As in the last two years, the Bitcoin-marketplace Bitcoin.de and the RLT IT- und Systemprüfung GmbH verify the customer’s funds again. Longstanding customers know the procedure we are explaining in this article.
With the audit, Bitcoin Deutschland AG answered customers’ demands to provide a guarantee about the funds managed by the Bitcoin marketplace. Bitcoin.de is the world’s only Bitcoin company to cooperate with an independent and acknowledged audit firm to verify customer’s balances of Bitcoins once-a-year.
In 2014 Bitcoin.de finished the audit successfully for the first time. RLT’s result: ‘In our opinion, which is based on the findings of our audit, the stocks of bitcoins managed by Bitcoin Deutschland AG were correctly managed. The stocks of bitcoins managed by Bitcoin Deutschland AG are sufficient to meet the claims of customers of Bitcoin Deutschland AG.’
After the audit has been conducted successfully in 205, Bitcoin.de and RLT repeat the audit for 2016. To do this the companies use a method of verification they developed to fulfil the auditing standards generally accepted in Germany (Grundsätze ordnungsgemäßer Abschlussprüfung). This is one of a kind worldwide.
RLT is auditing both the desired and actual state of the balances. The desired state is the balances that are used by the databases of bitcoin.de. The actual state is the balances that can be found in the blockchain and that are owned by bitcoin.de (who hold the private keys). The audit consists of three parts.
First, the auditors check the desired balance state. Bitcoin.de makes data about all of their customers available, which of course is completely anonymised. RLT checks this data by verifying a representative sample. For this process, the users are divided into active and passive groups. The active users are asked to confirm their account balances or to enter a reasonable objection. The passive users receive the expected account balance by email. If they do not enter an objection within two weeks then the balance is confirmed, though they may also confirm the balance actively. The result of the confirmation will be send to RLT – again, anonymised and encrypted.
Does the blockchain confirm what bitcoin.de’s databases claim? To audit the actual state of the balances, RLT receives the addresses of both hot and cold wallets for bitcoin.de. Around 98 percent of the balances are saved in ‘cold storage’, meaning they are not connected to the internet and are distributed in several secure places in a way that makes it impossible for a single person to access them. RLT receives these addresses and checkes their balances in the blockchain.
Finally, to verify that bitcoin.de has access to these addresses, RLT takes a significant sample of them. The auditors then write short texts for them, that have to been signed by bitcoin.de with the appropriate private key. To make sure that bitcoin.de does not borrow the private keys, RLT is present when bitcoin.de signs the messages for the cold wallets. More details about the storage of the cold wallets cannot be made due to security considerations.
The result of the audit will be the verified desired and actual balances of our customers’ bitcoins.
Customers of Bitcoin.de can download the official results from RLT IT-und Systemprüfung GmbH after confirming acceptance of the general terms and conditions of contract for public auditors and audit firms. There is no charge made for this confirmation but it’s necessary for reasons of accountability.