Crypto audits are a practice of faith, less math

Crypto audits are coming back in style, but it’s still a voluntary practice akin to paint-by-numbers—and without all the numbers. Call it an exercise in trust.

Why it matters: This voluntary math goes through cycles of popularity (usually after things go wrong) and has become important again in the wake of a pair of major crypto lenders – Celsius Network and Voyager Digital – filing for bankruptcy reorganization. But they are not perfect.

• Proof of reserves, or “PoR,” is only part of the proof-of-concept equation solvency, Saravanan Vijayakumaran, an associate professor at the Indian Institute of Technology Bombay, tells Axios. “To answer your question about [the audits] to be holistic – they are not holistic.”

Details: Crypto audits ideally show that crypto held on deposit matches customer account balances, but to complete the proof of soundness equation, one needs to run a proof of commitments, in addition to custodians who certify reserves.

• Calculating the total liability of a cryptocurrency exchange would require the release of private, internal customer databases.

Threat Level: Voluntary audits can also mean hidden commitments and imperfect implementations.

Driving the news: Exchange operator Kraken completed the second of its PoR audits last week. It also expanded the assets covered from just bitcoin and eth to include USDC, USDT, DOT, ADA and XRP.

• The accounting procedure cryptographically verifies crypto holdings and account balances; an accounting firm, Armanino LLP, checks this.
• Kraken’s PoR audit also allows its customers to verify the results.

Details: Other firms that have conducted PoR audits in the past 24 months, according to Nic Carter, a general partner at Castle Island Ventures which is pushing the industry to do regular checks:

• Crypto platform Nexo performs attestations in real time.
• Coinfloor and BitMex have carried out self-assessments.
• Ledn has a six-monthly, user-based validation approach.

What they say: “Our regular Proof of Reserves audits demonstrate Kraken’s ability to pioneer a higher standard of accountability and transparency – not only in crypto, but also in the broader banking and finance space,” Kraken said in a blog post on Thursday.

Yes, but: Krakens extended Voluntary audit still only covers 63% of the company’s total assets. A spokesperson tells Axios that the firm will add assets to future audits.

• When asked about the decision to expand the audited assets, Kraken spokesperson Edith Camargo said: “Kraken always intended to expand the amount of assets covered beyond just Bitcoin and Ethereum. With these new assets, we are now able to verify seven of the top 10 coins by market value.” (Solana is excluded)
• The firm started cryptographic PoR audits earlier this year.

The big picture: “[The] The industry doesn’t seem to want it,” says Prof. Vijayakumaran. “Eli Ben-Sasson, founder of StarkWare, says exchanges were not interested when StarkWare offered to build proof of solidity technology.”

• “The technical complexity seemed to be a block,” he adds. “When Kraken CEO Jesse Powell was informed of commissions (proof of soundness of the Stanford group), the bet on it.” (This was back in February 2020)
• Lack of support for all Bitcoin address types and technical complexity were the reasons for the puncture, says Prof. Vijayakumaran, but Kraken has since started PoR certifications with an independent auditor.

Flashback: Mt. Gox, the legendary exchange that once accounted for 70% of the world’s bitcoin transactions, declared bankruptcy in February 2014.

• The crypto industry says PoR certificates could have revealed long-term insolvencies like Mt. Gox and others like it.
• As part of a calming effort, a handful of executives including CEOs of Kraken, Bitstamp.net, BTC China, Blockchain.info and Circle signed a letter admonishing the exchange for failing to meet the “essential requirements as a financial service provider.”

The bottom line: “To those who reject PoR because it is not completely trustless in its current implementation, I would reply that the perfect is the enemy of the good. Currently, the industry standard is virtually no transparency,” Castle Island Ventures’ Carter wrote.