audit

According to official news, the smart contract auditing platform Code4rena has announced that it will gradually cease operations, and the Web3 security company Immunefi will take over its clients and security researchers. Code4rena posted on social media that it has made the decision to shut down and stated that all ongoing competitions and bounty activities will be completed as usual, and existing collaborations will be "properly concluded." Immunefi stated that it will assist in migrating Code4rena's bounty projects, reward structures, and researchers to its platform.Code4rena is known for its "competitive auditing" model, where independent researchers compete to find vulnerabilities in smart contracts for rewards. This shutdown comes less than two years after blockchain security company Zellic acquired Code4rena in 2024. Previously, Code4rena raised $6 million from Paradigm in 2023 for auditing incentives and platform expansion.This shutdown comes at a difficult time for DeFi protocols and the security sector. Data from DefiLlama shows that there were over 20 crypto vulnerability incidents in April alone, setting a monthly record. JPMorgan analysts believe that ongoing DeFi security incidents are limiting major institutional investors from entering the market. Meanwhile, the total value locked in DeFi has decreased from about $160 billion in October to approximately $83 billion currently.

In response to external doubts about its data being "leaked," Polymarket issued a statement clarifying that the relevant data has never been leaked, and all data can be publicly accessed through its public endpoints and on-chain data, which is an inherent feature of on-chain data transparency, not a security vulnerability.Polymarket stated that one of the core advantages of on-chain data is that it is fully publicly auditable, and anyone can freely access the relevant data through its API without having to pay for it.According to previous news from ChainCatcher, the prediction market platform Polymarket is suspected of experiencing a data leak, with over 300,000 records and an exploit toolkit leaked.

Web3 security company CertiK released the report "2026 Digital Asset Regulatory Status," systematically outlining global regulatory trends. The report indicates that by 2026, the regulatory frameworks in major jurisdictions will have basically been established, and the industry is entering a phase of full compliance. The report shows that anti-money laundering enforcement has replaced the definition of securities attributes as the primary regulatory risk, with global anti-money laundering-related fines exceeding $900 million in the first half of 2025, and transaction monitoring capabilities becoming a core compliance requirement.At the same time, smart contract security audits are evolving from industry best practices to entry requirements, becoming essential for license approval and token listings. Additionally, global stablecoin regulatory frameworks are becoming more consistent, generally establishing principles such as full reserves and licensed issuance; however, differences in cross-jurisdictional regulation still pose compliance challenges. The report points out that with regulatory convergence and strengthened enforcement, the industry has entered the "strong compliance era." CertiK states that the core issue facing enterprises is shifting from "Are we compliant?" to "Can we quickly build and implement compliance capabilities?" Licensing in multiple regions, investments in anti-money laundering, and ongoing security audits are becoming the foundational thresholds for institutional development.

The Ministry of Economy and Finance of South Korea announced that it will launch a pilot program for blockchain deposit tokens in Sejong City in the fourth quarter of 2026, to replace traditional government procurement card payments.The project has been approved under the 2026 regulatory sandbox program, allowing institutions to pay business promotion expenses in the form of tokenized deposits. Token payments can preset spending limits and available industry ranges, helping to reduce the need for manual audits and lowering transaction fees for small businesses by removing intermediaries such as card networks.This is the second application of deposit tokens in fiscal operations, following the completion of the first pilot in the electric vehicle charging infrastructure subsidy program. If the pilot proves effective, the Ministry of Finance of South Korea plans to further promote the program.

According to official news, the Ethereum Foundation has launched the Ethereum Audit Subsidy Program, a collaborative project initiated with audit service providers, aimed at subsidizing the costs of security audits for Ethereum developers.Security audits are industry best practices, but they can be expensive. The goal of this subsidy program is to make audits more affordable, thereby enhancing the security of the entire Ethereum ecosystem. Under the Ethereum Foundation's "Trillion Dollar Security Program," this project collaborates with organizations such as Areta, Nethermind, and Chainlink Labs to review applications, helping developers building CROPS and new use cases on Ethereum to obtain more affordable audit services.

