Audits & KYC: Should Certik Apologize?

With the need for KYC’s and audits, we have started to see companies pop up throughout the market to provide these services. Of the hundreds of services out there, trying to charge for this service, there are probably about a dozen that have a widely recognized name.

This introduces a new problem–at what point are KYC and audit services just selling a name. How much responsibility should the company bear if they provide a good report on a project, which subsequently rugpulls? Are certain companies trading their name for a dollar? Who knows which audit companies provide unbiased and honest reports?

These considerations came to mind yesterday as we were reviewing the case of the contracted developer, Bullish, who scammed the Coyote Coin team and all of their investors a few minutes after launch. The Coyote Coin project was fully KYC’d and audited. Bullish, as an outside dev, had been KYC’d previously, by gate . io. The Coyote Coin smart contract received a 90% overall rating by Certik.

The KYC, hopefully, does its job. The identity of Bullish will likely come out, and he will likely be prosecuted–he apparently scammed upwards of 8 projects simultaneously.

The audit, however, raises a serious concern for me. The vulnerability that was exploited, in this case, was raised as a flag by Certik. Great! They caught it! Then, how did the overall rating of the Coyote Coin contract remain as high as 90%? That seems odd to me. And after the exploit happened, why has Certik reduced the overall rating to 50%? Hindsight is 20/20 as they say.

This article is about the importance of integrity. Crypto projects are expected to have integrity, and thus checks and measures are put into place–audits & KYC’s. But what happens when the companies providing these checks start to lose sight of their integrity. When a rugpull occurs, I would expect an audit company to step up to the plate and make a statement regarding their failure to account appropriately for a potential vulnerability. At least make an apology for rating a contract 90% trustworthy, while the investors lost over $750k.

Instead of taking ownership and proving they are a company of integrity in the crypto space, Certik quietly reduced the rating to 50%, to cover their butts after the fact. And then proceeded to attack the CryptoCravers article on the Coyote Coin exploit, which was simply an overview of the facts.

[r/CryptoCraversLLC]( we promise to always shoot straight. We will give you the facts–honest and unbiased. Every. Single. Time.

Comment below – What KYC/Audit companies do you trust? And which companies aren’t worth their salt?

View Source

8 thoughts on “Audits & KYC: Should Certik Apologize?”

  1. I think Certik is one of the worst organizations to audit your code. They expanded heavily and their quality has tanked because of that. There are plenty of more legitimate auditors out there worth using over Certik. Chain Security, Dedaub and Haechi to name some.

    Also, projects should be conducting multiple audits, and launching a bug bounty program before launching a product for optimal security. A single audit is not optimal you need multiple eyes on your code from different sources.

  2. > How much responsibility should the company bear if they provide a good report on a project, which subsequently rugpulls?

    How they possibly know a team is going to rugpull? I don’t think they even say they’ve audited for this. How could they? Sit the devs in the room and give them a psychological examination?

  3. 🤑 Do you want to Earn money ?

    Join #SpaceGate Now and Earn Money Every Day! 💸

    🤔 0.5–2% daily interest on earnings, One Token Farming Multi Chain and No Impermanent Loss 💥

    #Crypto #DeFi #CeFi #Money #Finance #Investment  


Leave a Comment