by Joel Agbo –
Table of Contents
- What is Proof of Reserves?
- Why is Proof of Reserves Important?
- How Does a Proof of Reserves Audit Work?
- Profiling Custodial Institutions using Proof of Reserves Tools
Key Takeaways:
-
Proof of Reserves (PoR) lets you verify that your exchange or any other custodial financial platform is truly in the custody of the assets you deposit.
-
Proof of Reserves was introduced as a response to the widespread mismanagement of user funds by centralized exchanges and derivatives trading platforms.
-
One way of verifying Proof of Reserves involves using the Merkle tree technology to collate the institution’s holdings and match them to user accounts to enable account owners to get a view of the account history.
-
CoinGecko has rolled out a Proof of Reserves feature to enable users to view available exchange reserves data in one place.
Centralized exchanges are providing customers with facilities to verify the state of the assets held on their platform. Through this, customers are able to ascertain that the institution truly holds these assets with an equal or excess reserve to back the deposits, ensuring that customers will always be able to withdraw their holdings. This process is made possible through the Proof of Reserves (PoR) system.
Also, did you know that CoinGecko now has Reserve Data on Centralized Crypto Exchanges?
You can jump straight into our guide, or read on to find out what exactly is Proof of Reserves and how it works.
What is Proof of Reserves (PoR)?
Proof of Reserves is a statement outlining the holdings of a custodial financial institution, such as centralized exchanges.
PoR demonstrates an institution / exchange’s ability to honor withdrawals from its platform at all times. Broadly, it consists of two parts – a current record of customers’ token deposits (known as liabilities), and a pool of tokens held within a set of exchange addresses (also known as assets). As a custodial financial institution, centralized exchanges are not supposed to be utilizing customers’ funds for other purposes, thus both assets and liabilities should match.
While there are multiple ways that Proof of Reserve can be achieved, the blockchain industry has devised an on-chain, trust-minimized way to record such proofs on-chain, and verifiable by anyone. In effect, an exchange can presents a report of assets in the institution’s custody and map these assets to individual accounts, and store part of this information on-chain. This way, individual users, or any interested 3rd party, can actually verify that the institution actually holds the specific assets that match specific account balances, without actually revealing the identity of the users.
Contemporary Proof of Reserves facilities simplifies the custody verification process through a one-click process that enables users to access the audit records and obtain proof that their institution holds the correct amount of assets. Exchanges like Kraken have already made this facility available to their users.
Why is Proof of Reserves Important?
Binance exchange’s CEO Changpeng Zhao, on November 6, 2022, raised an issue on the state of the second largest cryptocurrency trading platform – FTX. Events trailing this revealed long-running mismanagement of funds under the exchange’s custody. While users’ account balances show records of their assets, these assets were non-existent as the exchange had engaged in certain activities that resulted in a loss of users’ funds.
In an event that turned tragic, users’ withdrawal requests stalled as the exchange was unable to honor asset withdrawal requests, with some estimates pegging the shortfall at close to $10 billion. The ripple effects from the FTX collapse predictably impacted other exchanges, where some were also revealed to be utilizing customers’ tokens for other purposes, triggering mass panic, and further calls for full transparency in exchange reserves.
Proof of Reserves was introduced in response to this. Prior to these events, the majority of cryptocurrency investors had always entrusted custodial institutions with the safety of their assets without pushing overly hard for transparency, or performing verification to ensure that reserves were actually being maintained. This implicit trust has now been shattered, and the industry is now collectively pushing forward to hold custodial institutions to be more transparent and accountable for customers’ tokens.
Implementing Proof of Reserves will offer certain benefits to custodial platforms and their users.
For users, it will:
Provide a means to verify proper custody of assets
The primary goal of Proof of Reserves is to enable customers to verify the assets held by their institutions. Investors can use these applications to track changes made to their individual accounts to get a better view of how their funds are handled over time and demand clarity of each action from their institution.
Allow due diligence to be conducted on custodial platforms
Before setting up an account on a trading platform or any cryptocurrency institution, it is advised to carry out preliminary research on the institution, including its financial dealings and overall integrity. Proof of Reserves tools are a great way to start. With this concept developing fast, investors will be provided with the tools to obtain relevant data on how specific institutions custody their client assets, and do their own research before committing assets to an institution.