According to Theblock citing The Information, Polymarket has launched an audit targeting application startups that promise to help users track suspected insider trading activities.The report states that these copy trading applications provide customers with a list of traders on the Polymarket platform who have a good track record of profitability, or highlight some unusually large or oddly timed bets that may be based on confidential information. Customers can use bots to replicate these trades or receive notifications of seemingly good trades. These applications charge service fees.It is reported that Polymarket and its main competitor Kalshi have both been scrutinized for insider trading issues. Last month, Polymarket introduced clearer rules regarding insider trading and its enforcement.

According to DigitalAsset, the Audit and Inspection Agency of South Korea has released the "Audit Report on the Operation and Management of the Elderly Welfare System," which requires the Minister of Health and Welfare to amend relevant regulations to include digital assets in the property calculation scope for basic pension reviews. The agency pointed out that digital assets have a clear economic value, but the current basic pension law does not include digital assets in its property scope, which may result in individuals holding significant digital assets still being eligible for basic pension benefits.The agency believes that digital assets should be regarded as property with clear economic value, even if their form differs from traditional financial assets, as the value of the property itself is not different. The Ministry of Health and Welfare agrees with this view, stating that it is necessary to prevent relatively high-income individuals in the lower 70% of non-income earners from receiving basic pensions, and agrees that digital assets should be included in the property calculation scope.

The Financial Services Commission (FSC) of South Korea requires local crypto CEXs to establish a system that checks the internal ledger against actual crypto asset holdings every 5 minutes by the end of May, and to disclose asset matching balances daily, with monthly external audits by accounting firms.This move is seen as a tightening of regulations following the incident in February this year where Bithumb mistakenly issued 620,000 BTC to users.

According to market news, the stablecoin issuer USDT, Tether, has chosen KPMG as its auditing firm and has hired PwC to assist in improving its internal systems.This move is the clearest signal that Tether is moving towards a comprehensive financial statement audit, which will go beyond the monthly reserve attestations currently published by BDO Italia, conducting a thorough review of assets, liabilities, controls, and reporting processes. Previously, Tether announced that it had engaged one of the Big Four accounting firms to conduct an audit of its business, but did not disclose the specific firm at that time.

According to Bloomberg, the stablecoin issuer Tether's plan to raise up to $20 billion has been paused, awaiting the results of its first comprehensive financial audit.Tether announced on March 24 that it has hired one of the Big Four accounting firms for the audit, stating that this will be the largest initial audit in the history of financial markets, but did not disclose the specific firm name or audit timeline.The fundraising was originally planned to be completed by the end of 2025, with a target valuation of $500 billion, but has been postponed multiple times. Despite the audit pause, some potential investors have still expressed willingness to support. Tether's Chief Financial Officer stated that the company has been operating according to the Big Four audit standards and the audit will be completed. The company is working with banks such as Cantor Fitzgerald, Morgan Stanley, and BTG Pactual to advance the fundraising.

According to Tether's official announcement, Tether has officially signed an agreement with one of the Big Four accounting firms to initiate its first complete independent financial statement audit in history. This audit is considered the largest initial audit in the history of financial markets, covering complex asset structures such as digital assets, traditional reserves, and tokenized liabilities. Currently, the market capitalization of USD₮ has exceeded 184 billion dollars, with over 550 million global users.Tether stated that this audit aims to go beyond the "Attestation" standard commonly adopted in the industry, moving towards a complete audit to demonstrate that USD₮ is fully backed, has sufficient liquidity, and that risk management meets international top-tier standards. Tether CEO Paolo Ardoino stated, "Trust is built on actions, not promises, and this audit represents the results of years of systematic strengthening efforts."

Tether CEO Paolo Ardoino has now made the United States the core of its expansion plans and has gained support from allies of the Trump administration, including Commerce Secretary and long-time Tether supporter banker Howard Lutnick, whose family company has also invested in Tether.Tether launched a new token in the U.S. market this year and has strengthened its lobbying efforts in Washington. At the same time, Tether is attracting investors globally, attempting to establish a company valuation of $500 billion, making it one of the highest-valued private companies in the world.Tether CEO Paolo Ardoino stated that the company plans to complete a full audit by the end of 2026 and is currently in communication with the Big Four accounting firms. Tether disclosed that its profits exceeded $10 billion last year and currently holds about $122 billion in U.S. Treasury bonds, making it the 17th largest holder of U.S. Treasuries globally.Additionally, Tether is promoting its compliant token USAT in the U.S. market and has made over 140 investments in areas such as artificial intelligence, energy, and brain-computer interfaces.

