The crypto space is rife with exchanges that have been hacked, lost customer funds, or even ended up being elaborate scams. The collapse of FTX due to a liquidity crisis in recent weeks has been the most famous catastrophe to date.
In response to these clear deficiencies, many exchanges have taken steps to increase transparency and trust amongst their users. Proof-of-reserves is one such measure, with many leading exchanges now implementing this process. In simple terms, proof-of-reserve is a process by which an exchange verifies that it has sufficient reserves (in this case, fiat and cryptocurrency) to back its customers’ balances.
Proof of Reserve hit the headlines in recent weeks following the FTX collapse. In a Nov. 8 tweet, before the exchange filed for bankruptcy, CZ pledged to implement proof-of-reserve to provide “full transparency.” On Friday, November 25th, Binance published a new site to explain its proof-of-reserves system. Currently, Binance has a reserve ratio of 101%. In theory, this should mean Binance has enough to cover its user’s deposits.
What is Proof-of-Reserve?
Proof-of-reserve is not a new concept in the financial world. Banks already use a similar method to prove to their customers that they have sufficient funds to cover their deposits.
In a crypto context, proof-of-reserve is a method used to verify that an exchange’s fiat and cryptocurrency assets are sufficient to cover the funds owed to its customers. This is done by generating a cryptographic hash of the amount held. Which is then published on the exchange’s website alongside a link to a verified third-party audit report.
In addition to providing transparency, this also offers a degree of protection against exchange employees misappropriating funds. Since the audit report verifies that the published data is accurate and the hash matches the funds held, the probability of an exchange committing fraud is reduced.
How Does Proof-of-Reserve Work?
The first step is for the exchange to create a cryptographic hash of the number of funds they have on hand. They then publish that hash alongside the number of funds held on their website. The accompanying link leads to a third-party audit report, which verifies that the published hash matches the funds held by the exchange. The hash is generated using a computer program that randomly selects a number between 0 and 100,000,000.
The exchange then takes this number and adds it to the number of funds held. Creating a new hash that can be published on their site. Now, if an exchange employee were to misappropriate funds, they would have to guess the number that would be added to the funds held. This would be incredibly difficult to do and would raise serious red flags among the exchange’s employees.
Since the hash is publicly available, any discrepancy between the published hash and the funds held would be highly suspicious.
Proof of Reserves Aren’t Enough, Says Industry
However, there is emerging skepticism about the use of proof-of-reserves to safeguard user funds. Jesse Powell, CEO, and co-founder of US-based exchange Kraken called the practice “pointless” without exchanges including liabilities – or how much an exchange owes. He said: “Putting a hash on a row ID is worthless without everything else.”
And he is not the only one to raise the alarm about safeguarding funds. For many, the solution can be found by returning to a basic premise of crypto: that you cannot trust centralized entities. “Proof of reserves is not necessarily a bad solution, but it still doesn’t paint a full picture of an exchange’s solvency or change the underlying fundamental truths,” says Omer Sadika, co-founder of Odsy Network.
“Centralized exchanges can try to manipulate their proof of reserves, and to date, exchanges have largely withheld other critical information such as their total liabilities. Without an accompanying breakdown of liabilities, an exchange’s proof of reserves alone is insufficient.”
Better And More Independent Audits Are Needed
In multiple conversations with the industry, BeInCrypto has been told that proof-of-reserves simply isn’t enough. Centralized exchanges – in particular – need to do more. In some cases, we have been told that even including liabilities will fall short. “An exchange could have lots of assets, but have used them as collateral for a loan that gives a lender first claim,” says Mark Lurie, CEO, and co-founder of Shipyard Software.
“Proof of liabilities would help, but liabilities aren’t on-chain, which means proof-of-liabilities would have to come from an independent auditor. At that point, it becomes the same proof that all public and regulated companies have to provide – audited financial statements. Perhaps we are relearning the lessons of TradFi, which is that centralized financial institutions should be reporting their balance sheet to someone; either the public or a regulator.”
It is worth noting that before its collapse, FTX was audited by two separate firms, Armanino and Prager Metis. However, neither are members of the Big Four accounting firms. Also, neither has audited companies of the size and complexity as FTX. Because of their size, the audit regulator, the Public Company Accounting Oversight Board (PCAOB), inspects them only once every three years.
Of course, giant institutions like centralized crypto exchanges rarely choose transparency without being forced. Despite operating in an ecosystem that supposedly treasures openness, users aren’t yet in full revolt. Mark adds: “Why add the reporting burden if it’s not required by law and if users aren’t leaving?”
Crypto.com Accidentally Sends Funds To Gate.io
Recent weeks of crypto drama, and increasing calls for proof-of-reserves across the industry, have sent minds racing across the crypto Twitter. On November 12, Twitter user jconorgrogan highlighted the transfer of 320,000 ETH from Crypto.com’s cold wallet to Gate.io. According to Crypto.com, all of its users’ crypto is stored in cold storage with Ledger hardware wallets.
However, the fact that Gate.io returned the funds to Crypto.com in two separate transactions drove suspicion. Speaking to BeInCrypto, founder of Gate.io, Dr Lin Han said: “On October 21st, Crypto.com moved 320,000 ETH to a new wallet, they sent it to a whitelisted Gate.io wallet on their list of their wallet accounts, meaning their own wallet account on Gate.io. As standard practice, we followed our security protocols and requested identity verification when Crypto.com asked to withdraw these funds. Once completed the funds were withdrawn to their own addresses at their own accord.”
Speaking about their own proof-of-reserves, he said the company was audited on a yearly basis, but were taking steps to “incorporate more frequent, cyclical Proof-of-Reserves auditing. Snapshots are done at the discretion of the auditor… In 2020, Gate.io developed a Proof-of-Reserves verification method using a Merkle Tree, we patented the process and recently open-sourced the technology for peers to use as calls for Proof-of-Reserves intensified.” Dr Han confirmed Gate.io had no exposure to troubled crypto firms, held over 100% of assets deposited to the platform, and did not use user funds for further trading.
Users Need Trust Restored
Why has it taken this long for big players in the industry to spotlight transparency? “For a start, cryptocurrencies are still experiencing unprecedented rates of adoption. For us, that’s the main reason that transparency has become so talked about. The need for it is real if the space is to move forward,” says Antoni Trenchev, co-managing partner of Nexo. “When markets are growing and the global economy is booming, it’s easy to get caught up in an illusion that only great times lie ahead and be naive of trend reversals.”
As the crypto space continues to grow, it’s becoming increasingly important to protect investors from fraudulent exchanges. Proof-of-reserve is certainly a step in the right direction. But there are still several improvements that could be made to enhance transparency and trust. It is crucial for investors to have access to information about an exchange’s financials. This includes information about how the business is structured and how it generates revenue. As well as details about its employees and shareholders.
“Part of the reason it has taken so long for big players to adopt transparency by default is that they are just a replica of the contemporary mainstream financial system,” says Don Gossen, CEO, and co-founder of Nevermined. “The CEX’s simple argument is that their competition isn’t transparent, so why should they be.”
Maybe it’s time to start expecting more.
For BeInCrypto’s latest Bitcoin (BTC) analysis, click here
Following the Trust Project guidelines, this feature article presents opinions and perspectives from industry experts or individuals. BeInCrypto is dedicated to transparent reporting, but the views expressed in this article do not necessarily reflect those of BeInCrypto or its staff. Readers should verify information independently and consult with a professional before making decisions based on this content.