Transparency
Last updated: June 1, 2026. Independent audits covering smart contracts, proof of reserves, financial statements, and security posture.
XYBIT is committed to full transparency in how user assets are held, how our smart contracts operate, and how our financial position is managed. We publish regular third-party audit reports to enable users to independently verify the security and integrity of our platform. All reports are conducted by reputable, independent firms and are published in their entirety without modification.
All smart contracts deployed by XYBIT - including staking contracts, SIP automation contracts, and token locking contracts - are subjected to rigorous third-party security audits prior to deployment and after any significant upgrade.
Smart contract audits are conducted by independent blockchain security firms specialising in Solidity and EVM-compatible code. The audit scope includes reentrancy vulnerabilities, integer overflow/underflow, access control flaws, logic errors, and gas optimisation issues.
The Q1 2026 smart contract audit identified zero critical vulnerabilities and two low-severity findings. Both findings were remediated prior to the deployment of the updated contract. The full audit report is available for download from our security documentation portal.
In addition to periodic audits, XYBIT deploys on-chain monitoring tools that alert our security team to anomalous contract interactions in real time.
XYBIT conducts quarterly Proof of Reserves (PoR) attestations to verify that customer assets held on the platform are fully backed by on-chain holdings. Our PoR methodology uses a Merkle tree-based approach that allows individual users to independently verify the inclusion of their balances in the attestation.
Proof of Reserves covers all major assets held in custody on the platform including BTC, ETH, USDT (ERC-20 and TRC-20), BNB, and SOL. INR balances held in Indian bank accounts are covered under our banking reconciliation report.
The Q2 2026 Proof of Reserves attestation confirmed a reserve ratio of 100% across all covered assets. The attestation was conducted by an independent third-party auditor and verified on 1 June 2026.
XYBIT Technologies Private Limited undergoes an annual statutory audit by a registered Chartered Accountant firm in accordance with the Companies Act, 2013. The audited financial statements are filed with the Ministry of Corporate Affairs (MCA) and are available on the MCA portal.
An internal controls audit is conducted annually to assess the adequacy of financial controls, segregation of duties, and compliance with applicable accounting standards. Material findings are disclosed in the annual report.
The FY 2025-26 statutory audit is currently in progress. The final audited financials are expected to be filed with MCA by September 2026. The draft unaudited financials are available to institutional partners and regulators upon request.
XYBIT's cloud infrastructure, network architecture, and application layer are audited by a certified cybersecurity firm twice a year. The audit covers penetration testing, vulnerability scanning, access control reviews, and incident response preparedness.
Our information security management practices are aligned with ISO/IEC 27001 standards. We are currently in the process of obtaining formal ISO 27001 certification, expected in Q4 2026.
External penetration testing is performed on a bi-annual basis by an independent security firm. Results are used to prioritise remediation efforts. Critical findings are patched within 24 hours of identification.
An independent review of XYBIT's AML/CFT programme is conducted annually by a qualified compliance consultant. The review covers the effectiveness of KYC controls, transaction monitoring, STR filing practices, and employee training programmes.
XYBIT cooperates fully with any examination or review conducted by FIU-IND. Previous examinations have confirmed satisfactory compliance with PMLA reporting obligations. No adverse findings remain outstanding.
Published audit reports are available for download from our documentation portal at docs.xybit.in/audits. Reports are provided in PDF format and are digitally signed by the issuing audit firm. For institutional partners, regulators, or media enquiries regarding audit documentation, please contact transparency@xybit.in.