Since the insolvency of MtGox back in February this year, many customers of Bitcoin companies have questioned whether their coins are secure. Customers of Bitcoin.de can now enjoy the certainty that they are. Europe’s largest Bitcoin marketplace has had its balances verified by an independent audit firm, after the marketplace and the auditors developed a unique method to verify existing stocks of coins.
How do you establish whether a marketplace like Bitcoin.de actually possesses the quantity of Bitcoins ascribed to its customers’ balances? For some weeks, the auditors of the RLT IT- und Systemprüfung GmbH and the team of Bitcoin Deutschland AG have thought intensively about this question. The answer was a method that investigates in several steps if Bitcoin Deutschland AG is managing its customers’ Bitcoins correctly. It is the first method for the verification of Bitcoins that conforms within the auditing standards generally accepted in Germany (Grundsätze ordnungsgemäßer Abschlussprüfung).
The audit began at the end of August (on August 27th, 2014, 11:59 p.m.), when control over the balances declared in the databases of Bitcoin Deutschland AG was established. RLT selected a sample of customers and split them into an active and a passive group. The members of the active groups were asked to confirm their balances explicitly, while members of the passive group were only asked to contact RLT if the expected balance was incorrect.
All customer data given to RLT was anonymised; confirmation by the customers of Bitcoin Deutschland AG was encrypted before sending to RLT.
The next step was for Bitcoin Deutschland AG to prove that it possessed the balances in Bitcoins that equalled the sum of all customer accounts. This proof was provided by using a significant sample of the ‘hot wallet’ and the so-called ‘cold wallets’, in which the majority of the customers’ Bitcoins are stored without connection to the internet. To prove that Bitcoin Deutschland AG possessed the private keys to the controlled wallets, it signed messages set by RLT, using the wallets’ private keys.
The audit is now finished. RLT’s result: ‘In our opinion, which is based on the findings of our audit, the stocks of bitcoins managed by Bitcoin Deutschland AG were correctly managed on August 27th, 2014, 23:59 hrs. The stocks of bitcoins managed by Bitcoin Deutschland AG are sufficient to meet the claims of customers of Bitcoin Deutschland AG.’
The audit applies only to customer balances at the time of August 27th 11:59 pm, and cannot guarantee there are no mistakes at all because it only verified a sample of accounts. However, as RLT state, ‘We believe that our audit provides a reasonable basis for our opinion.’ In other words, the size of the sample was statistically large enough to provide a reasonable result.
Customers of Bitcoin.de can download the official results from RLT IT-und Systemprüfung GmbH after confirming acceptance of the general terms and conditions of contract for public auditors and audit firms. There is no charge made for this confirmation but it’s necessary for reasons of accountability.
With the audit, Bitcoin Deutschland AG answered customers’ demands to provide a guarantee about their funds after the insolvency of MtGox damaged general trust in Bitcoin exchanges. Bitcoin.de is the world’s only Bitcoin company to cooperate with an independent and acknowledged audit firm to verify customer’s balances of Bitcoins. In doing so, both firms developed a unique method of verification that fulfils the auditing standards generally accepted in Germany (Grundsätze ordnungsgemäßer Abschlussprüfung). This method can serve as a blueprint for the wider Bitcoin industry to obtain the trust of their customers.