When FTX collapsed in November 2022, it was the third-largest crypto exchange by volume. Some of the world’s most renowned VC firms and pension funds invested after thorough due diligence. Yet none of their processes flagged the exchange's high risk of default.
Credit ratings exist to quantify counterparty default risk before it materializes. For institutions allocating capital across exchanges, custodians, or lenders, these ratings add a systematic, data-driven layer to the due diligence process that operational diligence alone cannot provide.
How Are Credit Ratings Adapted For The Crypto Industry?
A credit rating is an assessment of credit risk assigned to a company, government, debt issuer, or specific debt instrument. It estimates the likelihood that the rated entity will default on its financial obligations over a defined horizon, commonly one year.
Credit ratings have long been foundational to traditional finance, particularly in debt markets. Agencies such as Moody’s and S&P Global have rated corporate and sovereign borrowers for more than a century. Their familiar letter-grade scales (AAA, BB+, and so on) provide investors with a standardized view of relative credit risk and are widely used to price bonds, set investment mandates, and manage portfolio risk.
In the crypto industry, credit ratings apply the same risk-based framework to a different failure mode: the likelihood that an exchange, custodian, or similar service provider will fail to meet its obligations to clients, including the safeguarding and availability of client assets.
Crypto credit ratings also differ in the data they rely on. Traditional ratings primarily analyze financial statements, leverage and liquidity ratios, governance, and qualitative assessments of management. Crypto credit ratings augment these inputs with on-chain data, such as wallet balances and flows, reserve composition, and transaction behavior. At Agio Ratings, we combine more than 1,000 on-chain and off-chain variables per entity to produce daily probability-of-default scores. This approach can surface early warning signals—such as abnormal asset outflows—well before financial stress becomes visible in public disclosures.
Why Traditional Rating Agencies Don't Rate Crypto
The rating methodologies of Moody’s, S&P Global, and Fitch were developed for corporate issuers, financial institutions, and sovereign debt. These frameworks are designed around audited financial statements, capital structure analysis, liquidity profiles, and regulatory disclosures.
Many crypto-specific risk factors fall outside those traditional analytical models. Examples include on-chain reserve transparency, asset concentration in exchange-issued tokens, rehypothecation risk, governance over private keys, and discrepancies between reported liabilities and verifiable on-chain assets. These risks are not directly observable through conventional financial reporting alone.
Timeliness is another structural limitation. Traditional credit ratings are typically reviewed periodically—often annually—or in response to material events. In fast-moving stress scenarios, ratings can lag underlying risk. For example, Silicon Valley Bank was downgraded only shortly before its collapse in March 2023, despite mounting unrealized losses and deposit concentration risks. While the underlying vulnerabilities were publicly knowable, the pace of deterioration outstripped the update cycle of legacy rating processes.
Crypto markets operate at even higher velocity than traditional banking or bond markets. Liquidity can evaporate within days as users withdraw funds in response to market signals or social media narratives. An exchange can move from appearing solvent to filing for bankruptcy in a very short period, rendering infrequent review cycles inadequate for real-time risk management.
How Crypto Credit Ratings Actually Work
The strongest approaches combine two types of data: traditional financial indicators and on-chain behavioral signals.
Traditional financial indicators include balance sheet strength, capital adequacy, operating history, management experience, and regulatory licensing. These are the same inputs a bank analyst would look at when evaluating any financial institution.
On-chain behavioral data is what makes crypto credit ratings different. Every transaction on a public blockchain is visible. Analysts can track wallet flows, reserve balances, and concentration patterns in real time. Unusual outflows, sudden shifts in reserve composition, or spikes in related-party transactions can signal stress before any public announcement.
The raw data gets processed through statistical models. At Agio Ratings, we use adaptations of established credit models calibrated for crypto counterparties. Our models combine traditional frameworks with crypto-native on-chain signals to produce a probability of default (PD): a specific percentage chance that an entity will fail within a given time horizon.
