We recently connected with Milan Velev, Nexo’s Chief Security Officer, who shared key insights with CI regarding the importance of setting standards for crypto platform security.
Milan Velev from Nexo explained why crypto investors and traders need to prioritize security. He also commented on their recent CSA STAR Level 1 Certification, specifically why this particular certification is so vital to Nexo‘s ongoing operations.
Our conversation with Milan is shared below.
Crowdfund Insider: Why should cryptocurrency users always prioritize security when looking for an exchange platform to use?
Milan Velev: Cryptocurrencies usher in an era of financial sovereignty, a space where the stakes are as high as the freedom it awards. A realm where in most cases – and unlike traditional finance – the responsibility of protecting one’s assets more often than not falls on the individual. Against this backdrop, Nexo has taken on the task to combine this economic flexibility with the duty of safeguarding the assets of more than six million clients globally.
While we offer a comprehensive range of security features through a 360-degree platform – including but not limited to Address Whitelisting, IP log-in monitoring, and multi-factor authentication – not every cryptocurrency user has the fortune of such measures at their disposal. For us, seeking the pinnacle of security isn’t just prudent, it’s imperative. A secure digital assets platform isn’t a luxury, it’s a necessity to shield users’ assets, and here is our simple checklist on how to do it and how we have done it.
Cryptocurrencies are valuable assets, and just like fiat money, they are targeted by malicious actors. Nexo operates on a custodial model, entrusting the secure storage of assets to reputable custodians such as Ledger Vault, Bakkt, and Fireblocks. By utilizing multiple custodians and a mix of hot and cold storage solutions across diverse geographical locations, Nexo establishes a robust security infrastructure. This setup significantly hinders unauthorized access, while still providing the necessary flexibility to maintain operational efficiency in the fast-paced crypto market, ensuring that clients’ assets are both well-protected and readily accessible.
While transactions on the blockchain are pseudonymous, interactions with exchange platforms often require providing personal identification information due to regulatory compliance. A secure platform will ensure that this sensitive information is well-protected, preventing identity theft. One way to prove this is to get SOC 2 Type 2 certified, which is exactly what Nexo did earlier this year – we underwent a months-long inspection of our processes and as a result received a third-party confirmation that Nexo’s infrastructure, software, people, data, policies, procedures, and operations meet the most rigorous data privacy and protection laws globally.
Nexo’s over-collateralization model is pivotal to our business, ensuring loans are adequately backed by assets that exceed the loan value, thereby minimizing lending risks. This model enforces stringent collateral standards, which significantly contribute to asset protection and liquidity on the platform. It also facilitates instant crypto credit lines, enabling borrowers to swiftly access funds using their crypto as collateral, thus streamlining loan acquisition compared to traditional platforms.
Exchange platforms that prioritize security are more likely to be in compliance with regulatory requirements. Nexo, for instance, ensures compliance and proactive dialogue with regulators worldwide to make sure it’s providing compliant services to its 6M+ satisfied customers.
Platforms that prioritize security are better positioned to manage risks and adapt to evolving threat landscapes but it is only the combination of institutional-grade infrastructure with a sound and sustainable business model that completes the security picture.
Nexo’s business model, for one, is built on the principles of strict collateralization, prudent risk management, and automation, making the enterprise self-sustainable and profitable. Through this model, Nexo upholds high compliance standards and fosters responsible growth in the digital asset economy, embodying a sustainable and secure financial ecosystem for its users.
Crowdfund Insider: What sets Nexo apart from other exchange platforms in terms of security? Does it have or do something that no other exchange does, or is it more just the combination of security features it implements?
Milan Velev: We believe that we’ve set various transparency benchmarks over the years. The most recent example is our securing of the STAR Level 1 certification by the esteemed Cloud Security Alliance (CSA). This certificate has aligned Nexo with tech industry giants such as AWS, Google Maps, and VMWare, who also adopt these industry-recognized cloud security best practices. No other company in the digital assets space holds this accolade.
Every security feature on the Nexo platform serves a specific purpose, yet when combined, they collectively form a fortress for our clients’ data. The user-centric security measures emulate the stringent standards of the banking sector, encompassing Two-Factor Authentication (2FA), Biometric Identification, and SSL encrypted connections. But there is more than meets the eye; beyond the user interface, Nexo employs a multi-layered security approach, encompassing cold storage for funds, real-time monitoring for unusual activities, and robust internal controls. What sets Nexo apart is not just the security infrastructure but the ceaseless endeavor to stay ahead of the curve.
Crowdfund Insider: Speaking about the CSA STAR Level 1 Certification, why is this certification so important to Nexo?
