Blockchain And Cryptocurrency Provider

The Crypto Fund Audit – Considerations and Best Practices

The Crypto Fund Audit - Considerations and Best Practices

Table of Contents

Introduction

The cryptocurrency market has matured significantly in recent years resulting in an inflow of institutional money. It’s estimated that around 9% of bitcoin supply is held by corporate treasuries like MicroStrategy and the figure is growing. There’s been a notable increase in crypto hedge funds over the last 2-3 years. According to a report published by PWC, the total assets under management of global crypto hedge funds increased to $3.8 billion in 2020, up from $2 billion the year previous. As well as the “pure-play” crypto funds, there’s also an increasing number of traditional hedge funds that are adding crypto to their portfolio of investments. High-net worth individuals (HNWIs) are the most common crypto hedge funds investor type with most hedge funds having a minimum investment threshold of $100,000.

One of the regulatory requirements for many crypto hedge funds is the annual audit.The auditor is responsible for, amongst other things,  verifying the Net Asset Value (NAV). The process is similar to traditional funds, but there are some complexities introduced by holding cryptocurrencies. Confirming the existence, ownership and valuation are three crucial areas of an audit. We’ll discuss below the three areas from a crypto asset investment perspective. 

Existence of Assets

Auditors need to be confident in the existence of the funds’ investments. How do you prove that crypto asset balances are correctly reported? Well, the first step is to understand where the assets are custodied. Generally this can be split into three groups: dedicated custody providers, crypto exchanges and private wallets. Let’s look at the three separately.

Dedicated Custody Providers

Traditional investments are held by “qualified custodians” like Northern Trust and Goldman Sachs. Custodians offer a safe and trusted manner to secure assets that mitigates some of the risks associated with self custody – in crypto the risk is with key management. Custody service providers hold the assets securely on behalf of the client and can be contacted directly to confirm the existence of the assets. In the crypto space, custody is very much a new and evolving area and there are only a handful of reputable custody providers. Coinbase, Gemini and Bitgo are three well known and regulated crypto custody providers. A fund auditor can contact these custody providers directly to confirm the existence and balance of assets held by a particular client at a point in time. One of the limitations with custody providers is the quantity of different cryptocurrency they support. So, if a fund is investing in many different smaller cap “Altcoins” then it’s likely that some of these are not supported by a custodian. Depending on the investment strategy, funds can be trading on a continuous basis – sometimes using algorithmic bots. In this case, there might be a requirement to keep assets stored on a particular exchange for trading and collateral purposes.

Exchanges

There have been many high profile exchange hacks over the years and this is why storing crypto on exchanges is not considered best security practices, especially for larger amounts. However, in recent years exchanges have raised the bar with security and many large exchanges use third party crypto custody providers and have insurance in order to safeguard assets.

To verify the existence of assets held on exchanges, you can request the fund manager provide read-only API keys for the exchange. You can then use a tool like CoinTracking to connect to the exchange and confirm the existence and balances held of each asset held. CoinTracking tool supports both connecting through the API and also importing a csv file that has been downloaded from the exchange account.  See our recent article on this topic if you want to understand the process in more detail.

Private wallets

One of the main benefits of cryptocurrencies is that they are a bearer asset and can be held privately and indeed it is encouraged within the community. The mantra “not your keys, not your coins” is extremely important for some people. In many cases, hedge funds decide to self-custody crypto assets in their own private wallet. This might be because a custody provider does not support the particular crypto assets or simply because they prefer to manage their own keys. It’s common and best practice to use a cold storage hardware wallet like the Ledger or Trezor for this.

The first step to confirm private wallet assets is to request the public address for any private wallets used by the fund. You can then use a blockchain explorer tool to view all the publicly available information at the address. For Bitcoin, there are many explorers available. Two of the most popular are Blockchain.com and BlockCypher. For Ethereum and any ERC-20 tokens, Etherscan is the most popular. You can also use a tool like CoinTracking to analyze any particular address and find the balance at a point in time such as year end.

