How to Evaluate «Proof of Reserves»
The collapse of FTX has brought to light many downsides of centralized control of your crypto investments, but there have also been some positive developments from the event. One of these is the idea of Proof of Reserves.
Proof of Reserves (PoR) is a public attestation of the financial reserves held by an exchange.
However, only providing proof of assets held is not sufficient. Exchanges must also prove their liabilities so the two can be compared to ensure an exchange holds sufficient reserves to cover any liabilities.
Knowing both assets and liabilities, we can achieve proof of solvency, which ensures clients can get their money back in the event of an exchange failure.
Many exchanges have already begun the process of conducting PoR audits. The most closely watched has been Binance, but other exchanges are also conducting PoR attestations, including OKX, Kraken, Gate.io, and BitMex. Also, Kucoin, Huobi, Poloniex, Crypto.com, and, Bitfinex have all announced plans to include Proof of Reserve audits.
Proof of Reserves Is Not Enough
As mentioned above, proof of reserves isn’t enough. Exchanges and other crypto businesses also need to provide liabilities, which can be more complicated. Further complicating matters is the inclusion of any off-chain assets (like fiat currency) or off-chain liabilities (like loans).
In the case of liabilities, it may be necessary for a third-party auditor to be involved. The reasoning is liabilities can easily be omitted, thus calling for independent verification that the reported liabilities match the reality. The same is true for any off-chain assets.
Coinbase published a piece that gives some suggestions for potential techniques that could be used (from least to most desirable):
1. Self-attested PoR, also known as Proof of Assets. In this technique, the platform discloses addresses and provides proof (such as a signed message) that it has access to the associated private key.
2. Third-party audited PoR. As above but conducted by an outside 3rd party.
3. Self-attested PoR and Liability (PoRL). As above but including both proof of assets and proof of liabilities, generally using a Merkle tree to allow for customer validation of the inclusion of their specific balances in the total liability amount.
4. Third-party audited PoRL. As above but conducted by an outside 3rd party.
Cryptographic Proof of Reserves
Going further, the entire industry is based on cryptographic verification. Since every blockchain has a consensus mechanism, why not use cryptographic verification for PoR as well?
It’s not a new concept. In 2011, the now defunct exchange Mt. Gox cryptographically proved its assets by moving 424,242 BTC to a pre-announced address.
Binance recently did the same thing, but it failed to pre-announce the address, creating some uproar in the crypto community when it was seen that over $2 billion in BTC was being moved from Binance to an unknown wallet.
This type of cryptographic proof only addresses the assets held by the exchange. It also faces several other issues like:
- Dealing with cold storage
- Collateral dual-use
- Exchange liabilities
Most exchanges keep the vast majority of funds in cold storage, making it insecure and expensive to frequently make transfers as proofs of assets.
Additionally, exchanges could easily shuttle funds back and forth amongst themselves to make it look as if they’re solvent when, in fact, they’re not.
Finally, if liabilities are included in audits (and they certainly need to be), a more complex and robust cryptographic proof should be used.
Enter Merkle trees.
Using a Merkle sum tree to check on account balances is an improvement over simply posting a list of accounts and balances. Merkle trees help to preserve privacy while also proving a company is holding the client assets that it should be holding. It’s not ideal, however, as there’s still some privacy leakage.
What About Privacy?
Of course, liabilities can also be included in the Merkle trees and independently audited to verify reality matches with the exchange reporting, which helps create a stronger, more accurate picture.
However, independent auditing brings its own challenges, particularly in terms of privacy. This is crucial, as many crypto investors value privacy above almost anything.
An audited and public Merkle tree structure (the most commonly used on-chain method) would mean customer balances and on-exchange activity trends would be compromised. Even if it were only customer-specific branches of the tree being shared, these could later be aggregated to reconstruct the whole tree.
From the image below, even if a Merkle tree isn’t fully publicly available, there are privacy concerns. Charlie will learn that someone has a balance of 164 ETH, some two users have balances that add up to 70 ETH, etc.
While that might seem trivial for an individual, it becomes far worse for entities that control many accounts. They could create quite an accurate picture of client holdings and asset flows through the exchange.
Vitalik Buterin has proposed using ZK-SNARKS to make this type of proof even more private and secure. You can see the full details (which are a bit technical in nature) here. He even suggests loans could eventually be captured in this way and included in any proof of reserves.
It’s Still Worth Doing
So, a proof of reserve program isn’t entirely trustless. However, it’s still worth doing for several reasons:
- Solid proof of reserves shows your clients, customers, and users you value solvency and stability.
- If the industry independently adopts some standardized Proof of Reserves, it could influence regulators to take a softer hand in the crypto space. That would be far better for the exchanges, who could operate without the imposition of stringent regulations.
- It would help to avoid the failures we’ve seen in 2022, like Celsius and FTX, by making it nearly impossible to hide fractional reserves.
Current Progress
There are several exchanges that have recently conducted Proof of Reserves attestations. There is also far more interest in having the industry continue to improve on its reserve reporting. Currently, the gold standard in the industry is Kraken, which is the only exchange we’re aware of that uses an auditor-assisted, user validation with Merkle approach for nearly all its assets.
Other exchanges are also adding or improving on their own proof of reserves protocols, though at this time, most are self-attestations, so you have to trust the exchange is reporting its liabilities and off-chain assets properly.
It’s also possible to get real-time data regarding exchange on-chain assets from Nansen, though they freely admit:
“Assets/net worth shown is the value of the token holdings in the wallet addresses provided by the exchanges, on blockchains that we support. It is not meant to be an exhaustive, complete, or comprehensive statement of the actual assets or reserves held by the exchange on behalf of its users or customers.”
Even so, it’s a step in the right direction.
Investor Takeaway
Binance is not only the most closely watched in terms of Proof of Reserves; it’s also hopefully taking the lead towards moving to proper PoR and auditing. While it currently uses a self-assessment and user validation with a Merkle approach and only provides proof of reserves for BTC, it has plans to improve:
- Include additional assets in the Proof of Reserves.
- Involve third-party auditors to audit PoR results.
- Implement ZK-SNARKs for PoR, improve privacy and robustness, and prove the total net balance (USD) of each user is non-negative.
This approach will provide increased transparency and could go a long way to restoring investor confidence in the centralized crypto exchanges.
Given these centralized exchanges are easier to use versus their decentralized counterparts, such trust is necessary for mainstream adoption.
This type of transparency would likely occur in one way or another. If exchanges don’t self-regulate, government regulators will potentially step in to ensure auditing and compliance take place to keep investor funds secure.