According to Bitcoin News, the Internal Revenue Service (IRS) has introduced a new form for cryptocurrency audits, requiring taxpayers to report the complete history of the trading platforms and wallets they have used.The form lists over 100 platforms, including Coinbase, Binance, Kraken, FTX, and Mt. Gox, as well as self-custody wallets like MetaMask, Ledger, and Trezor. Taxpayers must indicate "yes" or "no" for each platform and sign to confirm that the information provided is true and accurate; otherwise, they may face perjury penalties.The form is designed to map the complete cryptocurrency footprint of taxpayers across exchanges and wallets, potentially tracing back several years. Tax professionals warn that this document could pose significant legal risks and advise consulting a crypto tax attorney before signing. Failing to disclose platforms used years ago may raise questions, while disclosing too much could also lead to new investigative leads.

According to Bitcoin News, the IRS has introduced a new form for cryptocurrency audits, listing over 100 platforms, including exchanges like Coinbase, Binance, Kraken, FTX, and Mt. Gox, as well as self-custody wallets like MetaMask, Ledger, and Trezor. Those being audited must mark "yes/no" for each and sign under the penalty of perjury, with records potentially dating back several years.Tax professionals warn that failing to report historical platforms could trigger further scrutiny, while excessive disclosure may open new lines of investigation. It is advised to consult a crypto tax attorney before signing. The audit focus typically targets three groups: those who marked "yes" in the digital asset section of Form 1040 but reported very few activities, those whose 1099-DA earnings do not match their tax returns, and high-frequency traders during the bull market from 2017 to 2021.

Aave Labs announced the security framework for Aave V4, proposing a "security-first" development model that embeds security verification during the architectural design phase, rather than only conducting a final audit before launch.This security plan has been ongoing for about a year, with approximately 345 days of security reviews completed, funded by a $1.5 million security budget approved by the Aave DAO. It is reported that the V4 security process combines multiple auditing methods, including formal verification, manual audits, invariant testing, fuzzing, and public security competitions. Future protocol development will continue to adopt five long-term security measures, including introducing formal verification early in development, implementing multi-layer security auditing methods, continuous validation mechanisms, a long-term bug bounty program, and utilizing AI-assisted smart contract security scanning.

According to official news, Aave Labs has released the complete transparency report of the Aave V4 security program, including methods, processes, and results, endorsed by several security agencies such as Trail of Bits, Blackthorn, and Certora.Through manual audits, formal verification, invariant testing, fuzz testing, and public security competitions, approximately 345 days of security reviews have been conducted. The program is supported by a dedicated security budget of $1.5 million approved by the DAO.Aave Labs announced that it will continue five core commitments from the Aave V4 security program: embedding formal verification in the early development stages to ensure that architectural design is guided by secure methodologies rather than just verification; adopting a layered security approach, including manual reviews, formal verification, invariant testing, AI-assisted checks, fuzz testing, and public security competitions to cover more potential vulnerabilities; maintaining continuous security coverage, with formal verification frameworks and invariant testing suites running continuously alongside protocol iterations; establishing a long-term bug bounty program to leverage a broader security community for ongoing monitoring; and optimizing AI scanning capabilities to continuously enhance the level of intelligent security detection in future versions based on existing testing experiences.

Binance Wallet core developer Jackson ll posted that the MPC wallet related to AI Agent, DeFi wealth management, and other features has entered the security audit phase, "It must be reminded that caution is key, safety first."Yesterday, news broke that Binance Wallet announced the first batch of 7 AI Agent Skills, focusing mainly on market data analysis, risk assessment, and trade execution, aiming to provide a standardized Binance-level intelligence interface for AI agents.

Global leading full-stack Web3 security company ExVul has established a long-term strategic partnership with high-performance financial public chain Pharos, jointly setting up a $1.25 million security audit Grants to support the development of early startup teams within the Pharos ecosystem.The Grants are aimed at early projects in the Pharos incubator, providing complete security audit services for core smart contracts and key system modules, along with funding and ongoing security advisory support. The collaboration between Pharos and ExVul fully reflects a high level of trust in their professional capabilities and highlights the close binding of both parties in the long-term construction of the ecosystem. Through this cooperation, ExVul will build a sustainable, secure, and compliant infrastructure for Pharos's early projects, solidifying the foundation for the ecosystem's long-term development.