SMSF Bitcoin Audit Guide | The Bitcoin Adviser
Reference

SMSF Bitcoin Audit Guide

This page explains how Bitcoin is held, verified, and audited when using collaborative self-custody within an SMSF. It is intended for SMSF trustees, accountants, and auditors.

This page is for information only and does not constitute financial, legal, tax, or audit advice. Trustees and their advisers should rely on their own professional advice and the Australian Taxation Office (ATO) and other official guidance where applicable.

Boundary

Our role

The Bitcoin Adviser provides non-custodial advisory services. We do not hold assets, custody Bitcoin, control client funds, or provide storage services.

  • We do not take custody of Client Bitcoin.
  • We do not manage, control, or unilaterally access Client funds.
  • Where applicable, we may act as a co-signer or backup key holder within a multisignature arrangement.
  • We cannot move Bitcoin without the client’s explicit authorisation and participation in accordance with the applicable multisig policy.
  • The client retains full beneficial ownership and ultimate control of all Bitcoin at all times.

This is consistent with our Terms of Service (Section 4: Non-Custodial Services Statement).

Context

What “collaborative security” means

Collaborative security in this context refers to a 2-of-3 multisignature (multisig) arrangement: multiple keys are held by different parties, and a configured threshold of signatures (e.g. two of three) is required to move funds. In plain terms:

  • Multiple keys exist; no single key can move the Bitcoin alone.
  • Trustees (or their delegates) retain control; they are signers and direct the use of the vault.
  • No single party—including The Bitcoin Adviser or the software platform—can unilaterally move funds.
  • There are no pooled assets; the vault is attributed to the SMSF (or the client).
  • There is no unilateral third-party authority over the assets.

Software providers are not custodians. The platform that coordinates multisig (e.g. Unchained, Theya) provides software and coordination services. They do not custody Bitcoin; the assets are on the Bitcoin network and controlled by the key holders according to the multisig policy.

Holding model

How Bitcoin is held in an SMSF

Bitcoin held in an SMSF under this model is on-chain: it exists as entries on the Bitcoin network, controlled by the keys that form the multisig vault. The trustees (or their authorised signers) control those keys and are responsible for access and decisions.

Trustees remain responsible for the fund’s investment strategy, record-keeping, and compliance. This is consistent with self-custody principles and with the Australian Taxation Office’s expectations that SMSF trustees understand and control fund assets. For current guidance, see the ATO’s pages on self-managed super funds and, where applicable, crypto assets.

Verification

How auditors verify Bitcoin holdings

Verification of Bitcoin holdings for audit purposes is based on on-chain data and attribution to the SMSF, not on third-party custody attestations.

Verification is done by

  • Transaction history (transaction IDs / TXIDs) showing movements into and out of the vault.
  • On-chain balances at the relevant addresses.
  • Wallet and vault attribution to the SMSF (e.g. naming, documentation, and control structure).
  • Valuation at the reporting date (using a consistent, documented method).

Verification is not done by

  • SOC reports (we are not a custodian; SOC reports apply to custodial service providers).
  • Proof-of-Reserves (PoR) attestations from custodians (there is no custodian; the fund holds keys in a self-custody multisig model).
  • Custodian attestations or third-party reserve statements (no custody relationship exists).

The documentation we provide (see below) supports verification via transaction history, on-chain balances, and attribution.

Documentation

What documentation we provide

We provide the following to support trustees, accountants, and auditors:

  • Statement of Holdings — snapshot of vault balances and attribution at a point in time.
  • Full transaction history — transaction IDs and details for movements into and out of the vault.
  • Vault balances — on-chain balance information for the vault addresses.
  • Service agreement — the client’s agreement with The Bitcoin Adviser (our Terms of Service and any engagement terms).
  • Invoices — for fees paid for advisory and co-signing services.

Private keys are never shared. No party (including auditors or accountants) receives private keys, seed phrases, or other key material. Verification is performed using the above documentation and, where the trustee permits, view-only or export options that do not expose key material.

Clarifications

Common misconceptions

The following are often raised but do not apply to this model:

“The platform (e.g. Unchained, Theya) stores the Bitcoin.”

This does not apply. The platform provides software and coordination for multisig; it does not hold or custody the Bitcoin. The Bitcoin is on the Bitcoin network; the keys are held by the signers (e.g. the trustee and their delegates, and where applicable The Bitcoin Adviser as a co-signer).

“There must be a custody agreement with a custodian.”

This does not apply. There is no custodian. The client (and the SMSF trustees) retain self-custody via multisig. Our role is advisory and, where agreed, co-signing; we do not take custody. Our Terms of Service govern the advisory and co-signing relationship, not a custody relationship.

“SOC reports are required for audit.”

This does not apply. SOC reports are relevant for custodians and certain service organisations. We are not a custodian. Auditors can verify holdings using transaction history, on-chain balances, and the documentation we provide.

“Proof of Reserves applies.”

This does not apply. Proof-of-Reserves is a concept used by custodians to attest to reserves. Here there is no custodian; the fund’s Bitcoin is held in a self-custody multisig vault. Verification is by on-chain data and documentation, not by a custodian’s reserve attestation.

Security & compliance

What auditors should not request

For security and compliance reasons, the following are not provided to anyone, including auditors or accountants:

  • Private keys
  • Seed phrases or other key material
  • Custody attestations (we are not a custodian)
  • Third-party reserve statements or Proof-of-Reserves reports (no custodian relationship exists)

Audit requirements can be satisfied using the documentation set out in the “What documentation we provide” section above.

References

References & further reading

For technical background on multisignature Bitcoin (without endorsement of any custody or advisory relationship), software providers such as Unchained publish educational material on how multisig works; trustees and auditors may find such resources useful for context only.

Questions about this guide or about verification for your SMSF audit? Contact us at contact@thebitcoinadviser.com.

Terms of Service