Proof of Reserves Explained: From Key Mechanics To Verification

A proof-of-reserves attestation is a real-time or periodic review of balances held by a centralized cryptocurrency exchange or lending platform. The attestation is usually provided by a third-party accounting firm, with Armanino being the leading auditor for most crypto service providers. During an audit, the third-party auditor obtains proof of reserves by taking an anonymized snapshot of user balances. They are typically calculated by hashing a user’s account balance with their unique ID. The auditor then aggregates them into a cryptographic Merkle tree that produces a Merkle root — a cryptographic hash that uniquely represents a combination of all user balances. The crypto market is still emerging, but its potential to revolutionize https://www.xcritical.com/ finance and beyond is undeniable.

Why is Proof of Reserve Important for Assets?

Institutions must carefully select reputable auditors and establish robust governance and oversight mechanisms to mitigate these risks. So, striking the right balance between transparency and maintaining user privacy is crucial, as overly detailed disclosures can raise security concerns. Proof of reserves also plays a vital role in ensuring proof of reserves audit regulatory compliance and accountability. Proof of reserves contributes to the overall stability of the market by reducing the risk of a liquidity crisis. This process continues until we reach the very top of the tree, where we have a single hash, known as the root of the Merkle Tree. Data on collateralization for cross-chain assets can be obtained easily from any network using our PoR app.

MiCA Regulations and Their Impact on the Crypto Industry

Although thanks PoR we are certain that a certain cryptocurrency company/exchange has assets to cover its liabilities, we must remember that this is not current accounting. We are uncertain whether the assets in question have not been loaned out for audit purposes. Audited exchange must cryptographically sign messages using private keys provided by the auditor. In this step, the management of the exchange transfers a certain amount from the public address at a certain time.

Proof of Reserve with a Miniature Merkle Tree

Once the audit is complete, the auditor issues a report confirming the institution’s solvency and compliance with reserve requirements. This verification process adds an extra layer of credibility and reassurance to the proof of reserves mechanism. Most reputable exchanges, like Kraken, publicize those reports to their users.

Ultimately, proof-of-reserve audits serve an essential purpose in cryptocurrency – providing an extra layer of protection for users’ funds and enabling greater transparency in project finances. By verifying reserve balances on a regular basis, projects can ensure that users’ funds are safe and sound, helping to boost trust in the space overall. Financial statement (FS) audits are slow, expensive, infrequent, and very broad in scope, covering far more than just reserve management. To the extent they cover client reserves, they generally involve sampling — rather than investigating all client assets. Certain major exchanges that did have FS audits did not include customer assets in their scope prior to 2022.

It is fairly mature from a technical perspective, with lots of academic and practitioner debate, and has undergone significant refinement in its decade of life. Newer innovations such as ZK liability proofs have considerably enhanced the privacy of PoR (which was historically the biggest reason exchanges didn’t undertake it). Policymakers owe it to the industry to engage with the reality of this proactive, self-regulatory phenomenon. Not long after Mazars, who has done similar credentials for Crypto.com and KuCoin in his career, has publicly announced that he is stopping all work with cryptocurrency exchanges. It was brought to the fore after the collapse of FTX and describes an independent audit conducted to check the number of reserves held by the audited party, in this case cryptocurrency trustees. At Finst, we don’t just let you invest in crypto with the lowest fees and a cutting-edge platform.

Custodial assets have control of users’ private keys and can use them at their will. You can obtain details of transactions with the hot and cold wallets used by centralized custodians. However, it offers an aggregated impression of the total amount of assets in the custody of the platform. The Proof of Reserves auditing process could focus on many other aspects for verifying discrepancies in account balances.

Exchanges that offer effective PoR strategies stand a good chance of remaining in business as there is excessive competition for users who value security more than any other issue. Whereas regulators worldwide are still trying to figure out how exactly to regulate the crypto asset industry, exchanges that follow PoR show that they are ready for transparency and work responsibly. This approach is particularly useful in avoiding potential consequences of regulatory compliance. In the meantime, investors’ best course of action is to check the PoR balance of any platform they are dealing with and store their crypto in non-custodial wallets. This allows market participants to make informed decisions about where to trade and ensures that everyone is playing by the same rules. Ultimately, PoR is essential to provide a safe and secure environment for the exchange of value in cryptocurrencies.

• It ensures that the funds held by the institution are sufficient to cover all customer deposits and liabilities.
• It also gives customers confidence that the company is solvent and liquid enough to continue doing business with them.
• The AICPA defines it as “an attestation engagement in which a practitioner performs specific procedures on subject matter and reports the findings without providing an opinion or conclusion.
• One of the most straightforward steps is downloading the latest audit or attestation report published by the exchange’s third-party auditor.
• Binance has recently begun publishing information about the total balances of bitcoins, ethers, and stablecoins on their wallets under the name “Proof of Reserves.”
• The PoR from decentralized services such as these guarantees an institution cannot transfer more tokens than it has assets in reserve.

