COSS is a Singapore-based centralized cryptocurrency exchange, founded in April 2017. The company behind the project is C.O.S.S. Pte Ltd, with registration number 201632324e and the following address: 1 Clementi Loop #06-01 Singapore 129808. There is also another branch of the exchange business, registered by the name of C.O.S.S. Exchange BV, with establishment number 000039476529 and address Herengracht 420, 1017BZ Amsterdam.
The founder of the exchange is Rune Evensen, a Norway-born business and start-ups consultant, entrepreneur, and public speaker. On his LinkedIn profile, he states that he has 18 years of experience in top field leadership and that he has founded Exulto Consulting Pte Ltd, a consulting company that “accepts equity as compensation for guiding the industry beginners towards success.” LinkedIn also helps track the profile of Andrei Popescu, co-founder of COSS and SCX Holdings, an alternative asset management company.
The team is comprised of Mong Suan Yee, Engineering Director at COSS. Dr. Mong Suan Yee is a Southampton University graduate, Ph.D. in Electronics, holder of engineering patents, co-author of a wireless communication book, and a founder of Insight Software Pte. Ltd. (Malaysia), product development and consultancy firm for wireless and software projects launched in 2012. She also has experience as a research scientist and development engineer at companies like Toshiba Research Laboratory, Qualcomm, Motorola, Cambridge Consultants, and others. Another team member is Praveena Prabha, Head of Compliance. Before joining COSS, she worked at American Express, OCBC, Fairfax Business Media, and KPMG.
COSS stands for “Crypto One-Stop Solution” and is a fintech company that offers multiple cryptocurrency-related services. Apart from the exchange business, COSS provides an e-wallet, a merchant platform, and a portal for ICO launches and promotional trading campaigns. As its name suggests, COSS wants to become the epitome of an all-in-one cryptocurrency solution. Although in terms of functionalities and provided services it may live up to its ambitious name, when it comes to credibility, COSS starts to lose ground. If we take a look at the topic of users’ data and account set-up requirements, we will find out that COSS is among the cryptocurrency exchanges that apply the strictest KYC and AML policies compliance. In order for clients to use the platform’s service, they should adhere to the mandatory requirement of providing multiple personal details such as name, date of birth, nationality, ID number, and a passport copy or a government-issued ID (with an expiration date no less than six months from the time of submission). In addition to that, clients should also provide proof of their residential address that can be in the form of a bank statement (issued within three months), utility bill, tax assessment, etc. However, this is not all – users are also required to upload a selfie, add a phone number (with two-factor authentication and an SMS confirmation), and even a declaration identifying the source of funds (for transactions over $20 000). More about the complete set of requirements can be found in the exchange’s whitepaper. Although this may serve as a sign of the platform’s willingness to maintain transparency, it is worth bearing in mind that, the exchange itself, doesn’t do anything meaningful in bringing credibility by providing relevant information about its management and the team behind it. The only way to get such information is by researching external sources or tracking team members over LinkedIn.
The platform issues a token with the same name - COSS. It was released in April 2017 and was a 100% self-funded project. However, in July 2017, there was a presale, and the token became open to the public. The holders of the token have the advantage of collecting up to 50% of the exchange’s transaction fees.
When it comes to usability and user feedback, COSS also falls short. Numerous clients report issues such as prolonged transaction times and periodical system breakdowns. Aside from that, there are multiple articles analyzing investors’ experience using COSS, most of which refer to the exchange as “scam”. However, apart from that, it is worth noting that the platform’s clients don’t report any other significant issues with its services.
On the topic of security, we can say that the exchange doesn’t offer any exceptional measures that will guarantee the safety of its users’ funds. In fact, the security features are limited to two-factor authentication, and that is all. This is one of the reasons why COSS suffered a significant security breach where users’ funds worth $850 000 were stolen. The nature of the attack was brute force, targeting the two-factor authentication of the platform. Several of the affected users report having received hundreds of emails of hackers trying to break their two-factor authentication protection. COSS came out with a statement, pointing out that the users’ security was breached outside the exchange. The company urged the hackers to return the stolen funds, which, of course, didn’t happen. To fix the situation, COSS managed to recover the tokens “by using a function in the smart contract.”
At the time of this writing, there are no reported cases of government investigations targeting COSS.io.