definition of Ponzi scheme then everything in the Defi/Crypto space is a ponzi scheme. So let me get this right you loan me your currency and because you did now i will pay you a % percent back of that currency as long as you are lending me it so I can in turn lend it out to others. Am I starting a ponzi scheme? No I am a bank. No the interst rates and earn rates werent the only thing giving the coin value. They have an exchange with fees paid in Cro & a blockchain with the 9th highest TVL which is also powered by their coin. If you went to stake a stable coin feel free there are options for that, if you like the outlook of CRO in the future feel free to stake that as well. Lol what do you mean no one locks their money up for 6 months? You can go to any bank and lock your money in a CD between 3 months to 5 years and get a return based on the time lock. See below for info on their security & regulations feel free to visit their website Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO 22301:2019, ISO/IEC 27701:2019, ISO/IEC 27001:2013 and PCIDSS v3.2.1 Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks, as well as Service Organization Control (SOC) 2 compliance. Crypto.com has also engaged globally recognised security consulting and auditing firms like Kudelski Security to stress test and audit our core Blockchain systems.
Gemini has been SOC 2 compliant for a couple years now. https://www.gemini.com/blog/gemini-completes-soc-2-type-2-examination-another-first-in-crypto
They're the only exchange on the planet with SOC2 compliance. Yeah, I trust them.
Yeah I currently use Lineage with f-droid and without the google crap. Another problem is, the hardware itself though. For a long time now, the baseband modem is directly on the SOC. This is a separate core with it's own OS you can't change or control and that has basically access to memory and sensors without the main core and OS even being able to notice. And conveniently it has exclusive control of the hardware to send and receive data. There are only a couple of companies that create this baseband chips. I have obviously no prove for this, but it's such a low hanging fruit, it would be crazy if they are not all infiltrated by three letter agencies. They have done crazier things to get control. Obviously this isn't about scams and malware, it's a different threat. But I fear it's not something a lot of people are even aware off.
Not much, as others have mentioned a SOC like a RPi can do so, but it's expected to run 24/7 (it has a very low electricity cost, the RPi3 averaged around 5$ a year I believe), and be sure to get an SSD for it, otherwise syncing can take weeks.
I have actually. Have you ever heard of SOC compliance? Go look it up and then you will realize how stupid and arrogant that comment was.
Huh? A state owned company absolutely can be publicly listed. The government must remain the majority shareholder, but the rest can be sold off to the public or even foreigners. The largest banks by asset in my country are state owned but not as profitable as the largest private bank as they have to provide service to remote areas and lend to communities private banks wont touch. The issue of competently running an SOC is a matter of political will. Not to say they will be as efficiently run or as competitive as privately owned entities because SOCs have to provide a public service, but they can be decent. Indonesia's rail system used to be abysmal with overcrowding, crime, and rundown trains but the newly elected government then appointed a banker turned politician and according to a summary in [Wiki](https://en.wikipedia.org/wiki/Ignasius_Jonan?wprov=sfla1): >Within 5 years, he overturned public perception of the failing Indonesian rail transportation system. The company was able to increase passenger ridership by 50% in 2014 compared to when Jonan took up the role in 2009. Freight loads have also doubled to nearly 30 million tons per year. SOCs are bad because of political corruption and vested interests who benefit from terrible public services.
For all those complaining on this post. Millions of accounts are hacked daily. CDC have SOC2 and 27k cert/acred, are insured and handled this pretty damn well.
Coinbase is also SOC 2 compliant and hold 98% in cold storage. I honestly barely use them anymore, but it's one the safest exchanges for sure.
tldr; Crypto.com lost $15 million in ETH and 282 users' wallets were affected by a hack. The hacker bypassed existing 2FA, they bypassed the withdrawal whitelist, could this attack really have come from outside? Even a "SOC2" audit from Deloitte couldn't stop this attack, which gives Crypto.com position 29 on the leaderboard *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.*
tldr; Crypto.com lost $15 million in ETH and 282 users' wallets were affected by a hack. The hacker bypassed existing 2FA, they bypassed the withdrawal whitelist, could this attack really have come from outside? Even a "SOC2" audit from Deloitte couldn't stop this attack, which gives Crypto.com position 29 on the leaderboard *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.*
They stated "no users funds were lost". That could mean the accounts that were compromised were exchange accounts or that the exchange was covering the loss. It does tell you how much SOC 2 compliance is worth.