We can potentially consider a scenario – the exchange uses PoR to appear transparent and liquid without revealing the true solvency risk. It is worth considering that companies can conduct such an audit, not entirely honestly. Companies may have off-chain liabilities or simply collude with the audit team. Proof-of-reserves is still a relatively new concept that will only gain more traction and adoption as the cryptocurrency space grows and continues to develop. As we can see, each user’s details are recorded and hashed to create a node.

These snapshots are meant to show that a given company — usually a crypto exchange — is solvent. He was crypto lender Celsius’ vice president of strategy and planning when the firm suddenly collapsed in June last year, bringing down with it $12 billion in assets under management. Their methodology, which they call KYA — or Know Your Assets — aims to help restore trust in an industry beaten down by a series of crypto crashes which collectively cost investors tens of billions. Additionally, users can detect any irregular falls in the balances, which could point to possible fraud.

We meticulously compare your platform’s assets against liabilities, ensuring every reserve is fully accounted for and accurately represented. Ensure the integrity of staked assets, prevent double-counting, and verify validator set security for a transparent staking process. To understand where your funds are being stored, let’s first explore how centralized exchanges work.

Proof of Reserves (PoR) isn’t just a niche procedure debated by crypto bros and accountants any longer. The Texas legislature recently saw a bill introduced asking for segregated custody at exchanges alongside quarterly PoR attestations. At the same time, PoR is widely misunderstood and sometimes derided, both in the crypto space, and among policymakers. Simply put, a Merkle tree is a data structure constructed by repeatedly hashing a set of data (i.e., two or more pieces of data). To cryptocurrencies or all other assets that ensure the company’s liquidity. Merkle’s tree is a data structure, constructed by hashing a set of data (at least two) multiple times.

Probably the biggest misconception around PoR is that it represents “only half of the equation”. It’s commonly said that Proof of Reserves only pertains to assets, not liabilities. In the wake of FTX, some exchanges did informal asset attestations as a short term stopgap measure in which they shared coldwallets without corresponding liabilities. PoR has always meant proving ownership of client assets and demonstrating outstanding liabilities owed to clients. That has been the meaning of PoR since it was first discussed in 2013 and that’s what it means today. If we were just talking about demonstrating some quantity of assets held, we would say Proof of Assets.

All of these checks and balances ensure that a crypto company has the reserve assets that it needs to serve all customers, and that liquidity is maintained no matter the market conditions. On the other hand, blockchain oracles can conduct these audits in a completely decentralized manner.Oracles are systems that can provide smart contracts with real-world data from off-chain sources. For example, if you want a smart contract to execute an action when a specific real-world event occurred, you would need an oracle. Since wallet holdings on the blockchain are public, users can easily verify the audit report via blockchain explorers. While that may not seem immediately concerning, it means if the exchange fails, you lose your funds. You may think that sounds like a worst-case scenario, but unfortunately, it’s more frequent than you might think.

While they have their limitations, they provide a valuable mechanism for verifying the solvency of cryptocurrency exchanges and custodians. Users should carefully consider the PoR practices of an exchange before depositing funds. To do this audit, the CEX first creates a Merkle tree that’s a snapshot of its financial position at that time. It does that by aggregating all the assets and liabilities within its hold. Typically, the CEX engages an auditor to conduct an unbiased review of its resources.

ETH addresses to ensure that they have been properly marked as belonging to the exchange. By providing a verifiable record of reserves, it becomes easier for regulators to monitor and enforce financial regulations. This helps in preventing fraudulent activities, money laundering, and other illicit practices. In traditional and digital financial systems, a lack of transparency and certainty about reserve levels can lead to panic. Therefore, users can have peace of mind knowing that their privacy remains intact while the exchange demonstrates its financial soundness.

As long as exchanges are ok with people knowing how the total value of assets on deposit, they don’t have to divulge any additional information. In practice, it’s trivial to determine how many coins an exchange has, and many third party providers actively publish this data. Through the proof of liability tool, user information is anonymized and hashed. This allows only users with a knowledge of their account ID and their balance to verify that they are included in the merkle proof without spying on other users.

While PoR is great for proving a crypto company’s solvency, it’s not foolproof. Some loopholes could be exploited, like off-chain liabilities or inside jobs with the auditing team. PoR gives us a snapshot of a company’s assets, like a still picture, at a specific moment. But what it doesn’t do is show us how these balances change over time – it’s not a live show. A “Proof of Reserve” uses a mini Merkle tree to show an exchange’s assets and liabilities on-chain. Plus, these detective reports (audits) give the decentralized finance (DeFi) ecosystem an extra blanket of safety and privacy.