A probability of default is more useful than a letter grade. A risk manager can plug a PD directly into position limits, exposure calculations, and insurance pricing. "There's a 3.2% chance this exchange defaults in 12 months" is more actionable than "this exchange is rated BB+."
How Agio Ratings’ Methodology Works
Our current model (v3) uses 17 explanatory variables across five risk categories, trained on 2x more default data than the previous version. The model produces a predictive accuracy (AuC) of 0.77, up from 0.71 in v2 and within the 0.65–0.85 range considered standard for institutional-grade credit models in traditional finance.
We've cross-validated our outputs against observable market data: 85% R² correlation with Coinbase equity price and 80% R² with Coinbase bond yield credit spreads. These aren't theoretical scores. They reflect how closely our PD estimates track real market pricing of credit risk.
The five risk categories our model evaluates:
- Regulatory licensing and jurisdiction
- Security certifications and breach history.
- Operational track record
- Balance sheet strength and liquidity.
- On-chain behavior and flow data
These factors are weighted and scored, then passed through a calibrated logistic transformation using Bayesian inference to derive each entity's probability of default. Models are refitted one or two times per year as more default data becomes available, and PDs for exchanges are updated weekly.
How Agio Ratings Helps Institutions Manage Crypto Credit Risk
We built Agio Ratings to give risk teams the same quantitative rigor for crypto counterparties that they expect in traditional markets. Our platform covers 70+ exchanges, custodians and stablecoin issuers so risk managers can monitor counterparty exposure as part of their daily workflow rather than relying on periodic reviews.
High-Cadence Ratings and Trend Monitoring
The Agio dashboard ranks all rated exchanges and custodians by 12-month PD in a sortable table with weekly, monthly, and quarterly change columns. Risk managers can pin frequently monitored entities to a watchlist, and a Top Movers panel surfaces the biggest risk shifts over the last 30 days. If a counterparty's PD is trending upward, your team sees it before it becomes a headline.
Risk Monitoring Alerts
Our Risk Monitoring system monitors 100+ entities in near real time, tracking statistical anomalies in on-chain transactions. The system proved its value during the FTX collapse. On September 28, 2022, 44 days before bankruptcy, it detected a 12 standard deviation event when FTX's on-chain balances jumped from $4 billion to $8 billion overnight, driven entirely by FTT token holdings. That signal came more than five weeks before Binance CEO Changpeng Zhao's public announcement that triggered the bank run. The Risk Monitoring System also identifies when markets have overreacted, helping firms maintain or increase exposure when actual risk profiles remain stable.
Portfolio-Level Risk Simulation
Individual entity ratings are only part of the picture. The Agio Risk Simulator runs over a million Monte Carlo simulations to model portfolio-level loss distributions, accounting for contagion and correlation risk across counterparties.
This matters because defaults rarely happen in isolation. The 2022 crypto crisis demonstrated this clearly: Voyager defaulted partly because it lent to Three Arrows Capital, and Vauld and Celsius both collapsed following Luna's failure. Diversifying across five exchanges provides limited protection if three share correlated risk exposures.
The Risk Simulator outputs expected loss, unexpected loss, CVaR at 95%/99%/99.9%, probability of losses exceeding capital base, and risk-adjusted yields. Users define their own exposure levels and correlation assumptions, giving risk teams the flexibility to model scenarios specific to their portfolio.
A Track Record of Accuracy
Our PD models flagged FTX as high-risk four months before it filed for bankruptcy. We correctly assessed Bybit's resilience before its $1.5 billion hack in February 2025. Across the crypto market, Agio Ratings has tracked 25+ documented exchange defaults in recent years.
Our models also capture a counterintuitive dynamic that many risk frameworks fail to account for: rising crypto prices don't automatically reduce counterparty risk. While reserves grow with higher valuations, volatility and operational leverage grow too. It can take weeks for a bull market to feed through into lower risk ratings as the associated volatility subsides. Institutions that assume bull markets equal lower counterparty risk are mispricing their exposure.
Who Needs Crypto Credit Ratings
Trading firms and market makers use PD ratings to set position limits per venue and route orders based on risk-adjusted execution quality.
