Which institutions have recently updated their reserve proof?
Source: Nic Carter
Compiled by: Katie, Odaily Planet Daily
A year ago, SBF stated in an interview with the Financial Times that if FTX became the largest exchange, buying Goldman Sachs and the Chicago Mercantile Exchange would not be a problem. Today, a year later, we are witnessing the annual drama event in the Crypto circle.
CZ tweeted today that crypto exchanges should not implement a fractional reserve system like banks, and all crypto exchanges should publicly disclose proof of reserves. Binance will soon start doing proof of reserves to maintain full transparency. Following that, OKX announced plans to release proof of reserves within the next 30 days; Bitget also stated it would publish proof of reserves.
Will proof of reserves be the antidote to prevent another "earthquake" in the crypto circle? Odaily Planet Daily will explore the significance of reserves for the crypto industry and summarize the latest developments in proof of reserves from major crypto exchanges and other institutions.
What is proof of reserves?
If I could do one thing to improve this industry, it would be to convince every custodian in the cryptocurrency space to adopt a standard proof of reserves procedure.
Proof of reserves refers to the requirement for custodial businesses holding cryptocurrencies to create public attestations about their reserves that match the proof of user balances (liabilities). Theoretically:
Proof of reserves + Proof of liabilities = Proof of solvency
The idea is to demonstrate to the public (especially your depositors) that the cryptocurrencies you hold in deposits match user balances. Of course, in practice, this is not that simple. Proving you control some funds on-chain is not very meaningful; you can always borrow those funds on a short-term basis. Thus, the significance of point-in-time verification is relatively small.
Moreover, exchanges may have hidden liabilities, or creditors may demand priority for depositors, especially if they illegally "discriminate" against customer assets on the platform. This is why the Wyoming SPDI bill is so important, as it clarifies the legal status of depositors relative to custodians.
Proving liabilities is tricky and usually requires auditors to conduct a thorough assessment. For example, exchanges might omit certain liabilities to "fool" PoR (Odaily Planet Daily note: proof of reserves) verification. That’s why I recommend user-facing PoR protocols that allow users to collectively verify their individual balances for "herd immunity," as well as auditor-facing PoR protocols to prove that the claimed liabilities are real.
Another issue is that exchanges may have undisclosed liabilities that simple cash flow analysis may not capture. For instance, considering that many exchanges operate in chaotic regulatory regimes and legal environments, there is no guarantee that depositors will have priority over creditors in the event of bankruptcy. This means that, in the worst-case scenario, large debts may include a hidden liability, undermining depositors' claims to reserves. That’s why I suggest including an auditor in the PoR process to understand these more complex liabilities (and assess depositor priority). Simply put, exchanges should adopt a legal policy that enjoys absolute privilege over all creditors.
Therefore, proof of reserves programs are not entirely untrustworthy. It is still worth a try for the following reasons:
It is a good "custodial service." Regular PoR verifications signal to your end users that you are in good shape and that you remain vigilant about solvency;
It is a strong self-regulatory measure. If exchanges collectively adopt PoR, regulators may be more inclined to take a lenient regulatory approach. Operating under voluntary self-regulatory measures in a relatively free environment is far better than later enduring heavy regulatory burdens;
It leaves no room for fractional reserve practices, thereby helping to guard against "toxic" operators. The failures of these exchanges have had severe impacts on the entire industry, so avoiding them is in everyone's interest.
Some do not believe that proof of reserves (PoR) has a significant impact on the industry, arguing that it is not yet sufficiently developed. Currently, there is almost no transparency in industry standards. Those exchanges that are subject to stricter regulation, such as those under the New York Trust License (NY Trust License), claiming to be fair managers of user funds sound more convincing.
Some exchanges obtain banking partnerships through audits, but these audits are often not consumer-facing, and many exchanges are loosely regulated. A stronger trust signal needs to allow depositors to personally verify that their deposits truly exist under the control of the exchange. If we let "the pursuit of perfection" hinder the adoption of processes like PoR, we are likely to end up in a worse situation, where exchanges face heavy, top-down regulation. Compared to national regulation, I have always preferred proactive self-regulation driven by the industry.
