CertiK Faces Criticism Over Auditing Stablecoin Used in Cambodia’s Human Trafficking Operations

CertiK Apologises for Auditing Illicit Marketplace Stablecoin

CertiK, a prominent crypto code auditing firm, has come under fire after it was revealed that it had audited the code behind a stablecoin used by Huione Guarantee, a Cambodian online marketplace linked to human trafficking and other illegal activities.

The firm has apologised following the accusations that it had inadvertently supported criminal activities by providing services to a platform trafficking humans and selling illicit goods.

This incident has raised ethical concerns over CertiK's vetting process and its association with high-risk projects.

Huione Guarantee’s Involvement in Criminal Activities

Huione Guarantee operates as a marketplace for various illegal services, including items used in human trafficking operations.

Vendors on the platform offer products such as GPS-enabled shackles and electric batons, tools commonly used in forced-labour camps across Southeast Asia.

These camps reportedly involve trafficking victims who are coerced into scamming others.

In addition to these horrific items, Huione also lists services related to money laundering and stolen personal data, essential for large-scale online fraud activities.

CertiK’s Role in Huione’s Stablecoin Audit

CertiK conducted the audit of Huione’s stablecoin in December 2024.

Although the audit was requested through a third-party organisation that had passed Know Your Customer (KYC) checks, CertiK now admits to failing to properly investigate the implications of the project.

Despite identifying issues during the audit, CertiK did not halt the process and continued working with Huione.

The company later claimed it had asked the third-party organisation for more team verification, but they declined to provide further details.

Despite Huione's link to illegal activities, CertiK’s auditors did not seem to notice the connection, as files in the audit report carried the name “Huione.”

The firm has defended its actions, explaining that it flagged the stablecoin on its Skynet platform with the lowest score, citing the lack of additional identification verification by the third-party developer.

Security Flaws in CertiK’s Oversight

Taylor Monahan, lead security researcher at MetaMask, highlighted the dangers of CertiK’s oversight, saying in a post on X:

“They straight up traffick humans to work in massive compounds where they are forced to f***ing scam people. [...] CertiK, this is who you work for.”

CertiK's involvement with Huione seems to have played a role in letting this unethical activity go on.

CertiK’s History of Controversy

This is not the first time CertiK has found itself embroiled in controversy.

In June 2024, the company was accused of siphoning $3 million from US exchange Kraken.

Although CertiK claimed the incident was a “whitehat” operation designed to test Kraken’s security, Kraken’s chief security officer, Nick Percoco, referred to it as extortion.

CertiK later blamed a rogue employee for the incident, which also involved transactions linked to the Tornado Cash service.

Financial Compensation for Mistakes

In light of its mistake with Huione, CertiK has decided to donate the auditing fee to the SENS Research Foundation, which focuses on regenerative medicine for aging.

The firm also promised to enforce stricter vetting procedures moving forward, acknowledging the need for more thorough checks when working with high-risk projects.