Right and there's less PS5 SOC GPUs because...?
miners scalp discrete GPU, not Ps5 SOC gpus
Consoles uses GPU which are SOC, so that statement is kinda stupid, the issue is silicon shortage of electronics, blaming the GPUS about the entire component shortage is stupid
CDC is the most secure CEX by far. The only one that is SOC 2 certified among other accolades.
Already in the works. MIT has a millimeter size cryptographic system on a chip that can be powered and read from a reasonable distance with a low powered EMF device. I think the whole SOC is like 1.2mm in size
𝗗𝗶𝗴𝗶𝘁𝗮𝗹𝗔𝘀𝘀𝗲𝘁𝘀 𝗧𝗼𝗱𝗮𝘆 🔎 Hash Data obtains SOC1 Type1 certification 📈 SEBA Bank AG raises $119M to further develop digitalasset banking platform 🏛️ Hong Kong Monetary Authority (HKMA) publishes discussion paper on crypto and stablecoin regulations
Having issues receiving my SOC coins. Why was a blocked from TG for a question?
hey y'all I'm a crypto newbie and was hoping someone could explain the movements I seee on [coinmarketcap.com](https://coinmarketcap.com) saying there was a $2 trillion spike in 24 hr volume? Looking at the top gainers there: ​ * NJF (Ninja Floki: spiked 746% today, but had 24hr volume of $5 million dollars on Jan. 3rd2Share (2 Shares): spiked 211% today, but as of the past 12-16 hours, 24hr volume went from $700k to as high as $4 million or so * Alien Sheeba Inu: spiked 238% today on 1-2$ million dollar worth of 24 hr volume. Next highest volume was near its I C O (?) at 8 million in Nov. 2021, since then volume has been anywhere from $300 to $10,000 the past few weeks * WEB3 coin: LITERALLY released like a few days ago, weird dumps on and off. average of maybe $1 million 24hr volume then like a huge spike of $3 million or so * In particular check out SOC's All Sports chart on the daily! up down up down, from nearly 2 million 24hr volume earlier to now 7 million
I'm very new to Reddit and I couldn't post since I don't have karma. But can anyone please explain to me how a particular coin can have such a drastic price change based on the platform? I mean can't you just buy from the cheap platform and sell on the other? what am I missing? So, for example, there is coin called all sports coin (SOC), on OKEX it is for 0.011 SOC/USDT and on Huobi Global it is for 0.004036 SOC/USDT.
First off - enter key is your friend, use it. Second. CDC VISA card offering is merely one of its products. Heavlie marketed, but still just one. They also have full exchange. Phone app with easy to use ( but high margin ) market. DeFi wallet with staking offers. NFT market 100% of crypto stored is in cold storage. And lastly: Certifications and Assessments Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, ISO/IEC 27001:2013 and PCIDSS v3.2.1 Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks, as well as Service Organization Control (SOC) 2 compliance. Crypto.com has also engaged globally recognised security consulting and auditing firms like Kudelski Security to stress test and audit our core Blockchain systems. ​ There certificates are NOT easy to get. You need to jump a lot of hoops to get PCI cert and ISO cert.
“Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, CCSS Level 3, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks, as well as Service Organization Control (SOC) 2 compliance.”
