Quick Stats
- CertiK, the blockchain security firm was found to have audited the smart contract for Huione Guarantee, a marketplace allegedly involved in human trafficking operations.
- The security review was completed on December 25, 2024, just weeks before Huione launched its own stablecoin to evade financial restrictions.
- MetaMask researcher Taylor Monahan called out CertiK, accusing the company of indirectly supporting criminal networks.
Blockchain security firm CertiK has come under fire after revelations surfaced that it had audited the code behind Huione Guarantee, an illicit online marketplace allegedly involved in human trafficking and the sale of GPS-tracked shackles and electric batons. CertiK’s formal apology follows increasing criticism over its role in providing security assessments to questionable entities.
The audit in question was completed on December 25, 2024, with CertiK reportedly receiving a fee for verifying the smart contract behind Huione’s stablecoin, a digital asset that the marketplace launched in January to bypass restrictions imposed on traditional digital currencies.
On February 7, 2025, MetaMask’s lead security researcher Taylor Monahan brought attention to CertiK’s work for Huione Guarantee, posting on X:
“They straight up traffic humans to work in massive compounds where they are forced to f*ing scam people. CertiK, this is who you work for.”
Huione Guarantee: A Marketplace for Criminal Activity?
Investigative reports blockchain analytics firm Elliptic exposed the Cambodian online marketplace as a hub for organized crime, offering tools and services that fuel human trafficking operations across Southeast Asia.
According to Elliptic’s findings, vendors on Huione sell a range of illicit items, including tracking shackles and electric batons used to restrain trafficked victims in scam compounds. The marketplace also facilitates money laundering services, allowing criminals to clean illicit crypto funds, while listing stolen personal data that enables identity fraud and financial scams.
These revelations contradict Huione Guarantee’s own claims, as the platform publicly states that commerce involving human trafficking, firearms, and terrorism is strictly prohibited. However, the evidence suggests otherwise, with law enforcement officials increasingly linking the platform to forced-labor camps where victims are coerced into executing online scams at an industrial scale.
CertiK’s Defense: A Third-Party Oversight or a Red Flag Missed?
Amid mounting scrutiny, CertiK has defended its decision to audit Huione’s stablecoin, stating that the request came through a third-party organization that had previously passed its know-your-customer (KYC) verification process. The firm claims that after conducting the audit, it identified security issues and requested further verification from the third-party development company— a request that was ultimately declined.
However, critics argue that CertiK should have recognized red flags sooner. Files listed in CertiK’s audit report contained direct references to “Huione,” suggesting that whoever conducted the security assessment may have overlooked its connection to the illicit marketplace. Given the scale of illicit activity linked to Huione Guarantee, some in the crypto community are questioning how a firm specializing in security could have failed to flag the project before completing the audit.
In response to the backlash, CertiK emphasized that it took corrective action by assigning Huione’s stablecoin the lowest rating on its Skynet platform. The listing was accompanied by a warning notification after the third-party entity failed to provide further identification verification.
This latest scandal is just one of several incidents that have damaged CertiK’s reputation in recent months.
In June 2024, the security firm was accused of siphoning $3 million from Kraken, one of the largest U.S. crypto exchanges. Kraken’s Chief Security Officer, Nick Percoco, labeled CertiK’s actions as extortion, claiming that the firm exploited a security flaw to drain millions from user wallets.
CertiK, in response, claimed the incident was part of a whitehat security operation, but later issued an apology and blamed the transactions—some of which were laundered through Tornado Cash—on a rogue employee.