Doing this will reduce the chances of investors losing their assets to unfortunate events resulting from poor management of users’ funds by a custodial institution. Investors can also modify or withdraw their investments to minimize losses, in the event that they feel that the platform’s custody practices have become too risky over time.
Present hands-on transaction records
As already explained, Proof of Reserves applications present an institution’s finances in a transparent manner. When done well, platform users can track their personal dealings. Users can view their own activities and make informed decisions and verify that transactions are recorded accurately.
For custodial institutions, it will:
Provides a means to regain and maintain users’ trust
Investors are fast losing trust in custodial institutions. The shadiness discovered in recent events is increasing the fear index for investors using custodial institutions for trading or other financial activities.
Reputable institutions can regain this lost trust by developing good Proof of Reserves facilities and making them available to their customers.
Serves as a source of truth
Regardless of how much effort is being put into ensuring the accuracy of an exchange’s internal record-keeping systems, it is still possible for errors to occur, or even worse loopholes that can be exploited by malicious actors. However, if these were recorded and verifiable on-chain, the hope is that more pairs of eyes will be scrutinizing the records for accuracy.
How Does a Proof of Reserves Audit Work?
Custodial institutions in the cryptocurrency space hold the assets of their customers in a hot wallet from which they serve withdrawal requests from users. Institutions then set apart a cold wallet for safe storage of a portion of users’ deposits. Users obtain a wallet address to make deposits. When deposits are made, they are moved between the hot and cold wallets. Customers of custodial financial platforms are not in total custody of their assets, as the institutions keep the private keys to these addresses.
Details of assets held by the institution can be partly obtained by tracing details of transactions involving their hot and cold wallets.
However, this only presents an aggregated view of the total assets in custody, but doesn’t give a hint of which users own what portion of the total assets in custody. A Proof of Reserves audit makes a deeper study to collate the total assets held by the institution and prove that the users a portion of these assets. This process utilizes the Merkle Tree.
What is a Merkle Tree?
The Merkle Tree is an approach to data structuring that upholds the verifiability of stored data and simplifies attempts to access these data. The Merkle tree is designed to partition related data in such a way that they can be accessed individually without going through each individual branch of data. As rightly named, the Merkle tree contains distinct data grouped into autonomous branches but connected to a single root; this is known as the Merkle root.
The Merkle root is the single point of connection for the data branches and ensures that the right information is stored in each of the data branches. It provides a single point of verification for the whole data tree. It also provides a uniform protection system for stored data, ensuring that data stored in the branches cannot be manipulated or damaged.
Merkle Trees are already the main data management method and core component for blockchains, used to keep track of the constantly growing data set generated by users of the network. As each block added to the chain is identified with a hash, the Merkle tree provides a storage and identification system that stores the data according to their hash, instead of a whole chain. Data in the block can hence be verified using the block’s hash and eliminates the need to compute the whole blocks in the network. Learn more about the blockchain and how it manages data
In that sense, a Proof of Reserve records a mini Merkle Tree of an exchange’s assets and liabilities on-chain. To verify the records, an auditor starts by taking a periodic record of an institution’s asset in custody and arranging the individual data in the record using a Merkle Tree.
Here’s how an auditor creates the Proof of Reserves for a custodial institution.
How a Proof of Reserves Audit is Conducted
First, the auditor or auditing firm takes a snapshot of balances held by the institution and arranges these balances using the Merkle tree system. The pieces of custodial data for the institution are organized into a unified tree of data, branched into partitions, and identified using hash codes.
The auditor obtains the Merkle Root of the data tree; the single point of connection between data in the tree. The individual account that contributed these assets can be identified through their unique signatures.
To verify these individual contributors, the auditor matches the digital signatures to the records on the Merkle tree and verifies that the reported balances of the individual are at least equal to that obtained from the Merkle tree.
Changes to the individual balances are easily detected on the Merkle tree and it creates a sharp shift in the data structure. Through this, it will be impossible for institutions to tamper with users’ balances and go undetected.
While this can be done manually and painstakingly, the auditor or the institution can also proceed to develop an interface for users to verify the custody of their assets using their digital signatures which can be their exchange IDs.
However there are limits to even this system. Mainly, the Merkle tree only matches the snapshot at that specific point in time, and as the reserve balance changes, it will require a newly updated Merkle tree to reflect the change.
