1. AICPA Digital Assets Practice Aid (January 2025)
The AICPA substantially revised its Digital Assets Practice Aid in January 2025, updating guidance for auditors on blockchain evidence, crypto asset custody verification, and the application of GAAS and GAAP to digital asset holdings. The revision coincides with ASC 350-60 becoming mandatory and directly addresses practical implementation questions the original guidance did not anticipate — including fair value evidence sourcing, exchange reliability assessment, and completeness procedures for wallet inventories.
The January 2025 revision is the operative guidance for audit engagements covering fiscal years beginning after December 15, 2024. Auditors should not rely on the prior version for engagements subject to ASC 350-60.
2. AICPA Criteria for Stablecoin Reporting (March 2025)
The AICPA issued voluntary criteria for stablecoin attestation reports in March 2025. The criteria cover:
- Confirmation of tokens outstanding, with tracking of redeemed or burned coins
- Detail of fiat or equivalent assets backing each token
- Reconciliations proving backing assets meet or exceed circulating tokens
- Disclosure of any excluded portions of backing assets
Phase two — focused on internal controls — is forthcoming. Though voluntary, these criteria are becoming the expected standard for any issuer seeking institutional counterparty relationships, bank partnerships, or exchange listings. The criteria are designed for use under SSAE No. 18 examination or agreed-upon procedures engagements.
3. Proof of Reserves
Proof of Reserves (PoR) attestations verify that a custodian or exchange holds sufficient assets to cover customer liabilities. Following the collapse of FTX in November 2022, institutional demand for PoR attestations accelerated significantly. AICPA guidance now provides a framework for CPA firms to issue these attestations under agreed-upon procedures or examination standards.
- Merkle tree proof — a cryptographic method for verifying individual account balances within a PoR without revealing all account data; allows users to independently verify their balance is included in the aggregate
- Attestation — a written assertion by a CPA firm under SSAE No. 18 standards; a narrower engagement than a full audit, typically limited to specific subject matter
- Examination — the highest assurance level available under SSAE; subject to PCAOB rules for public company engagements; provides an opinion, not merely agreed-upon findings
- Agreed-upon procedures (AUP) — specific procedures performed and reported without issuing an opinion; parties agree in advance to the scope; results are factual, not interpretive
4. PCAOB Guidance
The PCAOB has issued staff guidance addressing the audit of digital asset holdings and transactions for public company issuers. Key audit considerations under that guidance:
- Custody verification: direct confirmation from qualified custodians, on-chain blockchain inspection, and reconciliation to ledger balances
- Valuation: fair value hierarchy under ASC 820; major crypto assets (Bitcoin, Ether) are Level 1 — quoted prices in active markets
- Completeness risk: unhosted wallets, multi-signature arrangements, and DeFi protocol positions all present completeness audit challenges not present in traditional asset audits
- Journal entry testing: on-chain transaction data as audit evidence; blockchain transaction records are authoritative and tamper-evident, but private key control must be established
5. Key Framework References
- AICPA Digital Assets Practice Aid (January 2025)
- AICPA Criteria for Stablecoin Reporting (March 2025)
- SSAE No. 18 — Attestation Standards: Clarification and Recodification
- PCAOB Staff Guidance — Auditing Digital Asset Transactions
- ASC 350-60 — Accounting for and Disclosure of Crypto Assets
- ASC 820 — Fair Value Measurement (Level 1–3 hierarchy)