What Are Proof of Reserves (PoR)?
Proof of Reserves (PoR) is an auditing practice for cryptocurrency companies that can prove their solvency. A PoR audit verifies that the customer assets held by a cryptocurrency exchange correspond to the number of assets the company holds in reserve on behalf of the customers.
For crypto platforms, performing a proof of reserves audit is a crucial step to gaining the trust of the public. That is because the PoR audit ensures customers that the custodian is sufficiently liquid and they can withdraw funds anytime, providing transparency on the availability of their funds.
Crypto firms often contact a third-party independent organization to conduct the PoR audit. They then publicly publish the results to help investors understand the details of their reserves, including addresses that hold cryptocurrencies for customers.
Why Are PoR Audits Important?
The high-profile collapse of FTX, once the third-largest crypto exchange in the world, highlighted a significant issue in the world of cryptocurrency: lack of transparency among centralized crypto exchanges.
When FTX and its group of companies filed for bankruptcy protection in November last year, they had a $6.8 billion shortfall in their balance sheet. The group of companies had debts of about $11.6 billion, the majority of that in customer claims, against $4.8 billion in assets.
This development also eroded user trust in other centralized crypto exchanges, with many proceeding to withdraw their funds from these platforms. In a bid to win back the trust of the crypto community and recover from the effects of the FTX debacle, crypto exchanges decided to release PoR audits.
Different Approaches to PoR Verification
Generally, there are three proof-of-reserve verification methods: public wallet address, third-party audit, and the most widely used Merkle tree proof.
1. Proving Reserves through Public Wallets
One approach to PoR verification involves exchanges publicly sharing the addresses of their crypto wallets that hold customer funds. Customers and regulators can use these wallets to confirm the existence of the claimed reserves.
Since this method allows customers to monitor the wallet addresses, it can also serve as an early warning mechanism for investors to detect any irregularities in a crypto exchange’s financial situation. For instance, if the balance of a wallet suddenly decreases without any explanation, it could signal potential fraudulent activity.
However, it is essential to note that public wallets do not reveal how an exchange manages or invests customer funds. Furthermore, this method does not reveal any details regarding the liabilities of an exchange, which are important to identify whether a company is solvent or not.
2. Third-Party Audits
Another method for PoR verification involves independent third-party audits. These audits aim to provide an unbiased evaluation of an exchange’s reserves.
During a third-party audit, an independent auditor investigates an exchange’s records and verifies that the held funds correspond to the amount owed to customers. The auditor also scrutinizes the security and auditability of the accounts, looking for any irregularities or discrepancies that may indicate fraudulent activities.
Third-party audits prevent exchanges from exaggerating their reserves or engaging in fraudulent activities. However, finding impartial auditors with the necessary expertise can sometimes be challenging. Furthermore, audits provide a snapshot of the exchange’s financial status at a specific moment in time.
3. Merkle Tree
One of the most effective methods for verifying reserves involves using a PoR protocol that utilizes a Merkle Tree proof. Merkle tree, also known as hash tree, is a data structure used for data verification and synchronization.
This protocol aggregates the total of all customer balances without exposing any private information. The total aggregate data is accessible via the Merkle root. The Merkle root is the tamper-proof cryptographic fingerprint that auditors can access to verify the balance information.
Crypto exchanges can release PoR attestations based on Merkle Trees at regular intervals, such as weekly, monthly, or quarterly. These attestations are often presented in the form of snapshots. Alternatively, some companies offer real-time attestations that are accessible on their websites, providing up-to-the-minute information on the status of their reserves.
Concerns Around PoR Verification
While posting a PoR audit is a good first step for crypto exchanges to move toward transparency, it is not sufficient. That is because this practice does not reveal the overall balance sheet and the liabilities of a platform, making it hard for users to thoroughly verify a company’s financial health.
“Proof of Reserves is a good start, but it needs to be coupled with Proof of Liabilities in order to be useful,” said Ava Labs CEO Emin Gün Sirer. The crypto veteran noted that exchanges could simply borrow funds for a short term to complete their PoR.
Moreover, exchanges can have hidden liabilities or have creditors claim seniority to depositors, especially if they don’t legally segregate client assets on the platform. Without knowing how much is owed to depositors, users only have half of the equation.
On the other hand, it is not easy to prove that exchanges do not have liabilities. “Proving liabilities is tricky and generally requires an auditor to engage in a full assessment,” Carter said, mentioning that exchanges can omit certain liabilities to cheat a PoR attestation.
Major Exchanges Release PoR Audits
Following the 2022 crash of FTX and some other prominent crypto firms, several major crypto exchanges started releasing their PoR audit report. These included Binance, the world’s largest crypto exchange by trading volume, as well as OKX, Crypto.com, and ByBit.
Some other exchanges and crypto lending platforms, including Kraken, Nexo, BitMEX, and Gate.io, provided a PoR audit even before the 2022 market crash. Coinbase, on the other hand, has said that as a publicly listed company, it already proves its reserves via audited SEC filings.
Centralized crypto exchanges have turned to proof of reserves (PoR) in order to win back community trust following the catastrophic collapse of FTX. These audits help verify customer assets held by a cryptocurrency exchange correspond to the number of assets the company holds in reserve on behalf of the customers.
However, it is worth noting that PoR audits alone cannot prove the solvency of a platform. That is because this practice does not reveal the overall balance sheet and the liabilities of an exchange, which are necessary to affirm the company’s financial health.