In the aftermath of cryptocurrency exchange FTX’s collapse last month, questions have swirled throughout the industry about whether other large players’ finances can be trusted. With professional auditors now abruptly exiting the space, those questions may keep lingering.
Binance, the largest crypto exchange by trading volume, sought to tamp down worries raised by rival FTX’s rapid descent into bankruptcy court by announcing it would release proof-of-reserves data. While not conventional audits, such reports describe how much crypto an exchange is holding – an attempt to allay fears about the whereabouts of customers’ money.
The Binance proof-of-reserves report did come out – only to be withdrawn Friday when the auditing firm it had hired, Mazars, announced it was no longer working with crypto firms. Mazars had also been working with Crypto.com and KuCoin.
Mazars was one of a few auditors (along with Grant Thornton and BDO) working with unregulated and private companies in the crypto industry to assure transparency. Now even the French auditor has cold feet.
“I’m quite surprised the public and regulators are finally discovering that their favorite centralized exchanges [CEX] have incredibly complicated layers of corporate structures and, as we’re finding out, un-auditable books,” said Joseph Collement, general counsel at Bitcoin.com.
Mazars, in an email to CoinDesk, said it was pausing work with crypto clients globally due to “concerns regarding the way these reports are understood by the public.”
Binance and many other crypto firms are privately held, meaning they don’t regularly – if ever – release financial data. So the short-lived proof-of-reserves information was welcomed by the industry.
The now-withdrawn reports published by Binance and Crypto.com were often misunderstood as actual audits, that is unbiased examinations and evaluation of the financial statements of an organization. But they’re really just a matching exercise that involves mapping customer assets as recorded in an exchange’s internal database to entries in a public blockchain, according to Francine McKenna, a lecturer in financial accounting at the Wharton School at the University of Pennsylvania.
This led to confusion in the industry and the assumption that those exchanges indeed had all the assets they said they had – which isn’t necessarily the case, because the exchange could have cherry-picked the assets that were checked by the auditor.
In theory, it’s easy to audit proof of reserves, Collement said. “When a crypto asset is deposited onto an account earmarked for a specific user, the CEX should hold that asset 1:1 on behalf of the user.”
However, very few CEXs adhere to those procedures, he said. “Once commingling of customers’ funds together or customer’s and company’s funds occurs, audits become extremely more difficult.”
This is also because assets could be held in other cryptocurrencies as opposed to U.S. dollars, which adds another layer of complexity. In addition to that, “proof of reserves mean very little without proof of liabilities,” he said.
This is a problem, because while these reports prove there are assets to support the market value of various stablecoins or reserves to back up customer assets, they don’t consider the creditworthiness of borrowers for loans that are included as assets. They also don’t identify and value obligations the stablecoin issuer or exchange may have to others that could wipe out the value of those assets.
“Choosing to do any work, especially an actual audit, with crypto-adjacent firms is very high risk,” McKenna said. “I am not sure these firms fully assessed the risks of acceptance and continuance of these relationships to their reputation and legal liability.”
Crypto companies for a long time have promised customers to publish audits regularly to provide a sense of security and transparency. Few have actually kept their promise, and most have argued that it is simply too difficult to find an auditor to work with.
“Mazars is trying to reduce its risk profile,” said RA Wilson, chief technology officer of 1GCX. “Its team probably discovered that they’re understaffed and not as knowledgeable about the crypto industry as they need to be to conduct a comprehensive audit.”
Mazars’ departure doesn’t mean, however, that conventional auditors cannot examine the books at crypto firms. Coinbase is a publicly traded company in the U.S., and so – as it must – the company releases full-fledged reports about its finances, audited by one of the largest accounting firms in the world: Deloitte.
Top accounting firms like Deloitte “prefer to work with large pre-IPO or public firms,” McKenna said. “Partners who want to do something new or more risky are usually held back by lots of layers of checks and balances that manage liability for the firm.”
Firms like Mazar or Grant Thornton, or Tether’s auditor BDO Milan, on the other hand, have seen an opportunity to carve out a niche in a new industry, she said.
“I think this ‘pause’ by Mazars … will create a chilling effect,” McKenna said. “The fact that FTX had any audits means someone is starting to ask for more assurances. That has now grown to a very loud cry, and I doubt the Big Four [accounting] firms will step in and fill the void.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.