Proof-of-reserves: Can reserve audits avoid another FTX-like moment?

Published at: Nov. 19, 2022

In the wake of the FTX collapse that came about as a result of the now-bankrupt cryptocurrency exchange funneling user funds to mitigate its own risks, crypto exchanges came up with a transparency solution called proof-of-reserves. 

A practice, which was recently endorsed by Binance CEO Changpeng Zhao, offers a way for exchanges to show provide transparency to users in the absence of clear regulations.

All crypto exchanges should do merkle-tree proof-of-reserves. Banks run on fractional reserves. Crypto exchanges should not.@Binance will start to do proof-of-reserves soon. Full transparency.

— CZ Binance (@cz_binance) November 8, 2022

Proof of reserves (PoR) is an independent audit conducted by a third party that seeks to ensure that a custodian holds the assets it claims to own on behalf of its clients. 

This auditor takes an anonymized snapshot of all balances held and aggregates them into a Merkle tree.

A Merkle is a cryptographic commitment scheme in which each “leaf,” or node, is labeled with a data block’s cryptographic hash. Their chief use to is to verify data that has been handled, sent or stored between computers. While invented in 1979, the concept has found extensive use in blockchain peer-to-peer networks.

After taking the snapshot, the auditor obtains a Merkle root: a cryptographic fingerprint that uniquely identifies the combination of these balances at the time when the snapshot was created.

The auditor then collects digital signatures produced by the crypto exchange, which prove ownership over the on-chain addresses with publicly verifiable balances. Lastly, the auditor compares and verifies that these balances exceed or match the client balances represented in the Merkle tree so that the client assets are held on a full-reserve basis.

A total of five centralized exchanges (CEXs) including Kraken, Bitmex, Coinfloor, Gate.io and HBTC have completed their proof-of-reserve audits while the likes of Binance, OKX, KuCoin, Huobi, Poloniex, Crypto.com, Deribit and Bitfinex have announced their plans to do the same.

Recent: Banks still show interest in digital assets and DeFi amid market chaos

The PoR practice made sense and was lauded by many in the crypto community as it seemed like a step toward a more transparent crypto ecosystem. Centralized exchanges can note the liabilities of each account on a public ledger with specific assets held. They would have to publish with a tag that only account owners can know, thereby retaining public anonymity. 

Hassan Sheikh, co-founder at decentralized venture capital firm DAO Maker, told Cointelegraph that PoR provides a clear summation of due liabilities that can be matched against assets. He added that good PoR practice could make it very difficult for exchanges to fake liabilities, explaining:

“If liabilities are ever faked, users can publicly raise a red flag. Even if 1% of users ever bother to verify, it’d be impossible for any CEX to which users would fall in that cautious 1%. The larger accounts would almost always verify, and the CEX could at best get away with skipping only a small fraction of small accounts before being detected.”

He added that with publicly released liabilities that retail investors can easily verify, “the asset disclosures which exchanges are making would finally make sense,” adding that the balances presented in these audits only “hold weight under the assumption liabilities are properly presented.”

Ben Sharon, the co-founder at digital asset management firm Illumishare SRG, told Cointelegraph that scammers will try to fake any audit, no matter how reliable proof of reserves are. He added that a proof-of-reserves audit is still a viable step to keep a check on crypto exchanges, but it’s not enough and suggested other measures, such as:

“Having a separate cash reserve, an asset-backed token, or better yet, having both, in addition to a proof-of-reserves certificate would offer investors a far better solution. At the end of the day, the only solution is complete transparency. When a crypto exchange is fully transparent, users should not be afraid to trust it with their assets.”

Showing proof of reserves without the liabilities means nothing

While the practice of PoR is becoming accepted by centralized exchanges with many starting to release PoR audit data, there is still the issue of crypto platforms moving their funds right after the snapshot for the audit was taken. 

Crypto.com recently transferred 280,000 Ether (ETH) to Gate.io address after it released its PoR audit, fueling rumors about crypto exchanges potentially faking their reserve audits. Many in the crypto community claimed exchanges were borrowing assets to show a healthy financial book, only to return them back right after the snapshot.

Crypto.com CEO Kris Marszalek came out to clarify that the $400 million ETH transfer was a mistake and was meant to be sent to another cold wallet, raising even more suspicion.

It was supposed to be a move to a new cold storage address, but was sent to a whitelisted external exchange address. We worked with Gate team and the funds were subsequently returned to our cold storage. New process and features were implemented to prevent this from reoccurring.

— Kris | Crypto.com (@kris) November 13, 2022

And, while some exchanges give detailed breakdowns of their reserves during a PoR, other firms simply provide quick responses claiming they are in the black. Nexo has simply come up with a one-page snapshot that says they have more assets than customer deposits of around $3.2 billion.

Looking at some of the reserves audits published by exchanges, Philipp Zimmerer, core contributor at decentralized finance protocol Spool.fi, told Cointelegraph that the main issue is that there are no formal rules for what exactly constitutes a proper PoR audit. This means that the procedure will differ between exchanges. He explained:

“Even if implemented in the most good-faith interpretation, a proof of reserves still cannot prove exclusive ownership of private keys or detect any funds that were borrowed to manipulate the outcome of the audit. Generally, the practice is only as trustworthy as the exchange and the auditors were to begin with, and will never constitute 100% proof of anything.”

