Can Proof of Reserves Really Prove an Exchange’s Solvency?
A day after the FTX fiasco, on November 8th, Binance’s CEO announced that “all crypto exchanges should do merkle-tree proof-of-reserves”. Now that CZ kept his promise, how does proof-of-reserve work and is it sufficient to restore user trust?
Why is Proof-of-Reserve Needed?
From November 5th to November 9th, Bitcoin withdrawals from exchanges ramped up by +541%, from $237 million to $1.52 billion. The SBF-induced distrust eventually led to more platform shutdowns, from BlockFi to Genesis lending for the Gemini Earn program.
While traditional banks offer up to $250k FDIC-backed insurance, the crypto industry has to come up with its own confidence-boosting solution. Fortunately, it came quicker than many had expected. After Ethereum co-founder, Vitalik Buterin published “Having a safe CEX: proof of solvency and beyond”, Binance CEO confirmed this solution is being implemented.
Now that Binance, as the world’s largest crypto exchange, launched proof-of-reserve, how does it work and what does it NOT tell us?
Can Proof-of-Reserve Remove SBF’s Taint?
Proof-of-reserves (PoR) works as a third-party audit system. For example, if a customer bought 10 ETH on an exchange, then those 10 ETH must match up with the exchange’s holdings. The auditor snapshots the exchange’s holdings using an anonymized Merkle Tree.
Merkle Tree is one of the staples of blockchain technology, developed all the way back in 1979. This cryptographic structure aggregates transaction hashes between network nodes. Merkle Tree’s purpose is to verify if the transmitted data between computers has been properly managed.
In the crypto world, Merkle Tree generates a cryptographic hash as the totality of user balances on a specific platform.
With the Merkle Tree technique, the auditor can aggregate transaction signatures (hashes) on the exchange, contrasting on-chain addresses with the exchange’s publicly verifiable balances. Because Merkle Tree has a transaction hash Merkle Root, customers can verify if their balance is indeed accounted for.
Likewise, because of Merkle’s tree structure, even a tiny change is expressed down the branches, making tampering transparent.
Join our Telegram group and never miss a breaking digital asset story.
How Would Users Conduct Proof-of-Reserves?
Multiple exchanges have already implemented PoR for users: Kraken, BitMex, Gate.io, Coinfloor, HBTC, and Binance. Many more, if not all have announced PoR implementation. On Binance, users can go to their wallets to find this feature under “audit”.
After picking the audit date, users can find their asset balances and Record ID, unique to the account and for the audit. Through Record ID, users can independently verify a third-party auditor included their account balance, by copying the Record ID code into their portal.
For advanced users who want to self-verify their balances by reconstructing Merkel Tree hashes, they would have to take a more sophisticated approach of copying audit source code into a Python application. Kraken, Binance, and others have already posted step-by-step examples on how to do it for Python or other programming languages.
Is Proof-of-Reserve Enough?
An exchange snapshot of user balances cannot show if those funds haven’t been borrowed, or allocated, just to pass the audit. For example, this is what the Binance snapshot looks like, against which users can verify their assets.
You may have noticed the odd percentage of 101% instead of 100%. This could indicate the mixing of funds. For example, corporate or user funds with pegged funds, such as proof of collateral for B-tokens. Binance listed that particular wallet in the above-displayed balance snapshot.
What this means is that the future standard should not rely on just proof of reserves but ultimately on:
proof-of-reserves + proof-of-liability = proof-of-solvency
The second part of that equation, proof-of-liability, is much more challenging to implement. Just as the exchange could snapshot proof of assets, it could as easily snapshot a list of liabilities. But who’s to say that all liabilities are included?
One solution is to implement a system in which all individual creditors verify if they are included in a public list of the exchange’s liabilities. In other words, an auditor-facing PoR protocol for proving liabilities. One example of this gold standard is being implemented in the UK-based Coinfloor (now CoinCorner) exchange, as it combines proof of assets with proof of liabilities on a monthly basis.
In conclusion, proof-of-reserves is a major step forward, moving away from a complete lack of transparency to user-verified and third-party audits. To keep track of exchanges’ holdings, Nansen.ai is in the process of listing all major exchanges, including users’ wallet profiler.
Will you regularly audit your wallet from now on? Let us know in the comments below.