- CertiK apologises for auditing code for an illicit marketplace.
- Huione guarantee sells tools used by criminals running forced-labour camps.
CertiK, the crypto code auditor, apologised on Tuesday after doing work for an illicit marketplace that sells electric batons and shackles with GPS trackers used in human trafficking operations.
In January, the marketplace, called Huione Guarantee, launched its own stablecoin to “avoid the common freezing and transfer restrictions of traditional digital currencies.”
CertiK audited the code behind Huione’s stablecoin for a fee.
“We sincerely apologise to the community,” a spokesperson for CertiK told DL News.
“We acknowledge that working with high-risk projects can lead to ethical concerns and wider implications. CertiK does not support or condone any of the activities undertaken by Huione.”
What is Huione Guarantee?
Huione Guarantee is a Cambodian online marketplace that lets users buy and sell illicit goods and services using crypto, according to a DL News investigation and reports from Elliptic, the blockchain analytics firm.
Vendors on the marketplace sell tools used by criminals running forced-labour camps across Southeast Asia, where those trafficked are forced to scam victims, according to Elliptic.
In addition to tracking shackles and electric batons, Huione vendors also list money laundering services, stolen personal data, and other items necessary to conduct online fraud on an industrial scale, Elliptic said.
Last month, Huione Guarantee said on its website that commerce related to human trafficking, firearms and terrorism is prohibited.
CertiK’s Huione code audit was completed on December 25. It was first highlighted on February 7 by Taylor Monahan, the lead security researcher at crypto wallet MetaMask.
“They straight up traffick (sic) humans to work in massive compounds where they are forced to fucking scam people,” Monahan said in an X post. “CertiK, this is who you work for.”
It isn’t the first controversy to befall CertiK in recent months.
In June, CertiK syphoned $3 million from US crypto exchange Kraken, according to Nick Percoco, the exchange’s chief security officer.
While CertiK maintains that the incident was a “whitehat” operation designed to test Kraken’s security, Percoco characterised it as extortion.
CertiK later apologised and blamed several Tornado Cash transactions linked to the incident on a rogue employee.
Third-party organisation
According to CertiK, the reason the firm audited Huione’s code is because it was requested through a third-party organisation which had previously undergone know-your-customer checks.
“After conducting the audit, we identified issues,” CertiK said. “We subsequently requested the third-party development company to provide additional team verification, which they declined.”
However, files listed in CertiK’s audit report contain the name Huione, meaning that whoever audited the project could have noticed the connection to the alleged illicit marketplace.
CertiK said it listed Huione’s stablecoin with the lowest score and a warning notification on its Skynet platform because the third-party organisation failed to provide additional identification verification.
That’s not good enough, Monahan said.
“I get this industry has an aversion to state-mandated KYC but you can’t just run around letting scammers run circles around you for their own benefit,” she said in an X post.
It’s not known how much CertiK charged for the audit of Huione’s stablecoin.
Fees for audits vary depending on the complexity of the code. Rival crypto code auditor Ulam Labs charges $10,000 for simple contracts and as much as $150,000 for complex protocols.
CertiK said it has decided to donate the auditing fee to the SENS Research Foundation, a non-profit that does research and public relations work for the application of regenerative medicine to aging.
“[We] will be sure to enforce stricter vetting procedures,” CertiK said.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