He further noted that showing assets without showing liabilities is worth nothing. Only ones that can be “trusted to a degree are fully regulated, on-shore banking license holders that undergo regular, complete audits from known and independent firms.” He cited the example of Coinbase, which, as a publicly traded firm, makes its assets and liabilities public information. 

Zimmerer also noted Kraken, another exchange registered in the United States, that does regular audits, the results of which it publishes and disseminates to the public.

Stefan Rust, CEO of data infrastructure provider Truflation, told Cointelegraph that looking at early implementation of PoR, it seems it is a good first step forward but in order to gain more trust and better transparency, a wiser approach will be to look at the overall balance sheet and monitor the liabilities while having transparency around capital reserves. It’s not just the reserves but also the exposure that the company has.

In the case of FTX, they had over 130 companies where they had divested the liabilities and the income. The same happened with WeWork and a number of other blowups in corporate land. Rust said:

“Proof of reserve is the first step. Proof of liabilities would be great, and in light of FTX, a must-have edition. Lastly, some sort of proof of incorporation or consolidation across related companies. We need to educate the market and the community on not only how to use these tools, but also the benefits of these tools. It’s important for users to understand why decentralization is really an essential part of not only the crypto ecosystem but the future financial and Web3.”

When asked the most reliable way to keep tabs on crypto exchanges, Don Guillaume, head of PR and communications at Gate.io, told Cointelegraph, “Regulation. Over the last few years we've seen positive steps across the world by regulators to ensure crypto exchanges, and really any company operating in the crypto industry, are regulated and following the rules of the law.”

Recent: Could Hong Kong really become China’s proxy in crypto?

Overall, the fallout from the collapse of FTX has led to calls for greater regulatory oversight of the crypto market. While key market players continue to offer some form of transparency in order to regain public trust, experts believe proof of reserves alone cannot solely be relied upon.

Tags
Ftx
Related Posts
FTX acquires Japan's FCA-licensed crypto exchange Liquid
American billionaire and CEO of crypto exchange FTX Sam Bankman-Fried announced that his company acquired Japanese crypto firm Liquid Group and its subsidiaries. As a part of the deal, FTX will acquire Quoine Corporation, a Financial Services Agency (FSA)-approved crypto exchange. As Cointelegraph previously reported, Quoine acquired a Type I Financial Instruments Business license under the Financial Instruments and Exchange Act from the Japanese regulatory authorities. FTX is pleased to announce the acquisition of the Liquid group of companies, including an FSA-registered crypto-asset exchange to provide products and services to our customers in Japan! https://t.co/rO5TznWFCU — SBF (@SBF_FTX) February 2, …
Adoption / Feb. 2, 2022
CZ and Saylor urge for crypto self-custody amid increasing uncertainty
Industry heavyweights have urged crypto investors and traders to self-custody their crypto assets amid the significant market uncertainty brought on by the collapse of FTX. In a Nov. 13 tweet to his 7.6 million followers, Binance CEO Changpeng “CZ” Zhao pushed the crypto community to store their own crypto via self-custody crypto wallets. “Self custody is a fundamental human right. You are free to do it anytime. Just make sure you do do it right,” he said, recommending investors to start with small amounts in order to learn the technology and tooling first: Self custody is a fundamental human right. …
Adoption / Nov. 14, 2022
FTX showed the value of rejecting gatekeepers in favor of DeFi
The rapid implosion of FTX has led general investors and crypto believers alike to question the validity of crypto and, indeed, predict its end. But, an understanding of history points not to crypto’s demise but rather a move toward new technology and growth. Financial markets move, as Willie Nelson once said, in phases and stages, circles and cycles. Companies develop ideas, grow quickly, ignite unwarranted investor euphoria and then implode — only to seed the ground for the next company, the next idea and the next growth phase. Crypto is no different. In 2010, an unknown person famously used Bitcoin …
Decentralization / Nov. 21, 2022
FTX fallout: SBF trial could set precedent for the crypto industry
After the collapse of major cryptocurrency exchange FTX in November 2022, former CEO Sam “SBF” Bankman-Fried was arrested by Bahaman authorities on Dec. 12. Just a day later, the United States Securities and Exchange Commission and Commodity Futures Trading Commission filed charges against him for allegedly defrauding investors and violating securities laws. On Dec. 22, Bankman-Fried was granted bail on a $250 million bond paid by his parents against the equity in their house. The bail order added that he would require “strict pretrial supervision,” including mental health treatment and evaluation. The former CEO faces eight criminal counts in the …
Regulation / Jan. 18, 2023
Former FTX Director to reportedly plead guilty to fraud charges
Nishad Singh, former director of engineering at FTX, is expected to plead guilty to fraud charges brought by U.S. prosecutors who are investigating the now bankrupt FTX cryptocurrency exchange, Reuters reported on Feb 28. During the hearing in a Manhattan federal court, Singh's lawyer announced that his client had agreed to plead guilty to one count of wire fraud, one count of conspiracy to commit wire fraud on FTX customers, and one count of conspiracy to commit commodities fraud. Nishad Singh, the former director of engineering at now-bankrupt crypto exchange FTX, has agreed to plead guilty to U.S. criminal charges, …
Blockchain / Feb. 28, 2023