Ownership of Assets

Proving ownership of cryptocurrency can be tricky depending on the specific crypto asset and where it is custodied. Ownership of funds stored with a custodian can be confirmed directly with the custodian. Ownership of funds stored on exchanges can be confirmed by requesting unique read-only API keys for the account in question. Since only the account owner will have access to create the API keys, it can be inferred that whoever provides the keys has control of the assets.

For those cryptocurrencies that are held in private wallets ( i.e self custodied), verifying ownership involves a few steps.  After obtaining the public addresses from the client you can review activity on the public blockchain (using the appropriate blockchain explorer mentioned above). Then you can request the client sign a message to each of the fund’s private wallet addresses. The encrypted message should include the auditor and a date for example. Confirmation of ownership takes place when the message is able to be decrypted and verified (use of the private key to digitally sign the message proves that they have control of the wallet, for which the public address is associated). Verify the message using the appropriate website like Bitcoin.com and plugging the signature provided by the client. Verification can only take place when the digital signature is associated with the public address.

Key Takeaway: Signing a message is a cryptographic way to prove your ownership of your crypto address

For those cryptocurrencies where there is an anonymity component or where verification of digital signatures is unable to be performed, you can use alternative procedures to establish ownership.

One way is to obtain watch-only wallet (view key) access for the fund’s wallets. If this is not possible because of the specific wallets used by the fund you could request that the entire balance be transferred  to another wallet that supports watch-only wallets. Another simple way is to request that the fund manager transfers a specified de minimis, but distinctive amount of the cryptocurrency to a wallet specified by the auditor.

Valuation of Assets

Unlike traditional markets, cryptocurrency trades continuously all day every day and is famous for its volatility and it is common to see large swings in pricing and valuations. Furthermore the value of an asset might be different on different exchanges. Having an evaluation policy to determine how the manager arrives at a fair market price for each position is critical. It’s important that the policy is clear, transparent and documented and the reasoning of how an evaluation was reached can be backed up incase of future audits or regulatory scrutiny. Commonly CoinMarketCap is used as it is the most-referenced price-tracking website and uses a volume weighted average of all market pair prices across many exchanges.

Some risks and challenges

  • New cryptocurrencies with immature blockchain explorer tools can make it difficult to query the public blockchain. With Bitcoin and Ethereum it’s easier, but some of the newer projects don’t have a lot of tools to query the blockchain easily. 
  • Privacy coins can bring additional audit challenges. Monero (XMR) for example uses ring signatures and stealth addresses to make it more difficult to trace transactions.
  • Staking is an increasingly popular way to earn yield. There’s different flavors of staking:  custodial and non-custodial, PoS staking and DeFi staking.  It can be challenging to confirm where the coins are custodied, what the yield is, when it is generated and what are the risks.
  • There’s been a huge increase in funds engaging in “yield farming”. Funds  provide liquidity and act as market maker for various DeFI protocols like Uniswap, Curve and SushiSwap. In exchange for this they generate a yield. The rewards mechanism and incentives differ across a lot of DeFi platforms and each comes with a different set of risks.
  • As mentioned already, confirming custody of private wallets can be challenging, particularly because many smaller cap coins do not currently have easy to use tools available for signing and verifying messages.
  • Crypto regulations are continuously evolving and the inconsistency across different jurisdictions is one of the key challenges facing funds and the industry in general.

Conclusion

As the market capitalization of cryptocurrencies expands by the day, more and more crypto funds are entering the space. Preparing for and undergoing the year-end audit is not only a regulatory requirement for many funds, it also gives investors confidence. Having a solid crypto audit strategy and toolset is crucial for any crypto fund auditors.

Boinnex has experience in the crypto audit space and is here to help.

Share this 

Facebook
Twitter
LinkedIn
Bryan

Bryan

Based in Ireland, Bryan is the founder and CEO of Boinnex. He has worked for almost a decade as an IT Project Manager contracting across finance, banking, insurance, tech, and healthcare industries. He found his way into the crypto space in 2017 when he started a contract role with IOHK — the dev company behind the Cardano blockchain. Since then, he has continued to be actively involved in different projects in the crypto and blockchain space. He enjoys learning, writing, and sharing knowledge about all things crypto.

Have any questions? Write them below

Leave a Reply

Sign up for our Newsletter

Receive daily updates directly in your favorite email.