FTX: Anomaly or norm? Field notes on the crypto mining space

Blog Thimble Image
Andre Castillo, Head of Forensic Research at Hudson Labs

By Andre Castillo, CPA/ABV, CFE, Head of Forensic Research at Hudson Labs

Highlights from our review of crypto financial reporting:

  • There is no set accounting guidance on crypto mining revenue.
  • Because of crypto price volatility, mining revenue is not a reliable financial metric.
  • The vast majority of crypto miners have internal control issues, which include material weaknesses in recording crypto mining revenue; user access controls on crypto wallets etc., mining equipment; and insufficient staff with accounting knowledge.

Was FTX an anomaly or the norm?

FTX once appeared to be the biggest proponent of crypto regulation, but now, its customers may never get their money back. After seeing such a dramatic turn of events in crypto unfold in the past couple of weeks, we are all now wondering how pervasive these issues are in the industry.

Ultimately, FTX collapsed because of the existence of several red flags that the Hudson Labs team know and love to harp on:

  • Lack of financial transparency/questionable accounting: It wasn’t until early this week that the public had some understanding of FTX’s assets and liabilities. According to investment materials seen by the Financial Times, FTX international had only $900 million easily sellable assets against its $9 billion of liabilities. It would’ve been nice for FTX customers to know this before using the exchange platform.
  • Internal controls: Sam Bankman-Fried (SBF) allegedly implemented a “backdoor” in FTX’s book-keeping system, which allowed him to alter financial records without alerting others.
  • Governance: Blockchain.com CEO and co-founder Peter Smith called FTX’s collapse a “total failure of governance.” How did they fail in governance? Allegedly, venture capitalist (and SPAC aficionado) Chamath Palihapitiya recommended to SBF that he form a board of directors. An FTX representative then told Chamath’s team to “go f*** yourself.” When your governance doesn’t even meet the standards of the “SPAC King”, you have a problem.

These red flags could have been made known earlier if FTX was a publicly traded company. The SEC requires public companies to disclose management’s evaluation of internal controls, comply with governance regulations, and, at the very least, have audited financial statements.

Now that we are aware of FTX’s red flags, it would be wise for investors to discern whether similar red flags exist in other players in the crypto industry.

The crypto space is the wild west of the financial world. Many crypto entities, just like FTX, are privately held companies that do not need to disclose much information to regulatory bodies such as the SEC.

Some players in the crypto industry, however, are indeed publicly traded and have to file with the SEC. Many of them are crypto mining companies.

A few of the publicly traded crypto companies that we follow include:

  • Marathon Digital Holdings ($MARA) | $1.1 billion market cap
  • Riot Blockchain Inc ($RIOT) | $897 million market cap
  • Cipher Mining ($CIFR) | $215 million market cap
  • Applied Blockchain ($APLD) | $185 million market cap
  • Cleanspark Inc ($CLSK) | $161 million market cap
  • Terawulf ($WULF) | $126 million market cap

Through the Hudson Labs platform, we are able to identify and track red flags in these public companies. For the purposes of this piece, we analyzed 19 publicly traded crypto mining companies and evaluated their risk profile.

Financial accounting red flags

Because all of the companies in our analysis are publicly traded and are required to file with the SEC, they have more financial transparency than a company like FTX. Nevertheless, the crypto industry is still relatively new. Therefore, regulatory bodies such as the SEC and the Financial Accounting Standards Board (FASB) are not yet up to speed on establishing proper financial disclosures for these companies.

For example, there is no set guidance on how these crypto mining firms are required to recognize revenue in compliance with US GAAP.

In fact, the following statement is disclosed for the majority of the publicly traded crypto mining companies we analyzed:

“There is currently no specific definitive guidance under GAAP or alternative accounting framework for the accounting for cryptocurrencies recognized as revenue or held.”

Because there is no set guidance in crypto mining revenue accounting, there is inconsistency in their revenue and cost of revenue recognition policies.

Furthermore, because of the lack of guidance, there is no baseline for auditors to ensure that these companies are appropriately recognizing mining revenue in accordance with GAAP.

Another commonly used statement in crypto mining revenue disclosures is:

“The transaction consideration the Company receives, if any, is noncash consideration, which the Company measures at fair value on the date received, which is not materially different than the fair value at contract inception or the time the Company has earned the award from the pools.”

It is expected that noncash consideration is the award for their mining revenue. However, assessing a company’s liquidity and its ability to generate actual cash flows is crucial to determining whether the company is worth investing in.

Their reliance on noncash consideration for revenue is high risk due to the volatile nature of the prices of cryptocurrencies.

