audit

According to official news, Tether announced that it has appointed a new independent director to the board of Bitcoin reserve company Twenty One Capital (XXI) to fill the previous vacancy in the audit committee. The company stated that this appointment complies with the independence requirements of the SEC's Securities Exchange Act Rule 10A-3 and the New York Stock Exchange listing rules.This vacancy arose after Tether acquired the shares of XXI held by SoftBank Group on May 20, leading to the termination of the governance agreement between the two parties, and the resignation of the directors appointed by SoftBank, one of whom was a member of the audit committee.It was introduced that Twenty One Capital currently holds over 43,500 bitcoins and is positioned as a vertically integrated Bitcoin company, with business covering Bitcoin mining, asset reserves, capital markets, and financial services.Tether CEO Paolo Ardoino stated that XXI is building one of the most important Bitcoin companies in the world, and therefore the company prioritizes ensuring that the board has an independent oversight mechanism that meets SEC and NYSE requirements to match its strong balance sheet.

According to CoinDesk, security engineer Taylor Hornby, who discovered a serious vulnerability in Zcash using the Anthropic Opus 4.8 AI model, stated that Monero (XMR) has been added to the audit queue, and more privacy coin projects will undergo security reviews in the future.Hornby previously discovered a critical vulnerability in the Zcash Orchard privacy pool on May 29, which had gone unnoticed since May 2022 and could theoretically allow attackers to create unlimited undetectable fake ZEC. The development team at Shielded Labs completed an emergency fix before June 1 and subsequently disclosed the details of the vulnerability. As a result of the incident, ZEC dropped by as much as 38% within 24 hours after the news broke, with the market concerned that attackers may have exploited the vulnerability to steal funds from the privacy pool without leaving on-chain traces.Hornby stated that he was commissioned by the nonprofit organization Shielded Labs in April of this year to identify protocol vulnerabilities before attackers could exploit them. Although he had the means to profit from the vulnerability, he chose to report the issue to the development team, stating that "such betrayal is unacceptable." Additionally, Hornby plans to apply for funding from the Zcash community to support subsequent security research efforts.

According to Bits.media, the Central Bank of Brazil has tightened the licensing rules for virtual asset service providers, requiring them to undergo independent financial audits before obtaining operational licenses starting June 1. The auditing firms must not only examine the company's financial status but also review its compliance with anti-money laundering and counter-terrorism financing regulations, including whether the platform separates its own funds from customer assets, its risk management practices, and employee training. Auditors must be registered with the Brazilian Securities Commission. Cryptocurrency exchanges, brokerage firms, and custody services applying for a license for the first time must comply with these requirements from the start of the registration process, and companies that already hold licenses must also pass independent audits when renewing.Brazil first clarified in legislation in 2022 that virtual asset services are regulated by the central bank, establishing a category for licensed virtual asset service providers in November 2025. Additionally, Brazil recently imposed a complete ban on 28 betting and prediction market platforms, including Polymarket and Kalshi, on the grounds that they did not comply with local derivatives trading requirements. Starting October 1, Brazilian electronic foreign exchange providers will be prohibited from using cryptocurrencies for international remittances.

According to Protos, Bitcoin treasury company Twenty One Capital received formal notification from the New York Stock Exchange (NYSE) that it was deemed non-compliant due to insufficient independent directors on the audit committee and must complete rectification by June 5; otherwise, it will be marked as BC (below compliance standards) starting June 9.Previously, Tether completed the acquisition of approximately 89.1 million Class A shares held by SoftBank and terminated the related governance agreement, resulting in the resignation of two directors appointed by SoftBank, one of whom was a member of the audit committee. This left the company with only one independent director on the audit committee during the transition period, which does not meet NYSE requirements. Twenty One Capital stated that it will appoint new independent audit committee members as soon as possible.

Ju.com’s official Chinese account has issued a notice stating that to cooperate with the financial audit of the group’s listing entity, the platform will initiate a special compliance review to enhance the transparency of fund management and the security of accounts.The notice requires users to promptly supplement or update KYC compliance materials according to the prompts on the page. Withdrawals can only be requested after submission and approval. The platform indicated that the withdrawal process is expected to return to normal after the completion of the financial audit.

According to The Block, FTX's former major external law firm Fenwick & West has agreed to pay $54 million to settle claims related to its alleged assistance in facilitating Sam Bankman-Fried's fraudulent activities. In addition, the auditing firm Prager Metis has agreed to pay $11.75 million, and former Miami Heat player Udonis Haslem, as a former promoter of FTX, will pay $420,000, bringing the total to approximately $66 million.The above settlement marks the second round of resolutions in the FTX class action lawsuit, with relevant documents submitted to the Miami federal court on Friday. Fenwick denies any wrongdoing and states that it was unaware of FTX's fraudulent activities. Notably, the firm still faces another civil lawsuit for $525 million in Washington, D.C., which is not covered by this settlement.FTX collapsed in November 2022, and Bankman-Fried was sentenced to 25 years in prison for stealing approximately $8 billion in customer funds and is currently appealing. FTX's bankruptcy estate has returned over $5 billion to creditors.