In my view, "proof of reserves" (PoR) refers to a specific procedure in which custodians transparently prove the existence of on-chain reserves and then provide an equivalent proof (usually with the help of auditors) that the outstanding liabilities do not exceed these reserves. The term typically refers to the relevant procedures. For example, stablecoin verification is sometimes referred to as PoR. But in this case, it is the on-chain liabilities and reserves in the banking system. In my opinion, proof of reserves specifically refers to the procedure that provides tangible proof of the existence of crypto reserves that match certain notes they issue.
PoR Status of Some Industry Players
Entities that have recently conducted PoR verifications (as of 11/07/22):
Kraken (auditor-assisted, using merkle method for user verification, point-in-time) (November 8, 2022)
Nexo (auditor-assisted, ongoing) (daily verification)
Coinfloor (self-assessment, using merkle method for user verification, ongoing) (August 2021)
Gate.io (auditor-assisted, using merkle method for user verification, point-in-time) (May 2020)
HBTC (self-assessment, using merkle method for user verification, point-in-time) (May 2021)
BitMex (self-assessment, using merkle method for user verification, point-in-time) (August 2021)
Ledn (using merkle method for user verification, ongoing [every six months]) (August 2021)
Partial verifications
Revix (audit firm assistance, no user verification, point-in-time) (Q3 2022)
Bitbuy (forensic firm assistance, no user verification, point-in-time)
Shakepay (forensic firm assistance, no user verification, point-in-time)
Others
TrustToken True Currency stablecoins (auditor-assisted, daily verification)
CoinShares (XBT provider ETP with Armanino real-time verification)
Note: I am merely stating the "status quo" and do not endorse or guarantee their accuracy.
Frequently Asked Questions
- If you mean "proof of solvency," why call it "proof of reserves"?
Proof of reserves sounds better; solvency is a higher standard. Ideally, PoR should be combined with a comprehensive accounting of known and hidden liabilities to provide a stronger assurance of solvency.
- Will exchange/user privacy issues be leaked?
As long as exchanges can let people know the total value of deposit assets, they do not need to disclose any additional information. In practice, determining how many tokens an exchange has is not important; many third-party providers actively publish this data. Therefore, attempting to hide the number of tokens in deposits is destined to fail. Through liability proof tools, user information is anonymized and decentralized. This only allows users who know their account ID and balance to verify whether they are included in the merkle proof without monitoring other users.
- What about the privacy issues of DEX?
The growth of DEX is exciting and significant for the industry. However, cryptocurrency users have a clear preference for custodial ownership, at least for a portion of their tokens. Self-custody is difficult, and not everyone can do it. About 20-25% of BTC and ETH are held in custodial environments. By encouraging custodial exchanges to adopt PoR, I hope to improve user assurances for custodial exchanges.
- Do you need auditors?
In the case of BitMEX, I believe users received adequate assurance without a third-party auditor. In fact, by running the process, users can ascertain that BitMEX controls a specific amount of BTC and that their account balances are included in the final merkle balance tree, so if enough users run the analysis, you can get reliable assurance that BitMEX is not selectively excluding any liabilities, thereby exaggerating their solvency.
In this case, only BTC is proven in a relatively simple full reserve setup. However, in more complex setups, it may be a fractional reserve model or more bank-like environment, or involve multiple assets, even non-blockchain assets and potential fiat assets, then you will need to involve auditors. Armanino LLP has been conducting PoR programs for years and is an expert in this field.
- I want to adopt PoR; do you have any recommendations?
I recommend updating your legal terms to clarify:
a) The separation of customer deposits and operating capital;
b) The priority of customer deposits in liquidation;
c) Your responsibilities to depositors under your regulatory framework (if any).
As for adopting PoR strategies, I recommend using the merkle method for ongoing, increased auditor, user-verifiable proof of solvency. Point-in-time verification is not enough. I suggest using auditor assistance and proof of liabilities. Currently, well-known firms like Armanino, Mazars, and KPMG provide these auditing/accounting services. I strongly recommend allowing depositors to use the Maxwell/Todd merkle method to verify whether their balances are included in the proof of liabilities.
- Why do I need an auditor or external third-party assistance?
To instill confidence in users about account conditions, it is necessary to hire a trustworthy auditor willing to stake their professional reputation to assess the liability situation.
- Who are the market leaders in the PoR/real-time verification field?
Armanino is the market leader. They have the most professional programs and services in the industry to date, as well as the most active clients in this field. I hereby declare that I have no commercial relationship with them in any form.