Proof of Reserves: crypto exchanges are trying to rebuild trust
After the FTX collapse, the remaining players are trying to recover confidence with the help of Proof of Reserves (PoR).
Proof of Reserves is an audit method to ensure that a centralized platform holds enough funds in reserve to cover its operations and user balances. Such a check has long been passed by all banks that are required to report on reserves to secure deposits.
PoR gives the impression of transparency to clients and regulators, and it provides them with a sense of security and stability. PoR also guards against fraud by employees of the centralized exchange. The audit is based on cryptographic verification and reduces the risk of misappropriation of funds.
Checking the appropriate amount of reserves involves reviewing all the exchange's balance sheets and comparing them to the funds held in their addresses.
How does a Proof of Reserve audit work?
Proof of Reserves uses the principle of cryptographic proofs based on the Merkle Tree, a hash structure that allows to efficiently track data.
A third-party auditor takes anonymous snapshots of exchange balances and combines them into the Merkle tree to create a common cryptographic hash. It allows you to check the exact balance by checking an anonymous number of balances with verified ones.
The auditor then needs to obtain digital signatures that confirm that the exchange controls the addresses of wallets in the blockchain, where funds are held. If accounts associated with a digital signature have the same or bigger balances as the cryptographic hash data of clients, it verifies that the company is indeed safely holding customer funds.
Criticism of PoR
However, you cannot rely only on Proof of Reserves to prove solvency. Furthermore, only experts who understand the nuances of the process can be convinced of the honesty and quality of the verification performed.
For instance, two auditors, Armanino and Prager Metis, audited the FTX exchange just before it filed for bankruptcy. However, they found no loopholes.
Binance's Proof of Reserves also raised red flags. The exchange published a report that verified reserves and the sufficiency of funds to cover customer deposits. Later, Mazars, a firm that conducted the audit, admitted that they made no representations regarding the provision of reserves.
This comes after Kraken co-founder Jesse Powell criticized Binance's Proof of Reserves report. He tweeted the following:
I'm sorry but no. This is not PoR. This is either ignorance or intentional misrepresentation. The merkle tree is just hand wavey bullshit without an auditor to make sure you didn't include accounts with negative balances. The statement of assets is pointless without liabilities.
Jesse Powell’s tweet
As a result, the centralized platform can falsify the audit or carry it out improperly. Exchanges can manipulate data by hiding unwanted information. Therefore, Proof of Reserves is not a security guarantee without an independent third-party auditor and additional proof of solvency.
Disadvantages of Proof of Reserves
Proof of Reserves may not be a reliable indicator of a fund's safety for other reasons. The loans and debts of the corporation are not revealed in such an audit. Therefore, the exchange can use Proof of Reserves to hide problems under self-regulation and transparency.
Another disadvantage of the method is the inability to reveal and confirm the addresses of the company's reserves after the audit. The platform may borrow funds for reserves in order to give the appearance of solvency, without actually having the necessary funds.
PoR is a solution that is far from perfect, but, nevertheless, if used correctly and responsibly, it helps to confirm sufficient reserves or their inconsistency with the required minimum.