CEX PoL (Centralized Exchange Probability of Loss) is a structured risk assessment framework designed to estimate the likelihood that users of a centralized crypto exchange may experience a financially material loss, excluding losses caused solely by market price movements.CEX PoL focuses on non-market loss vectors specific to centralized exchanges, such as:
Security breaches
Insolvency or liquidity shortfalls
Operational failures
Transparency deficiencies
The output is a Probability of Loss score, grounded in observable risk factors and historical loss patterns.The primary purpose of CEX PoL is to:
Quantify custodial risk in centralized exchanges
Reduce information asymmetry between exchanges and users
Provide a standardized, comparable risk signal across exchanges
Support informed decision-making for users, institutions, and counterparties
CEX PoL does not attempt to evaluate trading performance, fees, spreads, or market competitiveness.
The CORE3 CEX PoL methodology is built around three core risk areas:
Security
Protecting user funds and infrastructure
Solvency
Proof of reserves and financial resilience
Transparency
Live tracking and disclosure quality
Each of these areas is assessed using its own set of metrics and carries a different weight in the overall score.
The Security section is inherited from the CER.live platform and is fully aligned with its proven methodology. Given its continued relevance, CORE3 directly adopts the assessment framework of the leading CEX security evaluation platform, making it an integral part of CORE3.
The Centralized Exchange Probability of Loss methodology is designed to evaluate risks unique to custodial crypto platforms. Unlike non-custodial protocols, centralized exchanges introduce concentrated counterparty, custody, and solvency risks, making transparency and operational controls critical.
Security risks — protecting user funds and exchange infrastructure
The Security category assesses the exchange’s ability to protect user funds, infrastructure, and sensitive data against external attacks, insider threats, and operational failures.Centralized exchanges represent high-value targets due to pooled assets and privileged access models. Weak security controls have repeatedly led to catastrophic losses across the crypto market. This category evaluates both preventive and reactive security measures to determine how resilient an exchange is under active threat conditions.
Server Security
Infrastructure hardening, segmentation, access controls, and protection against unauthorized system access.
User Security
Safeguards protecting user accounts, including authentication mechanisms, withdrawal controls, and fraud prevention systems.
Certifications
Independent validation of security management practices (e.g., ISO standards), signaling organizational maturity.
Bug Bounty
Active engagement with the security research community to identify vulnerabilities before exploitation.
Penetration Tests
Periodic adversarial testing of systems to uncover real-world attack vectors.
Insurance Fund
Availability and structure of dedicated funds designed to mitigate losses resulting from security incidents.
This category mitigates the risk of direct fund loss events, which remain one of the failure modes for centralized exchanges. Security evaluation is the most heavily weighted component of the CEX crypto risk score.
Solvency risks — proof of reserves, asset coverage, and financial resilience
The Solvency category evaluates whether an exchange actually holds sufficient assets to cover user liabilities, both at a point in time and on an ongoing basis.
Historically, many exchange failures were not caused by hacks, but by misuse of customer funds, hidden leverage, or inadequate reserve management. This category focuses on verifiable evidence rather than declarations.
Proof of Reserves Audit
Independent verification of on-chain and off-chain assets controlled by the exchange.
Proof of Ownership for Wallets During the Audit
Cryptographic or procedural confirmation that disclosed wallets are genuinely controlled by the exchange.
Audit Users Scope
Clarity and completeness regarding which user balances and liabilities are included in the audit.
Asset Composition in Total Reserves
Quality, liquidity, and risk profile of assets held as reserves.
Regularity (PoR Audit Frequency)
How often solvency audits are conducted and disclosed.
Merkle Tree
Use of cryptographic structures enabling users to independently verify inclusion of their balances.
This category directly addresses insolvency, fractional reserve practices, and hidden leverage, which represent systemic risks capable of triggering market-wide contagion. Solvency verification is a cornerstone of crypto due diligence for any counterparty operating in a custodial model.
Transparency risks — live reserves tracking and disclosure quality
The Transparency category measures how openly and reliably an exchange communicates critical risk-relevant information to the public, regulators, and users.
Transparency is treated not as a marketing attribute, but as an operational control that enables external verification, early risk detection, and accountability.
Live reserves wallets tracking
Continuous, real-time monitoring of disclosed reserve wallets.
Police representatives response quality
Responsiveness and cooperation with law enforcement and regulatory inquiries.
Last liabilities snapshot value
Disclosure of the most recent total liabilities figure used for coverage calculations.
Coverage ratio
Relationship between disclosed reserves and stated liabilities.
Reserves assets distribution
Breakdown of reserve assets by type, liquidity, and risk characteristics.
Low transparency increases information asymmetry, delays detection of distress signals, and amplifies loss severity when failures occur. This category incentivizes ongoing openness rather than one-time disclosures — a principle central to risk management at the exchange level.
The CEX PoL methodology provides a clear, comparable, and enforceable risk signal for centralized exchanges operating in a high-risk custodial environment.
By combining security posture, solvency verification, and transparency controls, CORE3 enables users, institutions, and regulators to assess not only how an exchange operates today, but how it is likely to behave under stress. This forms a key part of CORE3’s crypto rankings for centralized exchanges.
CEX PoL Scoring Logic
Learn how category weights produce the final exchange PoL score
