Following the collapse of FTX which occurred following the bankruptcy of the cryptocurrency exchange channeling user funds to mitigate its own risks, crypto exchanges came up with a transparency solution called proof of reserves.
A practice, recently endorsed by Binance CEO Changpeng Zhao, offers exchanges a way to show that they offer transparency to users in the absence of clear regulations.
All crypto exchanges should do merkle-tree proof of reserve.
Banks operate with fractional reserves.
Crypto exchanges shouldn’t.@Binance will soon begin to show reserves. Total transparency.
— CZ Binance (@cz_binance) November 8, 2022
Proof of Reserves (PoR) is an independent third-party audit to ensure that a custodian holds the assets it claims to hold on behalf of its clients.
This auditor takes an anonymized snapshot of all held balances and aggregates them into a Merkle tree.
A Merkle is a cryptographic commitment scheme in which each “leaf”, or node, is tagged with the cryptographic hash of a block of data. Their main use is to verify data that has been manipulated, sent or stored between computers. Although invented in 1979, the concept has been widely used in peer-to-peer blockchain networks.
After taking the snapshot, the auditor obtains a Merkle root: a cryptographic fingerprint that uniquely identifies the combination of these balances at the time the snapshot was created.
The auditor then collects digital signatures produced by the crypto exchange, which prove ownership of on-chain addresses with publicly verifiable balances. Finally, the auditor compares and verifies that these balances exceed or match the customer balances represented in the Merkle tree so that customer assets are held on a full reserve basis.
A total of five centralized exchanges (CEX) including Kraken, Bitmex, Coinfloor, Gate.io and HBTC have completed their proof of reserve audits while Binance, OKX, KuCoin, Huobi, Poloniex, Crypto.com, Deribit and Bitfinex have announced plans to do the same.
The PoR practice made sense and was welcomed by many in the crypto community, as it seemed like a step towards a more transparent crypto ecosystem. Centralized exchanges can note each account’s liabilities on a public ledger with specific assets held. They should post with a tag that only account owners can know, thus maintaining public anonymity.
Hassan Sheikh, co-founder of decentralized venture capital firm DAO Maker, told Cointelegraph that PoR provides a clear sum of liabilities due that can be compared to assets. He added that good PoR practices could make it very difficult for exchanges to simulate liabilities, explaining:
“If ever the passives are tampered with, users can publicly raise a red flag. Even if 1% of users bothered to verify, it would be impossible for any CEX that users fell into in this cautious 1%. would almost always check, and the CEX could at best get away with skipping only a small fraction of small accounts before being detected.
He added that with liabilities made public that retail investors can easily verify, “the asset disclosures that exchanges make would finally make sense,” adding that the balances presented in such audits “only hold weight under the assumption that the liabilities are correctly presented”.
Ben Sharon, co-founder of digital asset management company Illumishare SRG, told Cointelegraph that scammers will try to fake any audit, no matter how reliable the reserve evidence is. He added that a proof of reserves audit is always a viable step to control crypto exchanges, but it is not enough and suggested other measures, such as:
“Having a separate cash reserve, an asset-backed token, or even better, having both, in addition to a proof of reserves certificate, would provide investors with a much better solution. In the end, the only solution is complete transparency. When a crypto exchange is completely transparent, users should not be afraid to entrust their assets to it.
Showing proof of reserves without the passive means nothing
While the practice of PoR is becoming more accepted by centralized exchanges and many are starting to release PoR audit data, there remains the problem of crypto platforms transferring their funds right after the snapshot is taken. auditing.
Crypto.com recently transferred 280,000 Ether (ETH) to Gate.io after its PoR audit was released, fueling rumors about crypto exchanges potentially falsifying their reserve audits. Many in the crypto community have claimed that exchanges borrow assets to show a healthy financial ledger, only to return them right after the snapshot.
Crypto.com CEO Kris Marszalek has come out to clarify that the $400 million transfer of ETH was a mistake and should be sent to another cold wallet, raising even more suspicion.
It was supposed to be a move to a new cold storage address, but was sent to a whitelisted external exchange address. We worked with the Gate team and the funds were then returned to our cold storage. New processes and features have been implemented to prevent this from happening again.
—Kris | Crypto.com (@kris) November 13, 2022
And, while some exchanges give a detailed breakdown of their reserves during a PoR, other companies simply provide quick responses claiming they are in the dark. Nexo simply offered a one-page snapshot that indicates they have more assets than customer deposits of around $3.2 billion.
Reviewing some of the reserve audits published by exchanges, Philipp Zimmerer, lead contributor to decentralized finance protocol Spool.fi, told Cointelegraph that the main problem is that there are no formal rules for what constitutes exactly a suitable PoR audit. This means that the procedure will be different from one exchange to another. He explained:
“Even if implemented in the most bona fide interpretation, proof of reservations still cannot prove exclusive ownership of private keys or detect borrowed funds to manipulate the audit outcome. In general, the practice is only as trustworthy as the exchange and listeners were to begin with, and will never be 100% proof of anything.
He further noted that showing the assets without showing the liabilities is worthless. Only those who can be “trusted to some extent are fully regulated onshore banking license holders who undergo regular and comprehensive audits by reputable and independent companies”. He cited the example of Coinbase, which, as a publicly traded company, makes its assets and liabilities public.
Zimmerer also noted Kraken, another US-registered exchange, which conducts regular audits, the results of which are published and released to the public.
Stefan Rust, CEO of data infrastructure provider Truflation, told Cointelegraph that looking at the early PoR implementation, it seems like a good first step, but in order to gain more trust and a better transparency, a wiser approach will consist of looking at the balance sheet as a whole and monitoring the liabilities while having transparency on the capital reserves. It is not only about reserves, but also about the exposure of the company.
In the case of FTX, they had over 130 companies whose liabilities and revenues they had divested. The same thing happened with WeWork and a number of other corporate turf blowouts. Rust said:
“Proof of reserve is the first step. A passive proof would be great, and in light of FTX, a must-edit. Finally, some kind of proof of incorporation or consolidation between related companies. We need to educate the market and the community not only on how to use these tools, but also on the benefits of these tools. It is important for users to understand why decentralization is truly an essential part of not only the crypto ecosystem, but also the future of finance and Web3.
When asked about the most reliable way to keep an eye on crypto exchanges, Don Guillaume, head of public relations and communications at Gate.io, told Cointelegraph: “Regulation. Over the past few years, we have seen positive steps across the world from regulators to ensure that crypto exchanges, and really any business operating in the crypto industry, are regulated and follow the rules of the law.
Overall, the fallout from FTX’s collapse has led to calls for greater regulatory oversight of the crypto market. While major market players continue to offer some form of transparency in order to regain public trust, experts believe that evidence of reservations alone cannot be relied upon alone.