CertiK CEO Ronghui Gu told CoinDesk that the security firm has no concrete IPO timeline, but the company’s response to last year’s Huione-related setbacks and rapid push into institutional products has positioned it as a credible candidate for a multibillion-dollar public listing.
When CertiK conducted an audit of what later turned out to be a stablecoin project linked to the illegal marketplace Huione, the firm faced heavy online criticism. Gu framed the episode as a wake-up call rather than a rumored endgame. CertiK publicly clarified that it had audited code provided by a US-registered client before donating the fee to charity.
“What we are doing is we are strengthening our current KYC procedure,” he told CoinDesk. “Also work with some external capacity providers to reduce risk.” On monitoring usage after the audit, he added: “Once we’ve released a report, we’ll be keeping a close eye on how that report is being used.”
CertiK is increasing its enterprise offerings and keeping protocol audits as its main revenue stream. “Our current business was still, and I would say will still be, the main source of revenue,” Gu said, but he stressed that these services need to be “pushed to an institutional nature.”
In January, Gu ignited discussion at Davos by suggesting his company was exploring an IPO, reports he now claims are exaggerated despite strong investor demand.
“We raised more than $240 million and I can tell you we have more money than that in our bank,” while acknowledging investor appetite. “We’ve already received several requests,” he said, noting that media coverage sometimes misinterpreted his Davos remarks: “I’m saying explicitly that we don’t have a concrete plan. There’s no concrete timeline yet, but…many actually reached out to us.”
On the valuation and IPO issue, he struck a measured tone: “People still don’t know how to value a web3-native company,” he said. He confirmed that CertiK’s investor list includes big names, Sequoia, Goldman Sachs and Coinbase, and hinted at selective additions: “We will introduce one or two more strategic investors.”
The times are changing
When asked which attack vectors were becoming most prevalent across the crypto market, Gu argued that the risk profile in crypto has moved beyond the exploitation of smart contracts.
“Operational risk became a bigger risk,” he said, alluding to private key mismanagement, deepfakes and oracle manipulation. Regarding AI-enabled impersonations, he was candid: “Deep fake is hard… we’re still studying how to mitigate it.
He added that CertiK can help institutions, but stressed the need for collaboration: “We need to work closely with our clients to help them review their internal policy or solution on key management.”
For Gu, the reforms after Huione are both reputational repair and strategic preparation for institutional clients.
“These institutions want institutional quality auditing – formal verification that can show there are no errors,” he said, noting demand from large banks across jurisdictions.