I've got the 5k staking reward credit card from CdC and I've made the equivalent of like $4k-8k in CAD equivalent from just cashback rewards alone depending on where the price is... Absolute insanity... But these are the best perks in my opinion Just staking 5k (there are better tiers as well) you get: * 12% APY in CRO rewards * A credit card that works like a debit card that pays you 3% cashback in CRO on every purchase (maybe some stipulations but can't remember) and loads so quickly I've literally been next in line at the store and loaded up my card with funds readily available in my account and it was ready to spend in about 5 seconds * all your crypto held in cold storage bc they have a partnership with ledger (this is huge!!) a huge reason I hold all my crypto with them * if you use crypto earn with them, the crypto you stake is kept with company funds so they have a vested interest in not losing the funds * another interesting bit of info: to get the name crypto.com, they had to promise the guy who had the name that they'd be extremely secure and they would take cryptography and the users security extremely seriously * the have the most secure platform out there in terms of standards (SOC 2 Compliance) * 100% cashback (free) Netflix, Spotify, and prime - can't remember which tiers offer which ones but 5k staking gets you free Netflix and Spotify There are some minor trading fee downsides and the supercharger is kinda crap unless you have a disgusting amount of money to begin with imo
After seeing comments I have concluded that I can get a copy to the secret of immortality rather than see the SOC2 audit report
I requested the OP's SOC2 AUDIT report. Got denied.
Uhhh certification number? For a SOC report? I don't think that's a thing. And there is a lot of gray area in"passed" - see original 3 points in op.
This is interesting-I will ask the same Maybe they’ll provide a SOC3?
I work in infosec management and would absolutely never give out a SOC2, Iso or PCI report to a general user because it isn't worth the risk. These types of reports detail information that would be very useful to an attacker, and if you did something that got us compromised your entire net worth would probably not be enough to even cover the forensic investigation, let alone any real damage. Now if you said you would sign an NDA AND indemnify up to $10 million worth of damages, had cyber insurance and could evidence a robust security program you might get somewhere.
Why wouldn't you ask for a SOC 3? Those are intended for general use. It is going to be less detailed but have similar information. SOC 2 is intended for internal use and business partners under an NDA that have a NTK.
Agree - they are under no obligation to share it. And I completely get their hesitation. However, if enough customers request it, maybe that would sway them? Hence the post. See Salesforce and ADP as examples - who do annual SOC1s and SOC2s of all of their products, and publish them to their customer portals - likely due to constant customer requests. Kinda defeats the purpose of the report if they don't share it with it's intended audience right?
Service Organization Control (SOC) - its an audit of someone who is providing a service to another party. SOC2 is specific for security, availability, processing integrity, confidentially, or privacy - and the service organization chooses what sections they want audited, and it looks like (per the blog post) Crypto.com has chosen security, availability, confidentiality and privacy. Generally SOC2 is testing more IT/Technical controls then a SOC1.
Yeah - this is probably the best resource for all things SOC: https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report In short - It's a audit standard maintained by the AICPA for assessing organization that provide a service. SOC2 is specific for security, availability, processing integrity, confidentially, or privacy - and the service organization chooses what sections they want audited, and it looks like (per the blog post) Crypto.com has chosen security, availability, confidentiality and privacy. Generally SOC2 is testing more IT/Technical controls then a SOC1. I give 3 reasons in the OP why you should be requesting it.
Yeah - this is probably the best resource for all things SOC: [https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations](https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations) In short - It's a audit standard maintained by the AICPA for assessing organization that provide a service. SOC2 is specific for security, availability, processing integrity, confidentially, or privacy - and the service organization chooses what sections they want audited, and it looks like (per the blog post) [Crypto.com](https://Crypto.com) has chosen security, availability, confidentiality and privacy. Generally SOC2 is testing more IT/Technical controls then a SOC1.
Curious, what is the SOC2 audit, and why is it important to request it?
I am sorry but where are the ”cheaper more powerful alternatives”? Apple’s Bionic has been the fastest SOC for a mobile for a long time now. iPhone 13 is literally the fastest phone on the market right now. Not to even mention how good Apple’s M1 is on it’s Macbooks… I have 13 Pro Max and battery has been amazing… Dunno where you are getting your ”info”. All of this comes a guy who is not Apple fan, as I disagree with many of their choices, but damn they make good silicon and premium looking devices…
Mining isn’t done on a phone’s SOC. That’s just Pi’s misleading phrasing. It’s basically just a faucet you claim from every so often.
