Huione Group, a Cambodian-based company that is reportedly behind the largest illicit marketplace is facing allegations that it misled blockchain security company Certik to produce a favorable audit for its newly launched stablecoin, USDH.
In a post on X, Certik co-founder Ronghui Gu claims that the smart contract auditing company was contacted by a third-party agency, which blindsided them from linking the project with the illicit marketplace.
Certik claims it was misled to audit USDH
Huione Group was exposed to be behind the Huione Guarantee Telegram marketplace, which facilitates transactions for cybercrime in Southeast Asia; the platform has reportedly processed over $24 billion in transactions.
In 2024, it reportedly launched the USDH stablecoin, which is pegged to the US dollar and marketed as censorship-resistant to help users avoid the transaction freezes commonly associated with popular stablecoins like USDT. This raises concerns that the coin is a tool to aid money laundering.
Following the launch of the USDH, Huione Group contracted Certik, a prominent blockchain security firm, to conduct a smart contract audit for the stablecoin.
The audit identified 12 security issues: three major, two medium, three minor, and four informational issues. The major issues were around the coin’s centralization. The audit report indicated that six of these issues were resolved, one partially solved, and five just acknowledged.
The coin received a Certik Security Score of less than 30%, but it ran with the audit as a mark of legitimacy regardless.
However, there are allegations that Huione Group might have misrepresented or concealed critical information from the audit team during the audit in order to receive a favorable assessment.
Certik co-founder Ronghui Gu said a third party had contacted Certik for the audit, which prevented them from quickly linking the project with fraudulent activities. While emphasizing that Certik evaluates the code security and functionality and does not perform KYC or business audits, he added, “We agree that deeper due diligence and extra alerts would’ve helped,” admitting that the company could have done a better job to protect public interest.
Huione Guarantee has attempted to distance itself from the Huione Group, lending credibility to the allegations that the organization tricked Certik into giving it a favorable audit.
In July 2024, blockchain analytics firm Elliptic published an investigative report, which unveiled the group as being behind the illicit marketplace. Following the release of this publication, Huione Guarantee rebranded as Haowang Guarantee, Huione Group’s payments business, Huione Pay also removed a section on its website dedicated to the marketplace. However, Huione Group remains a “strategic partner and shareholder,” according to statements from the marketplace.
Certik’s reputation takes a hit
This case highlights the challenges in the blockchain and crypto markets regarding project auditing. While smart contract audits assess technical vulnerabilities, they do not evaluate the business operations or regulatory compliance of the entities behind the projects, which allows bad actors to use audit reports as a stamp of legitimacy.
Vocal on-chain sleuth, @tayvano_on X (formerly Twitter) also alluded to this in a post, saying “a literal multi-billion dollar money laundering operation paid CertiK to stamp of approval their new money laundering contract.”
Others commenting on CertiK’s audit of USDH raised questions about the need for a more comprehensive evaluation framework that includes technical assessments and due diligence on the entities behind blockchain projects. The blowback could negatively impact Certik’s reputation, with critics saying it knowingly took money to endorse criminals.
Cryptopolitan Academy: FREE Web3 Resume Cheat Sheet – Download Now
News – Cryptopolitan – Read More