Own Crypto? Prove it (Audit)
Digital Asset Group
Mazars Digital Asset Group
Andre Sterley | Digital Asset Group Leader | Mazars USA LLP
- A lot of folks are asking how you as the auditor or accountant gain assurance over the cryptocurrency the client may claim to own? How does one go about independently verifying those ownership claims?
- One procedure an auditor may consider is to observe the client actually transfer some cryptocurrency from the address/public key he claims he owns to another address specified by the auditor.
- One may argue that this method incurs unnecessary transaction fees and actually just lacks a real understanding of how crypto like bitcoin and the bitcoin blockchain really works.
- Another option and more “elegant” solution is to ask the client (let’s call him Jack) to sign a message with the related private key.
- We will need three items of information in order to perform the verification (i.e. verifying that Jack does indeed have the ownership rights): 1) Message; 2) Address (public key) and 3) Cryptographic signature (this is the signature that is produced by Jack using his private key, but without revealing it)
- Feel free to verify the message with your favorite software wallet that supports message signing (e.g. Trezor).
- If the message verifies correctly, it proves that Jack does in fact control the private key related to the public key in question.
- There may be the risk of collusion around sharing private keys between parties which is a beyond the scope of this post.
Click Below to Watch this Video
Contact: Andre Sterley | Email: Andre.Sterley@MazarsUSA.com
Disclaimer: The information which is summarized herein does not constitute financial or other professional advice and is general in nature. It does not take into account your specific circumstances and should not be acted on without full understanding of your current situation and future goals and objectives.