This post is not authoritative.
Status: in progress.
Updated: Jul 25, 2025
Corporate is where audit make sens, a holding company will deploy audit processes for security, compliance and performance needs.
There is 2 types of audits :
- internal audit : performed by the company employees,
- external audit : performed by independent provider like : KPMG, DELOITTE, BDO, ...
external auditor will at the end deliver an audit report, this report is considered to be more valuable than internal audit report because it’s delivered by an neutral and independent provider.
According to the following schema :
- the cryptocurrency issuer,
- the neutral external auditor report,
- the small retail investor, you.
investors are not supposed to go to do all the verification by themselves :
- verify bank accounts,
- verify storage,
- verify accounting records,
- verify blockchain records,
they simply read external audit report, considering that a well-reputed audit firm is unlikely to lie about their findings when they were doing their audits.
A small retail cryptocurrency investor who wants to perform a basic due diligence will probably have to read 3 types of audit reports :
1- Code review :
| Crypto | Link |
|---|---|
| report |
2- smart contract security audit report :
| Crypto | Link |
|---|---|
| ava labs | audits |
| compound | security audits |
| convex | audits |
| curve | security-audits |
| hbar | audits |
| lido | audits |
| ondo | audits |
| ripple | security |
| sui | security |
| synthetix | security and risks |
| Tron | security audit report |
| yearn finance | security |
| aave | security |
| amp | audits |
a- aave :
like this audit reports from for the aave, this report list the following :
- list of bugs, their severity, and status : fixed or acknowledged,
in reality, you will not fully understand what they are talking about unless you are initiated in a specific smart contract programming langage like : solidity
solidity courses short and long videos are available on youtube with duration from 20 min to 38h ! and if you have never tried software development before, you will probably need to learn the basics, because solidity can be considered a specialized language better suited for already experienced developers.
b- diligence :
diligence which is a CENSENSYS team is also publishing public audits reports.
the USDi coin report for example list 25 findings with different level of severity and status.
c- fyeo.io
fyeo has nearly all major cryptocurrencies as customers, and as you can see in this audit report :
ripple | security code review of XRPL permissioned DEX v1.0
that has the following mention at the beginning of page5 :
« during the security code reviews of XRPL DEX Permissioned Domains, we discovered zero (0) issues with the audited code »
this is simple english that any english speaker can understand.
As you can see, the cryptocurrency is transparent, information is publicly available, but :
Do you you have the skills needed to understand the audit reports!?
3- proof of reserves reports :
| Crypto | Link |
|---|---|
| kag | audits |
| Veraone | audit processes and proof of reserves |
a- PAXOS
like this one from KPMG auditing PAXOS gold which is a gold backed cryptocurrency, mentioning that :
« in our opinion, Management’s Assertion is fairly stated, in all material respects. »
b- TETHER
or like this one from BDO auditing TETHER gold which is an other gold backed cryptocurrency, mentioning clearly that BDO carried out the following procedures:
«……. - verify the reconciliations performed by management between the accounting ledger/system and the ledgers on the various blockchains relating to liabilities at 31 March 2025;……...»
4- Economic security:
| Crypto | Link |
|---|---|
| compound | gauntlet.network |
5- financial statements :
| Crypto | Link |
|---|---|
| Litecoin | financials |
| kag | attestations |
some companies are publicly traded and are publishing publicly their annual financial statements, it’s the case of INX.COM which a cryptocurrency trading platform that has it’s own token : INX Token.
As you can see in this link, you can access the consolidated financial statements of the company:THE INX DIGITAL COMPANY, INC.
In this audited annual financial statements, the opinion of ERNST AND YOUNG is expressed in page 2 :
«….. In our opinion, the accompanying consolidated financial statements present fairly, in all material respects,…...»
the report itself is not about the INX Token, but «INX Token» is mentioned 106 times in the document.
6- Treasury management:
| Crypto | Link |
|---|---|
| hbar | treasury management report |
ADS
No comments:
Post a Comment