Profiling Custodial Institutions using Reserve Data Tools
Now that you’re familiar with the concept of Proof of Reserves, you are ready to dive deeper and perform your own research on different centralized platforms. In the aftermath of FTX’s downfall, various Proof of Reserves tools have quickly emerged, each one offering cryptocurrency investors a way to track the assets or the financial activities of their institutions where it concerns collective funds owned by their different users.
CoinGecko’s Reserve Data
You can go to CoinGecko’s Crypto Exchanges page, and look for the column titled Reserve Data. In this column,you’ll see exchanges labeled as Available or Unavailable.
Available means that certain reserve information is available for users to perform due diligence.
Unavailable means that reserve information is not available on CoinGecko.
If you want to view Binance’s reserve data, click Binance to enter the exchange’s page, where you’ll see the option to look into their Exchange Reserves.
Once you’re inside, you’ll be able to see the exchange reserve data sourced by the CoinGecko team. This data is aggregated from sources including Nansen and DeFiLlama, as well as the exchanges themselves if it has been published.
Do note that while CoinGecko recognizes Proof of Reserves as an important data point for transparency, it is not currently linked to the Trust Score as it is a fairly new priority item for many exchanges, and subsequently penalizing exchanges for not having one at this stage could be an unfair methodology.
However, CoinGecko’s plan is to find a good representation where Proof of Reserves can be applied to the exchange’s Trust Score, so that only exchanges that have made attempts to prove solvency will have a good score.
Nansen’s Asset/Net Worth Dashboard
Here’s how to obtain and track your exchange’s finances using Nansen’s Asset/Net worth dashboard.
Nansen’s Asset/Net worth application tracks wallet activity in real-time. Using its technology, you can view institutional and individual wallet balances across selected chains and explore other specific data that can help estimate the effect of your institutions’ activities on your finances.
-
Visit the Nansen Asset tracking application. You can connect your wallet to track your individual wallet and access the Analytics page for your wallet.
-
On the homepage are listed certain popular custodial cryptocurrency exchanges. Click on the desired institution to view wallet balances across over 40 blockchain networks.
The launch page shows the total amount contained in the exchange’s wallet and how they are divided based on the assets held. In this instance, we used Kucoin Exchange. A recorded $2.6 billion worth of customers’ crypto assets is held by the exchange at the time of this writing. Subsequent information shows how these holdings are distributed.
-
Click the desired network to view assets held on the network. We selected the Tron blockchain, in the image above. About 62% of the assets in the custody of the exchange on the Tron blockchain are held in USDT. You can obtain this data for other chains by clicking the chain.
-
Explore other data by clicking the Analytics tab or by clicking View Full Analytics. Data from the analytics page shows how the exchanges’ assets and asset values have increased over time. You can also obtain the exchange’s wallet addresses and track activities using the chain’s explorer. Here’s a detailed guide on how to use Ethereum’s explorer – Etherscan.
-
For institutions not listed, you can attempt to track their portfolio by obtaining the cold wallet address and searching through the Nansen application for their records. Enter the address on the input box at the top corner of the platform
Conclusion: What’s next?
The recent wave of misappropriation of funds by custodial financial platforms puts the crypto space in a pitiable state. But notwithstanding, the introduction of Proof of Reserves is a silver lining, a key positive development from the tragic events. The industry is collectively pushing centralized exchanges to provide greater transparency, while users may finally have tools to verify and hold exchanges accountable in the near future.
Industry players can also utilize tools like those outlined above to ensure the safety and availability of the funds, establishing a process that could help make the crypto space safer for investors. On the part of the users, this is important. Even as you conduct your personal research and invest in your favorite cryptocurrency projects, also endeavor to demand more transparency from your institutions and verify the safety of your funds, especially if you’re a user of a centralized financial system.
Ultimately for users who are already familiar with public-private keys, the best way to keep your funds safe is to retain full custody of your assets. This is achievable by keeping your funds in your personal wallets instead of exchanges. As much as possible, users should utilize cold / hardware wallets to store funds not actively in use.
For custodial institutions, the importance of handling users’ funds with integrity and high-level carefulness cannot be overemphasized. But now, more than ever, there is a need to also show users how care is being applied and allow them to verify claims about how their funds are being managed.
There is also increased conversation around the need for regulation to prevent future bank runs by institutions like what occurred in November 2022.
As a standard, always apply caution and do your own research before investing in cryptocurrency.