- Crypto Proof-of-Reserves is a technology that has long existed but is seeing rising demands now to be adopted as a standard practice.
- Since the FTX collapse, customers’ faith in various exchanges and wallets has dwindled.
- It’s a technology that secures customer funds held by a crypto exchange.
Crypto Proof-of-Reserves is a technique in the crypto world used to audit custodians like exchanges, reserves, wallets, etc. It ensures that the funds are safe by tracing their trail and ensuring that the company backs the deposits with enough solvent assets. It also monitors that the company does not misappropriate the funds by investing in loss-making deals.
It is usually a third-party audit, the records of which are made publicly available to be seen. It is an effective way to keep a vigilant eye on the company; and that it actually has value in its holdings as it claims in its records.
What are Proof-of-Reserves?
Recent incidents have given rise to distrust among the public regarding various kinds of crypto custodians. In the case of FTX, it only had $900 million of liquid assets for its over $9 billion worth of liabilities. Crypto.com fell because of careless spending in FTX and other ill-investments. Mt. Gox lost a huge amount in a hack. Founders Su Zhu and Kyle Davies have been missing since the hedge fund failed to meet liquidation demands.
These companies seem to have a problem of hiding their reserve funds and even outright lying about them. Being decentralized, they don’t come under monetary policy control for maintaining reserves and regular audits.
Crypto Proof-of-Reserves enables customers to track the real-time location of their funds with a custodian. It’s a cryptographic method of tracking the company’s investments from the customer funds using a data structure called – Merkle Tree. It is done with the help of a third-party audit.
The company can either publicly release its Merkle Tree for anyone to access. A third-party audit team will verify and interpret it to the customers. The auditors can also prepare a Merkle tree of the company for the customers’ utilization.
How does Proof-of-Reserves work
An auditor would first take a record of all the balances registered on the company’s blockchain and then aggregate them into something called a Merkle tree. It is a data structure that uses verified units called ‘Hash trees’. They record the transactions in tree-like structures in a way that a whole transaction trail can be securely established and the funds can be accurately mapped.
The information is stored in hashed blocks and displayed in a way that the customers can trace their funds and know in real time where exactly they are.
Merkle Tree has several branches representing the transactions, each authenticated using hash codes. The client source of the fund can be traced back to the ‘Merkle Root’, while a ‘Merkle Leaf’ represents the current location of the fund. A leaf is usually unique to a client.
After the generation of a Merkle Tree, a third-party auditor compares and verifies the tree with the company’s balances. This is done by utilizing cryptographic signatures, and addresses and hashes on each block. The output is a hash and sum of the address balances.
The auditor then authenticates the firm by comparing the company’s on-chain holdings to the client assets listed on the balance sheet. A Proof-of-Reserves certificate is issued.
The Merkle Tree is employed as a data management tool on the blockchain to monitor on-chain assets and liabilities of the exchange. The customers can live track their deposits on the tree by using the Merkle root. The data is, thus, tamper-proof as any changes made to the rest of the data will affect the root.
Benefits of Proof-of-Reserve Audits
Transparency and due Diligence: The clients can trace their investments in real-time and get reassurance that the firm is solvent, thereby aiding in their due diligence. They can also verify the transparency of the PoR by using Merkle Trees.
Self-Regulatory Compliance: It acts as a self-regulatory technique for the exchanges that makes them maintain enough liquidity. This apparently also sits well with the various regulatory authorities.
Strengthening User Trust: The companies that issue their PoR audit certificates will automatically gain users’ trust as there is a verifiable source of truth.
Privacy Assured Audit: The Merkle Tree technique has many applications on blockchain already. It uses cryptography to allow the auditor to accurately aggregate data of all the customers without publicly disclosing the account balance of any individual customer. Also, a customer cannot see the account balances of another.
Limitations of Proof-of-Reserves
A PoR can only be used by the client to see their investment; it doesn’t give an exercisable control, just information. They can do nothing if the exchange decides to invest it in an unhealthy manner or ill-advised lending. Hence, it doesn’t completely prevent the misappropriation of customer funds.
Unfortunately, a Proof-of-Reserves is only as good as the verifier. It has loopholes that can be leveraged to hide scamming. A third-party auditor could also be corrupt or incompetent to overlook the illegitimacy of the records. In addition, an attacker may hack the customer’s private keys to legitimate balances bluffing the auditor into approving the transaction.
Companies that are Adopting the Practice
While not foolproof, Proof-of-Reserves is one of the most secure ways to monitor and audit investments handed over to a crypto custodian. It is also increasingly demanded to gain and strengthen faith in a company.
Many companies have already started adopting the technique, while some have also issued their PoR certificates. These include CoinBase, Kraken, ChainLink, Gate.io, Crypto.com, Bitfinex, Huobi, OKX, Deribit, and others.