Talk to us

All services On-Chain Credit

On-Chain Credit

Operational assessment of crypto-collateralized lending: custody, liquidation runbooks, oracle governance, and the gaps a credit officer needs to see.

Lending against digital assets stacks custody risk and operational risk on top of the usual credit question. The underwriting logic is familiar. What’s unfamiliar is that the collateral lives behind private key material, liquidations execute on blockchains under network conditions that can deteriorate, and valuations come from oracles that can be manipulated, halted, or simply wrong. The collapses of Three Arrows Capital (June 2022), Celsius (July 2022), Voyager (July 2022), BlockFi (November 2022), FTX and Alameda (November 2022), and Genesis (January 2023) all turned on operational failures in custody, rehypothecation, and liquidation, not on credit analysis. Cumulative customer losses across these entities exceeded $25 billion. More recently, BlockTower Capital lost a $1.7 billion portion of fund treasury in May 2024 to a private-key compromise, confirming the pattern reaches well beyond the 2022 to 2023 cycle. The SEC’s Office of the Chief Accountant addressed these risks directly in its guidance on operational risk considerations for digital asset activities.

The operational surface

  • Collateral custody. Who holds the keys to the pledged assets, what happens if those keys are compromised or the custodian fails, and whether the documented custody arrangement matches the on-chain reality.
  • Liquidation mechanics. Under what conditions liquidation fires, who executes it, what happens when the chain is congested or the venue is offline, and whether the procedure has been exercised under realistic stress.
  • Oracle and valuation dependencies. Where prices come from, who could manipulate them, and what the lender does if the feed halts. Whether the oracle is governed by the same parties as the lending program.
  • Rehypothecation and commingling. Whether pledged collateral is reused, where it goes, what the borrower was told, and whether it matches reality.
  • Cross-chain movement. If collateral moves across chains during the loan, every bridge and every counterparty that touches it becomes a risk vector. See Bridge Audit for the bridging surface specifically.
  • Legal and operational enforceability. Whether an on-chain liquidation produces a settlement that survives dispute or insolvency, and what evidence trail the lender has if the workflow needs to be defended.

What we assess

We evaluate the operational design of the lending program against the question an institutional lender would actually ask: can we enforce the loan terms under adverse conditions, and is there evidence the mechanics have been tested? We assess custody integrity, liquidation runbooks (and whether they have been exercised), oracle governance, and the reconciliation between documented loan terms and on-chain reality.

What you get

A report structured around the lending lifecycle, with severity-graded findings on each operational surface. Specific recommendations on which controls to tighten, which dependencies to diversify, and which scenarios the program should test before scaling. A document a credit officer, risk committee, or LP can review and act on.

Who this is for

  • Institutional lenders originating crypto-collateralized loans.
  • Prime brokers and credit desks underwriting against digital asset collateral.
  • Allocators evaluating exposure to on-chain credit strategies or crypto-native lenders.
  • Auditors and advisors of credit funds with digital asset holdings.

When to engage

  • Before underwriting a significant crypto-collateralized loan program.
  • Before extending credit to a crypto-native counterparty you have not diligenced operationally.
  • When evaluating exposure to an on-chain lending platform for indirect risk.
  • When an existing lending book has grown to a size that warrants an independent operational read.

Frequently asked questions

What operational risks are unique to crypto-collateralized lending?

Crypto-collateralized lending stacks custody risk and operational risk on top of credit underwriting. Collateral lives behind private key material, liquidations execute on blockchains under network conditions that can deteriorate, and valuations come from oracles that can be manipulated, halted, or simply wrong. The SEC's Office of the Chief Accountant published guidance on operational risk considerations for digital asset activities addressing exactly these risks.

How do you audit a liquidation runbook?

We review the documented liquidation procedure, the parties authorized to execute it, and the on-chain evidence that the procedure has been exercised under realistic conditions, not just documented. We test what happens when chain congestion delays execution, when the liquidation venue is offline, or when the borrower disputes the threshold trigger. Celsius (paused withdrawals June 2022) and Genesis (withdrawal halts January 2023) had liquidation runbooks that failed under stress.

What happens when the oracle goes wrong in a crypto lending program?

Oracle failures take three forms: manipulation (an attacker pushes prices off true), halts (the feed stops updating), and disagreement (multiple feeds return divergent values). The lender's documented response to each scenario must be testable on-chain. The Mango Markets exploit ($114 million, October 2022) used oracle manipulation against a lending protocol; the operational lesson was that documented mark-to-market procedures did not match the protocol's actual oracle dependencies.

What did the 2022 to 2023 crypto lender failures miss operationally?

Undisclosed counterparty exposure, rehypothecation that did not match what was disclosed, treasury reconciliation failures, custody arrangements at odds with documented procedures, and inadequate liquidation procedures. Three Arrows Capital (June 2022), Celsius (July 2022), Voyager Digital (July 2022), BlockFi (November 2022), FTX and Alameda (November 2022), and Genesis (January 2023) each failed on one or more of these. Cumulative customer losses across these entities exceeded $25 billion.

Do I need on-chain credit ODD if the counterparty already has SOC 2?

Yes. SOC 2 covers the AICPA Trust Services Criteria generically, but it does not assess on-chain custody integrity, liquidation runbook execution, oracle governance, or rehypothecation tracing on-chain. A crypto-collateralized lender needs both: SOC 2 for the IT-controls baseline, and on-chain credit [Operational Due Diligence](/services/operational-due-diligence) for the surfaces SOC 2 was not designed to cover.

How do you assess rehypothecation risk on-chain?

We trace pledged collateral from the borrower's claim through any documented rehypothecation chain, then compare to on-chain reality. Where assets are off-chain (custodied in a separately managed account, for example), we verify the documentation matches the custodian's records. The 2022 to 2023 lender failures showed that on-chain rehypothecation is verifiable in ways its off-chain analog is not; lenders that did not verify ended up wrong.

What does the SEC say about operational risk in digital asset lending?

The SEC's Office of the Chief Accountant published 'Operational Risk Considerations for Digital Asset Activities' identifying risks specific to digital assets: custody segregation, transaction settlement, governance of access controls, and the integrity of any third-party arrangements. The Federal Reserve, FDIC, and OCC issued joint statements in 2023 reinforcing similar themes for banking organizations engaged with digital assets.

Scope a On-Chain Credit engagement

Every engagement starts with a scoping call about what you're trying to assure and who you need to assure it to.

Prefer to schedule directly? Book a call