With the need for KYC’s and audits, we have started to see companies pop up throughout the market to provide these services. Of the hundreds of services out there, trying to charge for this service, there are probably about a dozen that have a widely recognized name.
This introduces a new problem–at what point are KYC and audit services just selling a name. How much responsibility should the company bear if they provide a good report on a project, which subsequently rugpulls? Are certain companies trading their name for a dollar? Who knows which audit companies provide unbiased and honest reports?
These considerations came to mind yesterday as we were reviewing the case of the contracted developer, Bullish, who scammed the Coyote Coin team and all of their investors a few minutes after launch. The Coyote Coin project was fully KYC’d and audited. Bullish, as an outside dev, had been KYC’d previously, by gate.io. The Coyote Coin smart contract received a 90% overall rating by Certik.
The KYC, hopefully, does its job. The identity of Bullish will likely come out, and he will likely be prosecuted–he apparently scammed upwards of 8 projects simultaneously.
The audit, however, raises a serious concern for me. The vulnerability that was exploited, in this case, was raised as a flag by Certik. Great! They caught it! Then, how did the overall rating of the Coyote Coin contract remain as high as 90%? That seems odd to me. And after the exploit happened, why has Certik reduced the overall rating to 50%? Hindsight is 20/20 as they say.
This article is about the importance of integrity. Crypto projects are expected to have integrity, and thus checks and measures are put into place–audits & KYC’s. But what happens when the companies providing these checks start to lose sight of their integrity. When a rugpull occurs, I would expect an audit company to step up to the plate and make a statement regarding their failure to account appropriately for a potential vulnerability. At least make an apology for rating a contract 90% trustworthy, while the investors lost over $750k.
Instead of taking ownership and proving they are a company of integrity in the crypto space, Certik quietly reduced the rating to 50%, to cover their butts after the fact. And then proceeded to attack the CryptoCravers article on the Coyote Coin exploit, which was simply an overview of the facts.
Here at the CryptoCravers, we promise to always shoot straight. We will give you the facts–honest and unbiased. Every. Single. Time.
Comment below — What KYC/Audit companies do you trust? And which companies aren’t worth their salt?
Join the discussion on reddit, r/CryptoCraversLLC