If you don’t find the answer to your question below, please feel free to contact us.
A: The Blockchain Security Standards Council (BSSC) is a nonprofit consortium dedicated to strengthening confidence in end-to-end security within blockchain ecosystems. We provide robust security standards and audit frameworks that benefit the entire community.
BSSC aims to defend against exploits by improving security practices to help blockchain reach its full potential as a safe, transformative technology.
A: Our members include Figment, Coinbase, Anchorage Digital, Fireblocks, Kraken, Ribbit Capital, BitGo, Turnkey, Halborn, and Open Zeppelin.
Participants include some of the most trusted names in digital asset infrastructure, security, custody, trading, and venture investment — from exchanges to institutional custodians, security and wallet infrastructure providers, leading blockchain validators, risk advisory firms, and investors. Our diverse membership reflects a broad commitment across the ecosystem to advancing safe, scalable blockchain systems, as well as the range of perspectives and expertise necessary to put it into practice.
For full details on our membership tiers, please visit our membership page.
A: Security is fundamental to the integrity of any financial system — and in blockchain, it’s especially critical. The high value at stake makes them a prime target for sophisticated attackers. Incidents like the ByBit hack are reminders that adversaries are highly motivated and well-resourced.
Security standards serve to harden the ecosystem as a whole. While adoption is voluntary, projects that implement these standards proactively strengthen their own defenses, while those that ignore them present more attractive targets. For more than seven years, the industry has been gradually developing technical standards across multiple vectors — from protocol-level defenses to wallet security to key management practices. The BSSC's standards bring together multiple threads of this work to help to offer a more coordinated whole.
More broadly, standards are essential to ensuring that decentralization isn’t compromised by a critical reliance on any single provider. A robust ecosystem requires interchangeable components. Standards-based platforms give enterprises and institutional actors the confidence to invest, knowing they’re not locked into proprietary solutions. Ethereum, for example, is built on a foundation of formal specifications and community-driven standards like the Yellow Paper and EIPs. Bitcoin similarly relies on detailed documentation and process to maintain consistency and resilience.
Well-designed security standards not only improve individual implementations but also reinforce composability, compatibility, and confidence across the industry. Importantly, these standards are not created in isolation. Where appropriate, they build directly on top of existing specifications — such as widely adopted protocol standards — or complement them by addressing adjacent concerns. This layered, interoperable approach strengthens the overall architecture without duplicating effort, allowing the ecosystem to evolve in a coordinated and resilient way. As blockchain adoption grows, maturing these standards — and ensuring their thoughtful implementation — is essential to supporting both innovation and systemic resilience.
A: The Blockchain Security Standards Council (BSSC) stands apart from other blockchain organizations by focusing exclusively on developing consensus-driven security standards and audit frameworks tailored to the unique challenges of decentralized systems.
Formed as a nonprofit consortium, the BSSC brings together a diverse coalition of industry leaders — including exchanges, custodians, security firms, infrastructure providers, and venture capitalists — to collaboratively address critical threats such as smart contract vulnerabilities, protocol exploits, and nation-state cyberattacks. Unlike broader industry groups, the BSSC is dedicated to establishing voluntary, actionable security benchmarks and engaging with regulators to foster trust and resilience across the blockchain ecosystem.
A: Even in the most secure blockchain systems, vulnerabilities can exist at the edges. How digital assets are secured, how nodes are operated, and how keys are managed are critical decisions. BSSC’s standards validate the security of both assets and operations to minimize threats.
We fill the gap by:
Our current standards include:
You can learn about our specific standards on our standards page.
A: In some cases, such as Key Management and Node Operator, BSSC standards are chain-agnostic. Other standards such as Token Integration Standard are specific to a particular class of tokens, although much of the guidance they provide is more widely applicable, and therefore useful especially for chains where there is insufficient chain-specific guidance available.
A: Yes, largely through reference to the EthTrust Security Levels specification, a well-established standard for the security of smart contracts.
A: The BSSC standards are designed to strengthen the security of the ecosystem against malicious actors, and errors. While this will help protect against rogue states running hacker outfits, such as Lazarus, they do not directly address issues around the legality of finance. There are many other standards in place already. These issues are usually addressed on a “local” basis, specific to the regulatory space where a given set of sanctions or financing rules apply.
A: BSSC doesn’t directly interact with regulators, but the work we produce helps inform their discussions, and can be used by BSSC members in discussions with regulators and other industry groups.
A: No — these are long-established industry-standard procedures, and while they should be enabled by providers and followed by those reporting threats or attacks, there is no need to rewrite them.
BSSC maintains an active partnership with the Crypto ISAC, The Crypto ISAC is a member-driven, not-for-profit organization that works together to curb malicious actors, address vulnerabilities, share intelligence, and move security forward to protect the crypto ecosystem.
A: BSSC’s security standards helps strengthen blockchains and digital assets against attacks, including those by cyber-criminals and nation-states.
A: The BSSC’s members analyze a wide range of security threats, including lessons learned from real attacks. Part of the development of security standards is to review them against known cases in an attempt to fortify protections against similar future attacks.
A: Any blockchain-oriented organization can join the BSSC. We have multiple membership tiers, including a free one, that allows for community input. Please see our membership page for more information.
A: BSSC standards can be used “as-is”, but before making any change to or derivative of the documents, explicit written permission from BSSC is necessary.
