Cryptocurrency platforms perform audits to ensure transparency, but it’s not a golden solution to solve all potential trust and security issues.
On Dec. 9, the total market capitalization of cryptocurrencies soared past $535 billion. This is a significant increase from last year, when the cumulative market capitalization of cryptocurrencies was just over $199 billion.
With such impressive growth underway, it shouldn’t come as a surprise that companies operating in the cryptocurrency sector are taking additional measures to ensure trust among investors. For instance, some cryptocurrency platforms have begun to publicly announce audits to confirm the number of digital assets held under management.
Most recently, the crypto lending and borrowing platform Celsius Network announced the completion of an independent audit of just over $3.3 billion in digital assets. This audit follows the platform’s claim of holding more than $2.2 billion in digital assets under management.
Alex Mashinsky, CEO and founder of Celsius, told Cointelegraph that the audit was confirmed via Chainalysis’ Reactor blockchain analysis tools. Jason Bonds, chief revenue officer of Chainalysis, told Cointelegraph that this was the first instance of the company’s products being used for an audit.
According to Mashinsky, Celsius Network’s audit was based on digital asset transactions, total deposits and total withdrawals since the platform launched its services in June 2018. He further noted that the audit is proof of how many assets Celsius actually holds:
“This audit gives our community a very strong independent view of how much assets Celsius has. If such numbers also correspond to the many announcements we have made, then it verifies that we did not lie or misrepresent our numbers. And since this is all recorded on blockchains, it is impossible for Celsius to change anything after the fact.”
A reserve audit provides transparency, but does it create trust?
While the independent audit aims to provide the Celsius community with a level of transparency, some questions remain. Overall, Mashinsky shared that independent reserve audits should be performed to ensure that the crypto industry is operating trusted platforms. “This is about whether we are creating a more trusted platform to replace banks and financial institutions that do not act in our best interests,” he said.
Meanwhile, some point out that independent reserve audits are oftentimes lacking in security and other important features. For example, Bonds mentioned that Celsius’ audit doesn’t provide additional safety assurances, noting that cryptocurrency platforms still need to take security precautions to protect their businesses.
However, this still may not be enough. Gonçalo Sá, security engineer at ConsenSys Diligence, an audit service for Ethereum blockchain applications, told Cointelegraph that one-off security engagements cannot guarantee absolute safety for any product: “Instead these are an attempt to decrease assets’ risk level.”
Sá also pointed out that reserve audits are crucial for custodial, non-trustless products or services. For example, he mentioned that U.S.-based cryptocurrency lending service Cred was in dire need of a reserve audit. In November 2020, the company filed for Chapter 11 bankruptcy, noting that it experienced irregularities in the handling of specific corporate funds. Cred listed its estimated assets at between $50 and $100 million, along with its estimated liabilities at between $100 million and $500 million.
This in mind, some believe that reserve audits actually enable both trust and security. Richard Sanders, lead investigator and principal at CipherBlade, a blockchain investigations company, told Cointelegraph that a company or individual can be dishonest about any number of things, therefore a reserve audit isn’t an audit of all aspects. However, Sanders added that companies within the crypto sector are prone to lying about things such as hacks, which is why reserve audits are good to perform:
“Exchanges have become insolvent after not disclosing or downplaying hacks. Simplified, solvency, or reserve audits, verify that funds that should be there are and are not missing due to a hack, or due to someone purchasing a yacht with user’s funds.”
Sanders further commented that the misappropriate use of users’ crypto funds are not isolated just to exchanges, but pertains to lending services and other platforms. In the case of Cred, Sanders shared that these platforms could be a bit more nuanced. “Playing the devil’s advocate here, Cred may have had credible (pun mildly intended) reasons for not wanting to disclose their investments publicly as this could tip off competitors,” he said.
A step in the right direction
Ultimately, there will be trust and security concerns associated with any financial institution. Just as crypto exchanges get hacked, banks face many security challenges. That being said, it’s notable that the crypto industry is taking steps to perform public reserve audits. Sanders explained that both solvency and security audits are not required by crypto companies, making the development even more welcome.
Sanders further commented that audits could also help prevent additional government regulation, yet he remains pessimistic: “Unfortunately, it will likely come down to regulation due to the countless instances of insolvent exchanges and lending platforms like Cred.”