CertiK CEO Ronghui Gu told CoinDesk that the security firm has no concrete IPO timeline, but the company’s response to last year’s Huione-related backlash and rapid push into institutional products has positioned it as a credible candidate for a multi-billion-dollar public listing.

When CertiK conducted an audit of what later turned out to be a stablecoin project linked to the illicit marketplace Huione, the firm faced heavy online criticism. Gu framed the episode as a wake-up call rather than a reputational endgame. CertiK publicly clarified it had audited code supplied by a U.S.-registered client, before donating the fee to charity.

"What we do is we strengthen our current KYC procedure,” he told CoinDesk. "Also work with some external capacity providers to reduce the risk.” On monitoring post-audit use, he added: “After we release a report, we will keep a very close eye on how this report being used.”

CertiK is ramping up its enterprise offerings while keeping protocol audits as its main revenue stream. “Our current business was still and I would say that still will be the main revenue source,” Gu said, but he stressed these services must be “pushed to an institutional grade.”

In January Gu ignited discussion at Davos by suggesting that his firm were exploring an IPO, reports he now claims are exaggerated despite strong investor demand.

"We raised more than $240 million and I can tell you we have more money than that in our bank,” while acknowledging investor appetite. “We already received several requests,” he said, noting that media coverage sometimes misinterpreted his Davos remarks: “I explicitly say that we do not have a concrete plan. There's no concrete timeline yet, but…many actually reached out to us.”

On valuation and the IPO question he struck a measured tone: “People still don’t know how to give the valuation for a web3-native company,” he said. He confirmed CertiK’s investor roster includes big names, Sequoia, Goldman Sachs and Coinbase, and hinted at selective additions: “We’re going to introduce one or two more strategic investors.”

The times are changing

When asked what attack vectors were becoming most prevalent across the crypto market, Gu argued that the risk profile in crypto has moved beyond smart-contract exploits.

“Operational risk became a bigger risk,” he said, alluding to private-key mismanagement, deepfakes and oracle manipulation. On AI-enabled impersonations, he was candid: “Deep fake is tough…we are still studying how to mitigate it.

He added that CertiK can help institutions but stressed the need for collaboration: “We need to work closely with our clients to help them review their internal policy or solution about the key management.”

For Gu, the post-Huione reforms are both reputational repair and strategic preparation for institutional clients.

“These institutions want institutional-grade auditing — formal verification that can demonstrate there are no bugs,” he said, noting demand from large banks across jurisdictions.