Insurance underwriters need PD-based data to price crypto custody and exchange default coverage. Relm Insurance uses our ratings to power their exchange default insurance products.
Banks entering crypto face a specific regulatory requirement. Internal risk committees and compliance teams need quantitative counterparty risk assessments before deploying capital. With SAB 121's repeal removing balance sheet barriers to crypto custody, the GENIUS Act setting federal stablecoin standards, and MiCA mandating oversight in Europe, banks now have regulatory permission to enter crypto. Crypto credit ratings provide the quantitative counterparty risk framework banks require.
Fund allocators need documented, independent risk assessments to justify custody decisions to LPs and regulators. "We selected this custodian based on brand recognition" doesn't hold up in a compliance review. "We selected this custodian because their 12-month PD is 1.4%, the lowest among qualified options" does.
Crypto Credit Ratings vs. Other Risk Tools
The crypto risk landscape has multiple categories that often get confused. Crypto credit ratings for counterparties are a specific niche.
DeFi protocol risk tools like Gauntlet and Chaos Labs assess whether protocols like Aave can remain solvent under extreme conditions. They optimize protocol parameters, like collateral factors and liquidation thresholds. They don't rate centralized exchanges or custodians.
DeFi borrower credit scoring is what Credora (now Credora by RedStone) does. They rate individual borrowers for on-chain lending markets. Credora serves a different buyer with a different use case.
Token-level ratings from firms like Particula assess the risk of individual tokens or tokenized assets. That's about the asset itself, not the institution custodying client assets.
Market data providers like Coin Metrics, Kaiko, and The Tie supply raw on-chain data and trading volumes. They provide inputs that could feed into risk models but don't produce calibrated default probabilities themselves.
Crypto credit ratings sit in their own category: entity-level default risk for centralized counterparties, updated daily, built on quantitative models.
The Regulatory Tailwind
Three regulatory shifts are turning crypto credit ratings from a niche product into required infrastructure.
The repeal of SAB 121 (via SAB 122) removed capital requirements that made crypto custody prohibitively expensive for banks. Banks can now offer custody without one-to-one balance sheet treatment.
The GENIUS Act codified federal standards for stablecoin custody and digital asset safekeeping, creating clear definitions for qualified custodians in crypto.
MiCA in Europe mandates capital adequacy and custodial oversight standards for crypto asset service providers.
Together, these create an environment where institutional crypto participation is growing, and so is the need for standardized, independent risk measurement. A 2023 study found that 50% of institutional investors identified counterparty risk as their top concern in digital asset markets.
With 25+ documented exchange defaults in recent years and the Bybit hack showing that even major platforms face significant security events, quantitative counterparty risk assessment is already standard practice for institutions deploying capital across crypto venues.
FAQ
Who provides crypto credit ratings?
Agio Ratings is the leading provider of crypto counterparty credit ratings, covering 70+ exchanges and custodians with daily-updated probability-of-default scores. Traditional agencies like Moody's and S&P don't cover crypto counterparties.
How are crypto credit ratings different from traditional credit ratings?
Crypto credit ratings incorporate on-chain data (wallet flows, reserve balances, transaction patterns) alongside traditional financial indicators. They update daily rather than quarterly, and they output numerical probabilities of default rather than letter grades. This gives risk managers more precise, timely inputs for position sizing and exposure limits.
Why can't institutions just rely on proof of reserves?
Proof of reserves is a point-in-time snapshot that typically ignores liabilities. The U.S. PCAOB has warned that PoR reports don't provide meaningful assurance. Crypto credit ratings offer continuous, model-driven risk monitoring that tracks behavioral signals between audit dates.
Are crypto credit ratings required by regulators?
Not mandated directly, but regulatory frameworks like MiCA, the GENIUS Act, and SAB 122 create institutional requirements for quantitative counterparty risk assessment. Banks and regulated funds entering crypto need documented risk frameworks, which is what crypto credit ratings provide.
Ready to add quantitative counterparty risk assessment to your due diligence process? Book a demo to see how Agio Ratings can support your risk management workflow.