Furthermore, not all crypto mining companies state whether they convert their mined crypto for cash on a regular basis. One of the smaller firms Bitnile Holdings Inc ($NILE) disclosed that it converts its mined bitcoin to fiat on a bimonthly basis.

But what about the larger crypto mining firms?

In the case of Riot Blockchain, we see that the company recognized $126 million from crypto mining for the nine months ended September 30, 2022. However, during that time frame, it only converted $52 million of its crypto into cash. Also, during that nine month period, the company had to record an impairment of its bitcoin assets by $132 million. So even though they made $126 million in revenue from crypto mining, the value of that generated revenue decreased significantly, and Riot was only able to redeem a fraction of its existing crypto assets into cash.

As for Marathon Digital Holdings, the company generated $89 million in bitcoin mining revenue for the nine months ended September 30, 2022. However, it appears it did not redeem any of this mined crypto into cash. To make matters worse, Marathon had to record a $153 million impairment to its bitcoin holdings. Essentially, all the value of its generated revenues were lost during this period.

Marathon's impairment of digital currencies

Because crypto assets prices are very volatile, it is evident that top line revenue is not a good financial metric for evaluating crypto mining companies.

Additionally, when crypto miners generate their revenue and are awarded with noncash consideration, these assets are typically stored in a crypto wallet. However, there are inconsistencies between these companies on their disclosure on wallet use. Crypto mining companies do not have the same methodologies in storing crypto.

Some crypto mining companies store their digital assets in cold storage wallets, or offline wallets, while others use hot wallets, or wallets accessed via the internet. Also, these companies could use either proprietary or third-party wallets. Some popular third-party wallets include Coinbase ($COIN) or Crypto.com. Using any wallet has cybersecurity risks, but third-party wallets are even more risky.

Internal control weaknesses and red flags

Out of the 19 crypto mining companies that we analyzed, 16 of them had disclosed material control weaknesses within the last 4 years. That is over 84% of the companies analyzed.

 84% of crypto mining companies have ineffective internal controls.

Last week, we wrote a "Making sense of recent internal control issues". Based on our own back testing, we determined that material control weaknesses can have a significantly negative impact on a company’s future returns.

Some of the disclosures on these companies’ ineffective internal controls are alarming. For example, Riot Blockchain disclosed the following:

“The Company did not properly design or implement controls to ensure that data received from third parties is complete and accurate. Such data is relied on by the Company in determining amounts pertaining to revenue – mining and cryptocurrency assets held is complete and accurate. Automated process-level controls and manual controls that are dependent upon the information derived from such financially relevant systems were also determined to be ineffective as a result of such deficiency.”

The checks and balances in ensuring that $RIOT’s accounting related to crypto mining revenue are deficient.

The company also disclosed control issues related to its IT applications as well as its digital currency cold storage wallets and mining equipment:

“The Company did not design and implement program change management controls for certain financially relevant systems to ensure that IT program and data changes affecting the Company’s (i) financial IT applications, (ii) digital currency cold storage wallets and mining equipment, and (iii) underlying accounting records, are identified, tested, authorized and implemented appropriately to validate that data produced by its relevant IT system(s) were complete and accurate. Automated process-level controls and manual controls that are dependent upon the information derived from such financially relevant systems were also determined to be ineffective as a result of such deficiency.”

Marathon Holdings also disclosed similar material control weaknesses, which include failing to have appropriate segregation of duties for all of its crypto related IT systems and financial bookkeeping systems:

“Specifically, the Company did not design and/or implement user access controls to ensure appropriate segregation of duties or program change management controls for certain financially relevant systems impacting the Company’s processes around revenue recognition and digital assets to ensure that IT program and data changes affecting the Company’s (i) financial IT applications, (ii) digital currency mining equipment, and (iii) underlying accounting records, are identified, tested, authorized and implemented appropriately to validate that data produced by its relevant IT system(s) were complete and accurate. Automated process-level controls and manual controls that are dependent upon the information derived from such financially relevant systems were also determined to be ineffective as a result of such deficiency. In addition, the Company has not effectively designed a manual key control to detect material misstatements in revenue.”

Other companies, such as SOS Ltd. ($SOS), disclosed that they have “a lack of accounting staff and resources with appropriate knowledge of US GAAP and SEC reporting and compliance requirements.” Also, Bitnile ($NILE) mentioned that it has staff that lack knowledge in determining fair value estimates. Knowing how to apply fair value accounting is crucial for letting investors know how much crypto your company actually has.

Overall, all of the above-mentioned internal control issues are major red flags and are not too far off from the internal control issues we have seen at FTX.