The TON Network expansion project TAC has disclosed that a security incident occurred with the TON-TAC asset bridge on May 11. Four days later, approximately 80% of the affected assets have been returned. TAC today released a post-incident analysis report detailing the events. The root cause of the vulnerability was a lack of a single verification in the sorter software: the attacker deployed a counterfeit Jetton wallet on TON, and the sorter accepted the counterfeit tokens because it did not verify the code hash of the sender's wallet. The total loss was approximately $2.86 million, involving USDT, BLUM, and tsTON. Following a public appeal, about 90% of the assets were returned to the multi-signature address controlled by TAC on May 14, with the remaining 10% retained by the attacker.The cross-chain bridge remains paused, awaiting independent review of the repaired sorter software by the auditing party and TON partners. Cross-chain operations will resume once the verification of the repaired software is completed and the gap is filled with recovered assets and TAC Foundation token reserves. Due to the need for multi-party coordination, a precise timeline cannot be provided. The remaining funding gap will be filled by the TAC Foundation treasury, ensuring that users and protocols incur no financial losses. TAC reminds users that official updates are only published through this account and Telegram, and any unsolicited "recovery" or "support" private messages are scams.

Documents from the U.S. Department of Justice show that Trump has reached an unusual settlement agreement with the federal government, terminating a $10 billion lawsuit filed by him and his businesses against the Internal Revenue Service (IRS), and further expanding the relevant terms.The agreement states that the IRS will be "permanently prohibited" from investigating or continuing existing audits related to tax returns previously submitted by Trump, his businesses, and family members. The Department of Justice stated that this restriction only applies to the scope of existing audits.Meanwhile, the U.S. government has agreed to establish a "Deweaponization Fund" of up to $1.8 billion to compensate individuals or groups claiming to have been improperly treated during government investigations. This arrangement has been criticized by some Democratic lawmakers as a "disguised transfer of benefits," and has also raised questions within the Republican Party.Former IRS Commissioner pointed out that there has never been a precedent showing that the tax agency would permanently waive its right to review the historical filings of specific individuals or businesses, emphasizing that tax enforcement principles should remain consistent for all taxpayers. The Senate indicated that there are still many unresolved issues with this agreement, which is expected to continue to spark political controversy and regulatory discussions.

According to Techfundingnews, London-based AI audit automation startup Calibre has announced the completion of a $3.3 million Pre-Seed funding round, led by Vicus Ventures and CIV.Calibre was founded by former Palantir executives with the goal of using AI Agents to enhance efficiency in the certification and auditing industry. The company believes that current auditors spend a significant amount of time on document review and process organization rather than applying professional judgment. Calibre plans to deploy AI Agents to automatically handle repetitive tasks such as document review, information extraction, and compliance verification, aiming to reduce labor costs and improve efficiency in the certification industry.Investors believe that the certification and auditing industry has long faced issues of cumbersome processes and high reliance on manual labor, and that AI Agents are expected to become an important infrastructure in this field.

According to official news, the smart contract auditing platform Code4rena has announced that it will gradually cease operations, and the Web3 security company Immunefi will take over its clients and security researchers. Code4rena posted on social media that it has made the decision to shut down and stated that all ongoing competitions and bounty activities will be completed as usual, and existing collaborations will be "properly concluded." Immunefi stated that it will assist in migrating Code4rena's bounty projects, reward structures, and researchers to its platform.Code4rena is known for its "competitive auditing" model, where independent researchers compete to find vulnerabilities in smart contracts for rewards. This shutdown comes less than two years after blockchain security company Zellic acquired Code4rena in 2024. Previously, Code4rena raised $6 million from Paradigm in 2023 for auditing incentives and platform expansion.This shutdown comes at a difficult time for DeFi protocols and the security sector. Data from DefiLlama shows that there were over 20 crypto vulnerability incidents in April alone, setting a monthly record. JPMorgan analysts believe that ongoing DeFi security incidents are limiting major institutional investors from entering the market. Meanwhile, the total value locked in DeFi has decreased from about $160 billion in October to approximately $83 billion currently.

In response to external doubts about its data being "leaked," Polymarket issued a statement clarifying that the relevant data has never been leaked, and all data can be publicly accessed through its public endpoints and on-chain data, which is an inherent feature of on-chain data transparency, not a security vulnerability.Polymarket stated that one of the core advantages of on-chain data is that it is fully publicly auditable, and anyone can freely access the relevant data through its API without having to pay for it.According to previous news from ChainCatcher, the prediction market platform Polymarket is suspected of experiencing a data leak, with over 300,000 records and an exploit toolkit leaked.

