At Bitpanda, we value the security of user funds as well as regulatory compliance. Since the company’s inception in December 2014, we are constantly overdelivering on both topics. To be able to give those values more legitimacy, we started to work with KPMG, one of the top four accounting firms in the world.

In the scope of an in-depth agreed-upon procedures, KPMG analysed our crypto cold wallets for BTC (Bitcoin), ETH (Ethereum) and XRP (XRP). These assets were chosen because they are the most popular on Bitpanda and more assets will follow in the future. In this independent analysis, KPMG concluded that the funds Bitpanda holds for all three assets in their own crypto cold storage wallets exceed user funds on Bitpanda. This means that even if all our users were to withdraw their BTC, ETH and XRP funds, we as Bitpanda would still be able to pay out all user funds.

The official summary from KPMG reads as follows: “According to the result of the agreed upon procedures performed by KPMG as at 30.11.2020 all BTC, ETH and XRP funds of Bitpanda Users are covered within the corresponding crypto-funds stored on Bitpanda’s cold wallets. KPMG thereby checked the balances of BTC, ETH or XRP User Funds by taking an agreed sample to confirm the accuracy of the BTC, ETH or XRP User Fund Balances. KPMG then checked Bitpanda’s cold wallet balances for BTC, ETH and XRP with balances shown at external block chain platforms. The conclusion of KPMG was, that Bitpanda’s cold wallet balances for BTC, ETH and XRP exceed the BTC, ETH and XRP User Funds.”

How to request the KPMG agreed-upon procedures report as a Bitpanda user

We’d like to guarantee full transparency for our users. The process to request the full report is simple: You can request the full report by clicking here. We will then provide you with the latest available quarterly agreed-upon procedures document.


  1. Agreed-upon procedures performed by KPMG were performed by International Standards (ISRS 4400). Agreed-upon procedures do not constitute an audit.
  2. Agreed-upon procedures were performed on a defined date and therefore the described conclusion of KPMG is only valid for this date.
  3. Cyber crime or other errors due to fraud which could happen in any organization were not part of the agreed-upon procedure by KPMG.