CertiK 2 billion valuation aims for IPO! Industry insiders angrily criticize: Would rather give Kim Jong-un money than cooperate

Blockchain security company CertiK is evaluating an IPO, with founder Ronghui Gu calling this a pursuit of direction at Davos. In 2022, the valuation reached $2 billion, with Binance as the largest backer. The news exposure triggered a rebound, with Pumpcade founder claiming, “I’d rather give Kim Jong-un money than cooperate,” and listing allegations including the Kraken $3 million incident, funds flowing into Tornado Cash, exploiting security vulnerabilities for profit, and pressure through low security ratings.

CertiK Founder Confirms IPO Goal at Davos

Ronghui Gu, co-founder of CertiK and associate professor of computer science at Columbia University, recently stated during an interview at the World Economic Forum in Davos, Switzerland, that the company is assessing the feasibility of going public. Gu said, “We don’t have a very concrete IPO plan yet, but this is definitely the direction we are pursuing.”

Founded in 2018 and headquartered in New York, CertiK specializes in blockchain smart contract auditing and cybersecurity services. Gu pointed out that the market still expects listings of Web3-native companies, especially infrastructure-level firms, and CertiK aims to be the first Web3 security company to go public. This positioning is highly attractive because the Web3 security market is large and growing, yet no company has yet listed on traditional stock exchanges.

The label of “first to go public” holds strong appeal in capital markets. It not only signifies pioneering but also allows for valuation premiums without direct competitors. Investors are often willing to pay more for the “first,” as it represents industry leadership and future growth potential. However, being first also entails facing stricter scrutiny and higher expectations.

CertiK’s last funding round was in 2022, raising $88 million in a Series B3 round, valuing the company at $2 billion, led by Insight Partners, Tiger Global, and Advent International. Subsequently, it completed another $60 million funding round with investors including Tiger Global and SoftBank Vision Fund. Backing from these top-tier institutions lends credibility to CertiK’s IPO prospects.

Gu also openly acknowledged that Binance is both an early and current major investor. Earlier this year, CertiK announced a strategic partnership with YZi Labs, the family office of Binance founder CZ, and secured a multi-million dollar investment. This deep integration with Binance is both an advantage—given Binance’s large customer base and industry influence—and a risk, should Binance face regulatory issues in the future, potentially affecting CertiK.

Pumpcade Founder Leads Industry Crackdown

However, after the IPO plans were exposed, the community quickly reacted. Pumpcade founder Pop Punk bluntly stated, “CertiK going public is a huge negative event for the entire industry.” He listed multiple allegations, including: after employees involved in the Kraken vulnerability incident, funds flowed into Tornado Cash; CertiK collected security vulnerability reports on its platform and then exploited these reports by submitting them to bug bounty platforms before researchers, deleting evidence afterward; and giving “unreasonably low security scores” to non-cooperative companies, effectively applying commercial pressure.

These accusations are not new. Pop Punk revealed that his former company was given a very low score because they refused to pay CertiK, despite having already undergone audits by three security firms. He said, “I’d rather give money directly to Kim Jong-un than work with you.” While such extreme language is emotional, it reflects deep dissatisfaction among some industry participants with CertiK’s business practices.

The “unreasonably low security score” allegation exposes potential conflicts of interest in the security rating industry. Security firms provide paid auditing services while also issuing free public ratings, creating a dual role that could lead to moral hazards. If a company receives a low score to pressure it into purchasing audits, this resembles extortion by rating agencies. However, such accusations are difficult to prove, as scoring standards are subjective, and CertiK can argue that their ratings are based on objective technical criteria.

The more serious accusation of “submitting vulnerability reports first” suggests that CertiK might be collecting security findings from researchers and then submitting them under its own name to bug bounty platforms to claim rewards. This behavior is unethical and could involve intellectual property theft. The act of “deleting related evidence” further implies CertiK’s awareness of issues and attempts to cover tracks.

If these allegations are thoroughly investigated during the IPO process, they could become significant obstacles. U.S. SEC due diligence on IPO applicants is rigorous, and any major ethical or legal issues could lead to rejection or delay.

The $3 Million Kraken Dispute as a Trust Breaker

Looking back at 2024, the $3 million vulnerability dispute between CertiK and Kraken remains a industry watershed. Kraken accused the so-called “white-hat research” of extortion and unauthorized withdrawals; CertiK countered that Kraken threatened researchers, with both sides presenting conflicting accounts.

The incident originated when CertiK’s security researchers discovered a vulnerability in Kraken that could increase account balances without actual deposits. They tested this multiple times, ultimately withdrawing about $3 million. CertiK claimed this was legitimate security research, and the withdrawals were to demonstrate the severity of the vulnerability. Kraken believed this crossed the line into theft and extortion, especially since CertiK notified Kraken only after the withdrawals and hinted at “discussing bug bounty.”

Although the funds were eventually returned in full, the incident’s process involving mixing funds, fund flows, and boundary issues raised doubts about whether CertiK had shifted from a security company to a blackmailing rating firm. Notably, some of the funds flowed into Tornado Cash before being returned. Tornado Cash is an Ethereum mixing protocol widely used to obscure fund sources. Legitimate security research should avoid using mixers, as they raise money laundering suspicions.

Following the Kraken incident, CertiK’s industry reputation suffered. Many projects questioned the credibility and independence of CertiK’s audits. Some exchanges and investors explicitly stated they would no longer accept CertiK audits as security guarantees. This trust fracture becomes even more sensitive in the context of an IPO, as reputation is a key factor in investor decision-making.

Can IPO Pass the Dual Tests of Capital Markets and Industry Trust?

In traditional capital markets, CertiK has a clear business model, reputable investors, and a highly scarce listing theme in Web3 security; however, within the crypto industry, trust deficits and past controversies remain significant shadows. The stark contrast between internal and external evaluations makes CertiK’s IPO prospects uncertain.

From a capital market perspective, CertiK’s fundamentals are solid. Web3 security is a growth sector with certainty; as blockchain applications expand, demand for security audits will continue to rise. CertiK has audited thousands of projects, with a broad customer base and brand recognition. A $2 billion valuation is not low but is reasonable among Web3 infrastructure companies. Backing from top-tier institutions like Tiger Global and SoftBank provides a trust foundation for its financial health and growth potential.

However, negative industry evaluations could become issues during IPO due diligence. Investment banks conducting IPO underwriting will perform comprehensive background checks, including business conduct, legal risks, and reputation. If the Kraken incident and other allegations are deeply investigated, more problems could surface. Additionally, if many industry insiders publicly oppose CertiK’s listing, it could influence institutional investors’ subscription willingness.