Web3 security company CertiK released the report "2026 Digital Asset Regulatory Status," systematically outlining global regulatory trends. The report indicates that by 2026, the regulatory frameworks in major jurisdictions will have basically been established, and the industry is entering a phase of full compliance. The report shows that anti-money laundering enforcement has replaced the definition of securities attributes as the primary regulatory risk, with global anti-money laundering-related fines exceeding $900 million in the first half of 2025, and transaction monitoring capabilities becoming a core compliance requirement.At the same time, smart contract security audits are evolving from industry best practices to entry requirements, becoming essential for license approval and token listings. Additionally, global stablecoin regulatory frameworks are becoming more consistent, generally establishing principles such as full reserves and licensed issuance; however, differences in cross-jurisdictional regulation still pose compliance challenges. The report points out that with regulatory convergence and strengthened enforcement, the industry has entered the "strong compliance era." CertiK states that the core issue facing enterprises is shifting from "Are we compliant?" to "Can we quickly build and implement compliance capabilities?" Licensing in multiple regions, investments in anti-money laundering, and ongoing security audits are becoming the foundational thresholds for institutional development.

The Ministry of Economy and Finance of South Korea announced that it will launch a pilot program for blockchain deposit tokens in Sejong City in the fourth quarter of 2026, to replace traditional government procurement card payments.The project has been approved under the 2026 regulatory sandbox program, allowing institutions to pay business promotion expenses in the form of tokenized deposits. Token payments can preset spending limits and available industry ranges, helping to reduce the need for manual audits and lowering transaction fees for small businesses by removing intermediaries such as card networks.This is the second application of deposit tokens in fiscal operations, following the completion of the first pilot in the electric vehicle charging infrastructure subsidy program. If the pilot proves effective, the Ministry of Finance of South Korea plans to further promote the program.

According to official news, the Ethereum Foundation has launched the Ethereum Audit Subsidy Program, a collaborative project initiated with audit service providers, aimed at subsidizing the costs of security audits for Ethereum developers.Security audits are industry best practices, but they can be expensive. The goal of this subsidy program is to make audits more affordable, thereby enhancing the security of the entire Ethereum ecosystem. Under the Ethereum Foundation's "Trillion Dollar Security Program," this project collaborates with organizations such as Areta, Nethermind, and Chainlink Labs to review applications, helping developers building CROPS and new use cases on Ethereum to obtain more affordable audit services.

According to Theblock citing The Information, Polymarket has launched an audit targeting application startups that promise to help users track suspected insider trading activities.The report states that these copy trading applications provide customers with a list of traders on the Polymarket platform who have a good track record of profitability, or highlight some unusually large or oddly timed bets that may be based on confidential information. Customers can use bots to replicate these trades or receive notifications of seemingly good trades. These applications charge service fees.It is reported that Polymarket and its main competitor Kalshi have both been scrutinized for insider trading issues. Last month, Polymarket introduced clearer rules regarding insider trading and its enforcement.

According to DigitalAsset, the Audit and Inspection Agency of South Korea has released the "Audit Report on the Operation and Management of the Elderly Welfare System," which requires the Minister of Health and Welfare to amend relevant regulations to include digital assets in the property calculation scope for basic pension reviews. The agency pointed out that digital assets have a clear economic value, but the current basic pension law does not include digital assets in its property scope, which may result in individuals holding significant digital assets still being eligible for basic pension benefits.The agency believes that digital assets should be regarded as property with clear economic value, even if their form differs from traditional financial assets, as the value of the property itself is not different. The Ministry of Health and Welfare agrees with this view, stating that it is necessary to prevent relatively high-income individuals in the lower 70% of non-income earners from receiving basic pensions, and agrees that digital assets should be included in the property calculation scope.

The Financial Services Commission (FSC) of South Korea requires local crypto CEXs to establish a system that checks the internal ledger against actual crypto asset holdings every 5 minutes by the end of May, and to disclose asset matching balances daily, with monthly external audits by accounting firms.This move is seen as a tightening of regulations following the incident in February this year where Bithumb mistakenly issued 620,000 BTC to users.

According to market news, the stablecoin issuer USDT, Tether, has chosen KPMG as its auditing firm and has hired PwC to assist in improving its internal systems.This move is the clearest signal that Tether is moving towards a comprehensive financial statement audit, which will go beyond the monthly reserve attestations currently published by BDO Italia, conducting a thorough review of assets, liabilities, controls, and reporting processes. Previously, Tether announced that it had engaged one of the Big Four accounting firms to conduct an audit of its business, but did not disclose the specific firm at that time.