Maybe the fact that there is nothing stopping you from mining 1000 times faster on a PC? If mining can be done on phone's SOC, it can be done on a proper computer and that will always be faster.
I saw in their recent blog post they passed a SOC2 audit - has anyone gotten a copy of the report? I requested one through support and still no reply. Normally after a SOC2 audit companies publish the report to their customers, or make it available on a internal customer portal for download.
No worries, it is a tradition, when CDC got SOC 2 it was posted at least [7 times](https://np.reddit.com/r/CryptoCurrency/comments/r1uo3i/soc_2_sorry_a_title_cannot_be_all_in_caps/).
I'm confident in the SOC2 standards crypto.com has attained making it the most secure exchange on the planet.
https://www.helpnetsecurity.com/2021/11/25/crypto-com-soc-2-audit/ Crypto.com is the first and ONLY exchange right now to pass their SOC2 standards. Crypto.com is the most secure exchange on the planet right now.
Considering that Crypto.com just got the SOC2 award for safest crypto platform, and they are backing VVS Finance... I tend to go with that. It has only been out for about a week and is part of the Chronos Ecosystem... Part of the Crypto.com ecosystem.... I doubt that it is a rug pull.... Now Evergrow coin seems to be a true rug pull if you want my opinion
* Last week, meanwhile, Crypto.com became the first exchange to successfully complete a Service Organization Control (SOC) 2 Audit, affirming that Crypto.com’s security practices, policies, and procedures meet all SOC 2 standards. The successful SOC 2 audit could make investing in cryptocurrencies through Crypto.com more appealing for institutions. Additionally, today’s Silvergate partnership should make onboarding easier, further removing barriers for institutional cryptocurrency adoption.*
They are all about marketing… which is likely the best play in Crypto given nothing is based on fundamentals (yet). Good examples of their marketing: - they state they are the first SOC2 certified exchange (not true as many were before them) - they state they are NIST CSF level 4 adaptive; there is no certification for this and even the best/mature companies don’t achieve this across the board It’s all fluff and marketing… but that’s all that’s needed in the crypto space at the moment to get momentum.
Don’t know about that one since they’re not based in the US, however they did get the SOC2 certification which is a pretty big deal. “SOC 2 certification is a common standard in the traditional financial industry and Crypto.com is excited to be leading the way for crypto platforms aimed at bringing crypto to the mainstream.” [excerpt from here](https://www.helpnetsecurity.com/2021/11/25/crypto-com-soc-2-audit/)
Coinbase was SOC 2 certified 2 years ago
Popular crypto exchange Crypto.com has become the first crypto trading platform to comply with SOC 2 standards. Singapore-based CryptoCom announced that it’s SOC 2 certified thanks to an audit by global consulting firm Deloitte. This makes it the first cryptocurrency exchange to achieve this internationally recognized standard in traditional finance.
It’s about Audit standards. A SOC-1 is related to internal controls, SOC-2 is related to information and IT security. It’s a good thing, it means they are compliant to auditing industry best practices and standards.
TLDR: Singapore-based Crypto.Com announced that it’s SOC 2 certified thanks to an audit by global consulting firm Deloitte. This makes it the first cryptocurrency exchange to achieve this internationally recognized standard in traditional finance.
To the PR team who clearly wrote the OP and most of the comments: gtfo of here. You’re an embarrassment, as is anyone who falls for this stupidity. SOC certification is the cost of entry for a company performing those types of services, not some differentiator. Moreover, Deloitte would NEVER declare someone the most secure. It’s outside their mandate, they lack sufficient insight to make such a claim, and doing so is an obvious risk to their reputation. Everything about this thread is intended to deceive, including the self-congratulatory comments about how good the PR team is. Seriously, what real person would ever say that? You have embodied the worst this industry has to offer and given me a reason to never use the company you’re trying to promote.
Great find. Thank you. However, in addition to the SOC 2, Crypto.com is on the Lakers former Staples to be Crypto.com stadium for the next 20 years. That’s uuuge.
