This. Once the bitcoin businesses start falling under 'statutory audit requirements' we'll likely see audit firms using either internal or external experts (there will be some nice well-paid job opportunities). What I wonder is how does one become official cryptocurrency expert. There is no officially recognised qualifications/certificates afaik, although Princeton University offers some Bitcoin course, but don't know about anything else.
So far, it has mostly been the developers who did the audits:
Currently, the most suitable people to audit Bitcoin exchanges are people who have an in-depth understanding of Bitcoin - e.g. people like Roger Ver (who audited Mt. Gox in 2011), Andreas Antonopoulos (who audited Coinbase), Mike Hearn (who audited Bitstamp), and Stefan Thomas (who audited Kraken).
This won't be scalable once more and more businesses start popping up though so you do have a good point. Since cryptocurrencies are such a new thing, experience in the field is probably more important at this stage than having a degree although having the latter also helps. For example, I'd much rather trust someone like Vitalik Buterin (who despite not having a degree, knows far more about Bitcoin and cryptocurrencies than most people) to audit an exchange than your typical comp sci graduate who probably doesn't know a thing about Bitcoin.
As for what academic degrees might be of most relevance to being a Bitcoin expert, computer science and a cryptography are the majors that come to mind. Even so, someone with degrees in either or both these fields would still need to be highly familiar with how Bitcoin works in order to call themselves a Bitcoin expert.
There's a huge demand in my opinion, but the biggest problem is: Who should we trust? The general consensus here is that it should be some sort of 'respected' authority in the financial world. Some sort of independent party. Of course this problem doesn't arise with the amounts of BTC held with the exchanges - that's pretty simple to prove!
Huh, interesting - I'm not that familiar with the financial world. Well, I think Kraken did something like that though, didn't they? Back in Gox's big days they still proved their BTC-wise solvency by sending around a huge transaction...
Kraken passed an audit by Ripple developer Stefan Thomas which only looked at their BTC reserves:
http://www.coindesk.com/krakens-audit-proves-holds-100-bitcoins-reserve/Proof of reserves is only one step towards a full-scale audit. It's much, much better than nothing, but a truly comprehensive audit should also look at the fiat side of things to insure that the exchange isn't actually insolvent (since they could have purchased the coins with their customers' fiat deposits) as well as how their security is set up and what security measures are in place to protect against the possibility of future attacks.
Since there's high competition between exchanges, hopefully some of them will opt for voluntary audit and gain the advantage over competitors showing they have nothing to hide. I'm surprised we haven't seen that yet.
Some exchanges have already opted to undergo a voluntary audit (see the examples in my original post) although most of these weren't as comprehensive as full audits for the reasons I mentioned above.
If you want to prevent a second MtGox, you have to audit these exchanges on a regular basis. From what I have read recently, the supposed <hack> at MtGox, was due to small amounts being stolen on a daily basis. This would have been prevented, if it was audited regularly.
Yes, regular audits are good. Mt. Gox was audited in 2011 but the results of this audit had no relevance by 2014.
There are even some people, who are asking for a Crypto currency audit on the protocol level for all Alt coins.
The auditing process for an altcoin is pretty much just a code review, isn't it? That's far easier to do, especially since no fiat is involved and most altcoins don't differ significantly from Bitcoin/Litecoin. I think many exchanges already look at the code of new altcoins before they add it to their exchange. I know Poloniex does this for all their new coins.
There is a demand for an organization which audits some of the major bitcoin exchanges, these exchanges require documents from the users according KYC/ AML policies , and we should also like wise get an independent third party audit of these exchanges. These auditing reports will ensure that these exchanges are transparent and are running fair business.
Agreed.
Wouldn't the audit need to be repeated, every single minute, by an automated process, that locks down the exchange and if necessary doublespends hacked BTC with a higher fee to an emergency evac address, as soon as any funny business is detected?
Frequent audits would be preferable but it wouldn't need to be any more or less frequent than those for non-Bitcoin businesses. Mt. Gox was audited in 2011 but the results of that audit had no relevance by the time it collapsed in 2014. An audit once or twice every year or so would have been much better since even a yearly audit would have found serious problems with the exchange much earlier compared to not doing one at all.
If I'm reading
http://blog.wizsec.jp/2015/04/the-missing-mtgox-bitcoins.html right, the theft effectively started right after the 2011 audit. So if another audit had been done a year later, it would been the better part of 365 days too late. Hence my question above.
Well of course the more frequently the audits are done, the safer it is security-wise. But eventually you reach a point where it would become impractical. If Mt. Gox chose to audit themselves every year, then at least the damage would have been minimized to a single year and detected much sooner vs. not being audited at all which was the actual situation. Those who believe that yearly audits to be too infrequent could take their business to another exchange that might offer more frequent audits as a bonus security feature (although the costs would probably be translated to higher fees). You'd essentially be paying more for a higher level of security.