Milan Velev: Nexo has been a trailblazer in pursuing this certification within the crypto sector. Essentially, it allows for public scrutiny of the security protocols and controls that our company has put in place. As a result, Nexo users and the broader community can confidently use our platform, knowing that their personal data is stored and safeguarded as expected.
Through adopting CSA’s Cloud Controls Matrix (CCM) and GDPR Code of Conduct, Nexo has been able to demonstrate its robust security controls and strict adherence to prevailing regulations, standards, and frameworks. The certification entails a meticulous 261-question self-assessment process for third-party validation, subsequently verified by an external authority through the CSA Cloud Controls Matrix. In the spirit of transparency, the verification is publicly available, thus reflecting our core belief – that our clients should have absolute confidence in our procedures and the safety of their assets. It’s the transparency our community and the wider crypto public deserve.
Crowdfund Insider: Nexo has also successfully completed its independent Type 2 SOC 2 audit.
What does this involve, and how does it reassure Nexo’s users?
Milan Velev: SOC 2 Type 2 audits have become the gold standard for information security across various industries, including fintech. These audits assess the controls and protocols a company has in place to protect both client and company data. During a Type 2 audit, an independent third-party evaluates the effectiveness of these controls over a specific period, typically spanning six months to a year.
For Nexo, emerging triumphant from this audit is a declaration of our allegiance to robust security practices. It is not just a checkpoint; it is a continuous journey ensuring our systems and processes consistently meet the highest standards of data protection.
Crowdfund Insider: Has Nexo ever been hacked? If no, why do you think that is? If yes, what have you done to ensure it doesn’t happen again?
Milan Velev: Nexo stands as a fortress in a landscape where security breaches are all too common. Our unblemished record stems from an uncompromising dedication to security. We don’t just react to threats; we anticipate them. Our vigilant security team operates round the clock, dissecting the crypto space for emerging threats. Regular security assessments aren’t a mere procedure; they’ve become routine, enabling us to preempt vulnerabilities, bolster our defenses continually, and maintain our flawless track record within the digital asset space.
Crowdfund Insider: Let’s assume Nexo is hacked. What would your response look like? Can you guarantee that users’ funds will be protected, or at least refunded in the event that this happens?
Milan Velev: Discussing hypothetical breaches could divert our focus from the proactive measures that have kept our platform secure. Our priority is to maintain an infrastructure where such scenarios remain hypothetical. Nexo’s robust security protocols, stringent risk management strategies, and substantial insurance coverage are designed not just to respond to adversities, but to prevent them.
These proactive measures, coupled with our unwavering commitment to safeguarding user assets, underline the trust and confidence our clients place in us. Our track record of security is a testimony to our vigilant approach, if I’m being completely honest, ensuring that our platform remains a safe haven for digital assets.
Crowdfund Insider: Nexo recently signed on as a member of the Association of Certified Sanctions Specialists (ACSS) and stated that this demonstrates its strong commitment to global regulatory compliance.
Why is compliance so important to Nexo?
Milan Velev: As one of the pioneers in the digital assets sector, Nexo takes our responsibility seriously, which extends to addressing potential external factors that could impact our clients’ well-being. Our membership with ACSS is a way to express our fiduciary duty to safeguard our clients from the adverse effects of economic sanctions and criminal financial endeavors.
By aligning with such respected organizations, Nexo ensures that our users can confidently operate on our platform, knowing that we are committed to upholding the highest legal and ethical standards.
Crowdfund Insider: In your recent announcement, Nexo describes itself as a “pioneer” of compliance in the crypto industry. Can you provide some examples of this?
Milan Velev: Nexo’s commitment to compliance in the cryptocurrency industry is evident through several key initiatives:
Early Adoption of Regulatory Frameworks: Nexo has proactively adhered to evolving regulatory requirements and implemented Anti-Money Laundering (AML) and Know Your Customer (KYC) procedures to combat illicit activities and ensure user identity verification.
Constant Collaboration: Nexo actively collaborates with regulators and industry associations to help shape responsible regulatory frameworks for the cryptocurrency sector.
Stringent Internal Controls: Nexo has established rigorous internal controls to ensure compliance with financial regulations and data protection laws.
Educational Efforts: Nexo educates its staff and users about compliance-related matters, helping them understand the importance of following regulatory guidelines while using cryptocurrency services.
TRUST and CMIC: Our memberships within Travel Rule Universal Solution Technology (TRUST) and the Crypto Market Integrity Coalition (CMIC) aren’t mere badges, they are a testament that we are leading the charge towards a secure and fully compliant blockchain ecosystem in the company of the industry’s best.
In summary, we’d like to think that Nexo’s approach to compliance in the crypto industry sets an example for other platforms and ensures a secure and trustworthy environment for its users.