This article is bad reporting. Coinbase has been SOC 2 compliant since February of 2020. [https://blog.coinbase.com/in-another-first-coinbase-custody-attains-its-soc-1-and-soc-2-reports-836f836ec60a](https://blog.coinbase.com/in-another-first-coinbase-custody-attains-its-soc-1-and-soc-2-reports-836f836ec60a)
What makes them the most secure though? Coinbase has been getting SOC reports for a few years now.
I know exactly what this means because we are going through SOC to certification right now. It’s a pain in the fucking ass but it is an absolute requirement in order to be a real business in any type of technology industry
Sure, here's a couple I see at least (feel free to correct me if I'm wrong or missing anything): 1. Crypto.com card is available in 100+ countries for their card, while the Binance card is only available in 31 (as far as I can tell European) countries. Binance exchange is available in the US, but I would need to use the Binance.US exchange which has less crypto options to use. Crypto.com doesn't have their exchange app for US customers, but the app they do have has the same crypto availability as other markets. The exchange is expected to be released this year. 2. Crypto.com has better rewards, especially on the low end. 1% for crypto.com with no cash staked vs Binance 0.1%, both at 2% for next tier (but at $400 USD of CRO vs 1 Binance token at ~$580), 3% Cashback at $4,000 USD of CRO vs 10 Binance tokens ($5800), and the same for the next tier except 10x as much cash needed. Not to mention the free Spotify at the $400 tier, free Netflix and lounge access at the $4,000 tier, and free Amazon Prime and a lounge guest access at $40,000 tier. The $4000 tier also includes better staking for most crypto in the app, which you would need DeFi to match in Binance. 3. Their card rewards are tied to your local currency, not X number of CRO tokens. This allows users to upgrade card tiers if the token goes up in price for CRO, incentivizing them to continue holding, while for Binance there is no card reward incentive to keep holding. Meanwhile, many earlier backers for CRO will want to hold their CRO as it increases in value since they get better card rewards. 4. The maker / taker fees are slightly cheaper with Crypto.com. however, as a smaller exchange the spread can be worse, so hard to tell if it is actually better. 5. SOC 2 security approval on the Crypto.com app and exchange. As far as I know, Binance does not have similar security confirmation. Most of these are administrative improvements from the Binance model rather than technical, so Binance could get update their business model to match it if the competition started drawing customers away. But others, like the much larger market share and advertising push that Crypto.com has done will require work. However, Binance has the ability with their crypto debit card to pay directly with crypto, which is a plus compared to the Crypto.com card needing fiat for transactions. Both have their own chains (Cronos for Crypto.com, Smart Chain for Binance), similar business models, and debit cards mean they actually have a real-world use for the average person. Binance is good, but Crypto.com is mostly the same, but at 4x less market cap. Which in my mind gives it more room to grow.
I don’t think people understand what’s involved in a SOC audit. You can’t fake it, I’ve done it and it’s evidences upon evidences which take months to review.
This is false… many other exchanges have SOC2 reports like Gemini, Coinbase, etc.
Super curious if most investors know what this means ? I work in the compliance space and its great to get a SOC 2 and shows they are really serious about being a strong player in the space and getting all their compliance efforts in line.
> Crypto.com becomes the first crypto platform to get SOC 2 certification. > And, ISO27001, ISO27701, PCI: DSS 3.2.1 (Level 1). > It also achieved the highest ‘Adaptive’ maturity levels for the NIST Cybersecurity Framework and NIST Privacy Framework.
Just for your information, I work in the industry and can assure you that SOC2 certification is next to useless fluff. It’s just a fancy thing that companies can flash at you on an enterprise level so that enterprise clients can have some fluffy fake confidence in your security standards. In reality these certificates are practically bogus when it comes to real security. They’re so easily obtained and what it takes to obtain them is mostly outdated and somewhat useless. There are tons of codebases and companies that are full of security holes with this certificate. Not saying this against Crypto.com, just pointing out that this is meaningless fluff when it comes to real security concerns.