What Are the Audit Risks for DATs and Crypto Companies?

By: Moish E. Peltz, Esq. and Kyle M. Lawrence, Esq.

When Steven Baum joined Block & Order, he made a counterintuitive observation about digital assets: crypto is not hard to audit because it is opaque. In many cases, it is hard to audit because visibility alone does not answer the most important questions auditors need to resolve.

“That’s the thing about crypto—it makes it so awesome to audit,” Baum said. “It’s the most auditable asset that’s out there."

But Baum was clear that audit difficulty emerges when visibility on chain doesn’t answer for uncertainty off chain. Assets can be fully traceable on a blockchain while still being subject to unclear ownership, informal agreements, or assumptions about access and control. In his telling, the challenge is not whether balances can be seen, but whether auditors can confidently determine who has rights to them, under what conditions, and with what risks attached.

That transparency, however, does not eliminate risk. It shifts where auditors, lawyers, and regulators need to look. In Baum’s view, the most significant audit challenges facing digital asset companies today stem less from the blockchain itself and more from business structure, counterparties, and off-chain decision-making. Those risks become especially pronounced in the context of Digital Asset Treasuries (DATs), as well as crypto companies preparing for exits, acquisitions, or public offerings.

Digital Asset Treasuries and the Absence of an Operating Business

Baum was direct about what distinguishes many DATs from more traditional companies: most of them do not actually operate a business.

“Most of the bigger DATs, there’s not necessarily a clear operating business associated with it today,” he said. 

While some high-profile examples, such as MicroStrategy, retain a legacy software business, Baum explained that many newer DATs are essentially balance-sheet vehicles. Their core activity is holding digital assets and attempting to engineer financial strategies around those holdings, rather than generating revenue through goods or services.

In the case of Bitcoin-focused DATs, Baum was cautiously optimistic. He described these structures as attempts to replicate a familiar playbook: accumulating Bitcoin in order to support credit creation and financial products tied to that collateral. But even there, he emphasized that success depends on sophisticated financial engineering and a deep understanding of debt markets, not simply exposure to rising prices.

The risks multiply for DATs holding non-Bitcoin assets. Baum noted that many of these entities rely on adjacent businesses, often in biotech or pharmaceuticals, not because of strategic fit, but because those companies were accessible takeover targets in public markets. That creates a fundamental audit question: where does sustainable operating cash flow come from?

“You can’t just sit on a bag of Solana or something and just be like, ‘hey, I hope it goes up,’” Baum said. 

Staking and yield strategies may generate some income, but Baum was skeptical that these mechanisms alone constitute a durable operating business for audit purposes.

Counterparty Risk and the DAT Stack

Beyond business fundamentals, Baum repeatedly returned to counterparty risk as his primary concern with DATs. As treasuries grow and asset management becomes more complex, many DATs rely on layers of external service providers to generate yield or manage custody.

“This is where it starts to get scary,” Baum said. “You start to enter into multiple levels of counterparty risk.” 

In practice, that can mean assets moving from the DAT to a manager, then to an exchange or protocol, and finally into DeFi contracts. While on-chain transparency allows auditors to track asset movement, it does not eliminate exposure to failure, mismanagement, or flawed assumptions about control and access. 

Baum stressed that the critical question is not whether assets can be seen on-chain, but who ultimately has authority over them and under what conditions. “That’s my bigger concern with the DATs,” he said. “Who are they working with? What’s the counterparty risk?” 

Auditing Crypto Companies More Broadly

Many of the same risks extend beyond DATs to crypto companies more generally, particularly those preparing for IPOs, mergers, or acquisitions. Baum described a market that has matured rapidly, with audits now functioning as a baseline expectation rather than an optional exercise.

“There’s enough companies now in the crypto sector that are audited that if you’re not audited, it’s going to be harder to get a deal done,” he said. 

Crucially, Baum emphasized that auditing crypto companies is not about guessing at values or decoding obscure technology. The core challenge is consistency, comparability, and understanding how assets are actually held and controlled. In his view, auditors benefit from crypto’s transparency, but only if they look past surface-level narratives and examine rights, obligations, and counterparties.

FTX, Receivables, and a Misunderstood Failure

Baum also offered a notable defense of how the FTX collapse is often characterized in audit discussions. Contrary to popular narratives, he argued that the failure was not caused by crypto’s complexity. “The FTX failure had nothing to do with crypto,” Baum said. 

He also pushed back on the idea that FTX’s reliance on QuickBooks was itself evidence of negligence or technical incompetence. In Baum’s view, the accounting system was not the issue. The liabilities were tracked, and customer balances were known. “That wasn’t a QuickBooks problem,” he explained. “That was a receivable. That was an IOU note.” 

For auditors, the lesson is not about avoiding digital assets or sophisticated infrastructure, but about rigorously evaluating off-chain claims, related-party relationships, and assumptions about collectability. In Baum’s telling, FTX illustrates a traditional audit failure wearing a crypto label.

Where Legal and Audit Strategy Converge

Across DATs and crypto companies alike, Baum’s central message was consistent: audit risk today is driven less by technology than by structure, governance, and counterparties. Crypto may be “the most auditable asset,” but only if companies build businesses that can withstand scrutiny beyond the blockchain itself.

If you are operating a DAT, holding digital assets on your balance sheet, or preparing for a transaction, early coordination between legal and audit teams is critical. Moish Peltz and Kyle Lawrence regularly advise clients on structuring digital asset businesses, managing regulatory exposure, and preparing for audits and exits—and they can also introduce clients to Steven Baum for specialized audit and accounting support as these issues move from theory to enforcement.

DISCLAIMER: This summary is not legal advice and does not create any attorney-client relationship. This summary does not provide a definitive legal opinion for any factual situation. Before the firm can provide legal advice or opinion to any person or entity, the specific facts at issue must be reviewed by the firm. Before an attorney-client relationship is formed, the firm must have a signed engagement letter with a client setting forth the Firm’s scope and terms of representation. The information contained herein is based upon the law at the time of publication.