On the need for cryptocurrency auditing services

History shows that the cryptocurrency community desperately needs good auditing services. Currently, those who are best equipped to audit businesses such as exchanges are people who have an in-depth understanding of Bitcoin and cryptocurrencies – often but not necessarily developers.

For example, Mt. Gox invited Roger Ver (a.k.a. “Bitcoin Jesus”) to audit their reserves in 2011 and again in 2013. In 2014, exchanges responded to the influx of new customers, increased competition, and the collapse of Mt. Gox and the resulting negative effect on the public’s perception of cryptocurrencies by taking audits much more seriously: Coinbase was audited by Bitcoin advocate and entrepreneur Andreas Antonopoulos, Bitstamp was audited by former Bitcoin Core developer Mike Hearn, and Bitfinex, Kraken, Huobi, and OKCoin were audited by software developer, early Bitcoin advocate and investor, and former Ripple Labs CTO Stefan Thomas.

Sounds great right? The only problem is, those who have the technical skills to audit exchanges generally don’t have the skills to audit the fiat side of things. And the people who have the skills to audit the fiat side generally don’t have the technical skills to audit the crypto side of things, as Mike Hearn explained during his audit of Bitstamp:

“The overlap between people who are traditional accredited auditors and people who understand the Bitcoin technology and things like signing with private keys is presently very small.”

In December 2022, Binance CEO Changpeng “CZ” Zhao also indicated during an interview that traditional accounting firms had difficulties auditing crypto exchanges:

“Audits don’t reveal every problem… Many of them don’t even know how to audit crypto exchanges.”

The fiat side is important because it is possible for a business such as an exchange to make up for a shortage of BTC or ETH by borrowing or buying cryptocurrencies with fiat. In such a case, someone like Andreas Antonopoulos might look at the hot and cold wallets and assume that everything is fine. However, a closer look at the fiat side would indicate that the exchange is actually insolvent.

In fact, during his audit of OKCoin, Stefan Thomas explicitly warned about this possibility:

“Note that there are limitations to this type of audit. It does not verify an exchange’s fiat assets and liabilities or other aspects of their balance sheet. It is also difficult to prove definitively that the bitcoins in question are actually owned by the exchange versus being on loan for instance.”

Today, there are auditing services out there that focus on cybersecurity and code such as smart contracts. Last year, a blockchain security firm called CertiK was awarded $500,000 for finding a bug in the Sui network’s code that if exploited, would have crashed the network by rendering all of its nodes inoperable. This is great but these companies usually don’t deal with significant amounts of fiat.

Of course, there could still be issues even if we had a healthy and competitive marketplace of cryptocurrency auditing services to choose from. For example, Roger Ver had name recognition but his audit of Mt. Gox wasn’t a particularly thorough one and it couldn’t save them from collapse in 2014.

And while cryptocurrency reserves can be proven transparently and in real time, confirmation of fiat reserves cannot be done in real time and companies might not want to expose their financial operations for their competitors to see. Therefore, some degree of trust will probably be necessary in this field which begs the question of which companies should be trusted, especially during the initial stages of the industry.

Finally, there’s also the issue that the cryptocurrency industry is much more complex and diverse now. Back in the old days, when nearly all attention was focused on Bitcoin and a handful of altcoins that simply copied Bitcoin’s code, a technically inclined and sufficiently dedicated accountant could have gained a working knowledge of the entire space in just a few months. Now the cryptocurrency space is a lot more complex with multiple layer 1 and layer 2 platforms, token ecosystems, NFTs, smart contracts, stablecoins, DeFi, DAOs, and DApps.

In conclusion, I believe that auditing services that team up cryptocurrency experts with fiat experts is a good idea. There is an enormous void in the industry but unfortunately, there doesn’t seem to be many startups that have expressed an interest in filling it. Companies that enter this space will likely face challenges such as finding sufficiently qualified experts that are respected in the community and building up a reputation (especially if they are starting from scratch) but none of these should be insurmountable.

Leave a Reply

Your email address will not be published. Required fields are marked *