Is This Crypto Lending Company Any Good? Part 1

image1 838x440 1

Key Takeaways

  • Even if the interest rates seem similar, there are many other factors to consider.
  • Look for a clean record with no security breaches, mishandling of funds, or regulatory issues.
  • Look for ways to verify the assets the company claims to have.

Share this article

This article is the first in a series of how-to guides examining the CeFi lending landscape. Four of the top crypto lending companies, Celsius, Nexo, Crypto.com, and BlockFi, will be evaluated against two key criteria: fund security and auditability.

Comparing CeFi Lenders

At a high level, the business model of these companies is simple. People deposit their crypto and are paid interest (passive income). Then these companies profit by lending the crypto to someone else at a higher rate.

Usually that someone else is an institutional investor, a company, an exchange, or a DeFi protocol looking to borrow or otherwise use large amounts of crypto. 

Therefore, depositing crypto on centralized lending platforms effectively means lending it out with the actual technical process being abstracted away by the platforms in the background. 

The result is avoiding the complexities of yield farming and DeFi in general and being able to keep it simple. 

Of course, there’s no such thing as risk-free free money—especially not when it comes to “easy” 10%+ APYs on stablecoins. 

Many factors should be considered when looking at a platform.

Company reputation, fund security, auditability, the fairness of the loan liquidation process, fees and other costs, supported coins, and supplemental offerings like credit cards. 

This article will focus on two basics. Security and auditability.

Good security is much more than just software.

How Secure Are The Funds?

This is the first question anyone should ask before depositing crypto anywhere – whether it’s a centralized or decentralized platform. Better rates and lower costs mean nothing if your funds are at risk of being lost, frozen, or stolen.

When it comes to CeFi lenders, you ideally want the company to have a clean record with no security breaches, mishandling of funds, or regulatory issues. 


So, let’s compare our sample top four CeFi lenders.

BlockFi has accidentally sent bitcoin to customers instead of stablecoins, admitted to the theft of sensitive user information, and failed to protect users from email spam

Crypto.com lost $34 million in crypto from the wallets of 483 users in a direct hack of the platform in January of 2022. 

Celsius lost $51 million in the BadgerDAO hack from last December. 

Both Crypto.com and Celsius eventually fully reimbursed all affected users following the incidents. 

Nexo is the only company of the four that, so far, has never had a public security failure.

And it’s important to note that the Celsius incident resulted from a security breach of a third-party platform. Not hacking Celsius’ software. Given the novelty of the exploit, it’s not likely it could have been stopped. 

Celsius itself has never been compromised; the company is Security ISO certified, runs a 24/7 security operations center, and recently acquired one of the leading crypto custody and security firms, GK8. It also has a rich set of security features, including address safelisting, biometric login, two-factor authentication, and a 24-hour withdrawal freeze function.

Another critical aspect of fund security is insurance. Crypto.com is the only lender in the group that offers FDIC insurance on USD balances. This is only for U.S. residents and for up to $250,000. The company also has $750 million in insurance against physical damage or third-party theft. 

Nexo is insured for $375 million through its third-party custodians, Ledger Vault and BitGo. 

BlockFi has not made any announcements about insurance. Celsius has been planning a user funded insurance program for more than a year.  

image2
Ask yourself, why do you think this company can handle customers withdrawals at all times?

Are there Publicly Available Proof of Funds?

Being able to personally check that a CeFi lender actually has the assets it claims to have is one of the best ways to know the company is trustworthy. This is a real concern – as shown by what happened to people who trusted Cred or Quadriga.

Celsius has made that easy by partnering up with the leading blockchain oracle developer Chainlink to provide real-time and fully transparent proof-of-reserves

In a similar fashion, Nexo has partnered with the certified auditor and one of the top accounting firms in the U.S., Armanino, to provide a publicly available real-time attestation of its assets. 

Ironically, when considering the security breach listed above, Crypto.com has announced more than one security audit. But nothing for its finances. 

BlockFi has published a job listing for a Head of Internal Audit.

Final Thoughts

To summarize, only one of the top four CeFi lenders hasn’t had a public security failure so far. For the remaining three that did, it’s important to consider the nature of the incidents and how the companies handled it.

After accidentally sending users free Bitcoin, BlockFi threatened legal action against those who refused to return it, which didn’t fare well with its customer base.

When Crypto.com got hacked for $34 million, it initially downplayed the exploit and failed to admit it got hacked. It also falsely stated publicly that all user funds were safe. When it eventually owned up to its failure, the firm didn’t share security details of precisely what happened and what it was doing to prevent a similar incident in the future.

When Celsius lost money in the BadgerDAO hack, it immediately owned up to it, explained what happened, and pointed out that no user funds were ever affected.

Concerning auditability, Celsius and Nexo are standing out with real-time proof-of-reserves or attestation of assets. Crypto.com and BlockFi have not publicly provided proof of funds.

This article was sponsored by Celsius. Find out why 1.7 million people call Celsius their home for crypto.

Share this article