Following the collapse of FTX, in the last few weeks, Mazars South Africa has provided proof or reserves attestations to several cryptocurrency exchanges, including Binance, Crypto.com and KuCoin. As of today, those attestations are no longer available on its website, as first reported by Bloomberg. The press has widely misrepresented attestations as audits and they are far from it. There’s a real risk that they provide a false sense of security.
So far, Mazars has not commented on why the attestations were withdrawn from its website (we have copies of the Binance and Crypto.com ones). However, Binance released a statement saying, “Mazars has indicated that they will temporarily pause their work with all of their crypto clients globally, which include Crypto.com, KuCoin, and Binance. Unfortunately, this means that we will not be able to work with Mazars for the moment.”
With the collapse of FTX there have been question marks over its audits, including by Armanino, which was one of the first to provide proof of reserve attestations. According to an unconfirmed report by Forbes, Armanino is closing its crypto practice over reputational concerns. If one high profile audit is called into question, that can reflect on all the other firms the company audits, which could encourage clients to head for the exits.
Attestations provide a false sense of security
Audits don’t necessarily uncover fraud, as in the case of FTX. But attestations are even less likely to. They involve significantly less work by the accounting firms and often the rules are specified by the client.
While many are supportive of cryptocurrency attestations, our view is they can provide a false sense of security. The attestations are meant to sum all the client accounts and compare these to wallet balances under the control of the cryptocurrency exchange. When clients log in, they can see their balance was part of the attestation.
However, there are several ways in which this does not necessarily provide proof. For example, the exchange is privy to which people never log on to their accounts. So it’s conceivable they could exclude these accounts when getting attestations. They often included negative balances as well, which defeats the object.
But most importantly, the attestations don’t reflect off chain contracts. The company could have other significant liabilities that are not reflected, such as a blanket pledge. It could have temporarily borrowed the crypto assets just for the attestation work.
Kraken was one of the first cryptocurrency exchanges to do attestations. Its CEO Jesse Powell was critical of Binance’s attestation when it was first announced.
Mazars silence is deafening
On the one hand, it may have seemed odd that Mazars South Africa is doing these attestations. However, the company employs over a thousand people in the country alone. In contrast, for years the branch of the auditors that provided attestations to the Tether stablecoin had only a handful of staff.
It is unusual that the comments about Mazars pausing crypto work came from Binance, not Mazars. Bloomberg reported viewing a Mazars email expressing concerns that its reports had not reassured markets and it was concerned about media scrutiny. But would this justify the withdrawal of previously published attestations? And the withdrawl could result in some people jumping to the conclusion that something is up at one or more of them, unsettling markets further.