Source: Nic Carter
Compiled by: Katie, Odaily Planet Daily
One year ago, SBF said in an interview with the Financial Times that if FTX became the largest exchange, it would not be a problem to buy Goldman Sachs and the Chicago Mercantile Exchange. Today, one year later, we have witnessed the annual drama event in the Crypto circle.
CZ tweeted today that crypto exchanges should not implement a partial reserve system like banks, and all crypto exchanges should disclose proof of reserves. Binance will soon start making proof of reserves to maintain full transparency. Subsequently, OKX announced plans to release proof of reserves within the next 30 days; Bitget also said it would publish proof of reserves.
Will the proof of reserve be the antidote to curb the "earthquake" in the cryptocurrency circle? Odaily Planet Daily will take you to explore the significance of reserve funds to the crypto industry and review the latest progress of reserve fund proofs of major crypto trading platforms and other institutions.
What is Proof of Reserves?
If I could do one thing to improve the industry, it would be to convince every custodial provider in the crypto space to adopt regular Proof of Reserves procedures.
Proof of Reserves means that a custodial business holding cryptocurrency should create public proof of its reserves and match it with proof of user balances (liabilities). In theory:
Proof of Reserves + Proof of Liabilities = Proof of Solvency
The idea is to prove to the public (especially your depositors) that the cryptocurrency you hold in deposits matches the user balances. Of course, in practice this is not that simple. Proving that you control some funds on-chain means little, you can always borrow these funds on a short-term basis. So, point-in-time verification is relatively meaningless.
Additionally, exchanges may have hidden liabilities or creditors that claim priority over depositors, especially if they unlawfully “differentiate” customer assets on their platforms. This is why the Wyoming SPDI Act is so important, clarifying the legal position of depositors vis-à-vis custodians.
Proving liabilities is tricky and usually requires a full assessment by an auditor. For example, an exchange can omit certain liabilities to "cheat" PoR (Odaily Planet Daily Note: Reserve) verification. This is why I recommend both user-oriented PoR protocols that allow users to gain "herd immunity" by collectively verifying their personal balances, and auditor-oriented PoR protocols to prove that the claimed liabilities are real.
Another issue is that exchanges may have unstated liabilities that a pure cash flow analysis may not capture. For example, given the confusing regulatory and legal landscape in which many exchanges exist, there is no guarantee that depositors will have priority over creditors in the event of bankruptcy. This means that, in the worst case, a large debt may contain a hidden liability that undermines depositors' claims on reserves. This is why I recommend including an auditor in the PoR process so that these more complex liabilities (and the assessment of depositor priority) can be understood. In simple terms, exchanges should adopt a legal policy that has absolute privilege and priority over all creditors.
Therefore, the Proof of Reserves scheme is not completely untrustworthy. It is still worth a try for the following reasons:
This is good ‘housekeeping.’ Regular PoR validation shows your end users that you are in good shape and that you are vigilant about solvency;
This is a strong self-regulatory measure. If exchanges adopt PoR en masse, regulators may be more inclined to take a light-touch regulatory approach. It is much better to operate in relative freedom through voluntary self-regulatory measures than to be subject to heavy regulatory enforcement measures later;
It makes fractional reserve banking impossible to hide, thus helping to protect against “toxic” operators. The failure of these exchanges has serious repercussions for the industry as a whole, so it is in everyone’s interest to avoid them.
Some people are not convinced of the impact of Proof of Reserves (PoR) in the industry, believing that it is not yet perfect. Currently, there is little transparency on industry standards. Exchanges that are more strictly regulated, for example, under the NY Trust License, sound more convincing in their claims of being fair stewards of user funds.
Some exchanges gain banking partners through audits, but these audits are typically not consumer-facing and many exchanges are lightly regulated. A stronger trust signal would require allowing depositors to personally verify that their deposits are actually in the control of the exchange. If we let the “striving for perfection” get in the way of adopting processes like PoR, we’ll likely end up with a worse situation where exchanges are subject to onerous, top-down regulation. I’ve always preferred proactive self-regulation driven by the industry to state regulation.
In my opinion, "Proof of Reserves" (PoR) refers to a specific procedure in which a custodian transparently proves the existence of on-chain reserves and then provides an equivalent proof (usually with the help of an auditor) that the outstanding liabilities do not exceed those reserves. The term generally refers to related procedures. For example, stablecoin validation is sometimes referred to as PoR. But in this case, it's the liabilities on-chain and the reserves in the banking system. In my opinion, Proof of Reserves specifically refers to the procedure by which an entity proves the existence of crypto reserves that match certain notes they have issued.
PoR status of some industry players
Entities that have recently performed PoR validation (updated 11/07/22):
Kraken (auditor assisted, user verification using merkle method, point in time) (November 8, 2022)
Nexo (auditor assisted, ongoing) (verified daily)
Coinfloor (self-assessment, user verification using merkle methods, ongoing) (August 2021)
Gate.io (auditor assisted, user verification using merkle method, point in time) (May 2020)
HBTC (self-assessment, user verification using merkle method, performed by point in time) (May 2021)
BitMex (self-assessment, user verification using merkle method, point in time) (August 2021)
Ledn (using the merkle method for user verification, ongoing [every six months]) (August 2021)
Partial Verification
Revix (audit firm assisted, no user verification, point-in-time) (Q3 2022)
Bitbuy (forensic company assisted, no user verification, conducted by time point)
Shakepay (assisted by a forensic company, no user verification, conducted at a point in time)
other
TrustToken True Currency stablecoins (auditor assisted, verified daily)
CoinShares (XBT provider ETP with Armanino real-time verification)
Note: I am stating these "as is" and do not endorse or guarantee their correctness.
common problem
If you mean "proof of solvency", why do you say "proof of reserves"?
Proof of Reserves sounds better, solvency is a higher standard. Ideally, PoR should be combined with a full accounting of known and hidden debts, resulting in stronger solvency guarantees.
Will exchange/user privacy issues be leaked?
As long as exchanges make the total value of deposited assets known, they do not have to reveal any additional information. In practice, it is not important to determine how many tokens an exchange has, and many third-party providers actively publish this data. Therefore, attempts to hide the amount of deposited tokens are doomed to fail anyway. Through the Proof of Accountability tool, user information is anonymized and decentralized. This allows only users who know their account ID and balance to verify that they are included in the merkle proof without having to spy on other users.
So what about the privacy issues of DEX?
The growth of DEXs is exciting and significant for the industry. However, there is a clear preference among cryptocurrency users for custodial ownership, at least for a portion of their tokens. Self-custody is hard and not for everyone. About 20-25% of BTC and ETH are held in custodial environments. By encouraging custodial exchanges to adopt PoR, I hope to improve user assurance for custodial exchanges.
Do you need an auditor?
In the case of BitMEX, I believe users were given ample assurance without a third-party auditor. In fact, by running the process, users could be certain that BitMEX controlled a specific amount of BTC and that their account balance was included in the final merkle balance tree, so that if enough users ran the analysis, you could get reliable assurance that BitMEX was not selectively excluding any liabilities and thus overstating their solvency.
In this case, only BTC is attested in a relatively simple full reserve setting. However, in a more complex setting, where it could be a fractional reserve model or a more bank-like environment, or with multiple assets, even non-blockchain assets and potentially fiat assets, then you will need to merge auditors. Armanino LLP has been conducting PoR procedures for many years and is an expert in this line of work.
I want to adopt PoR, do you have any recommendations?
I recommend updating your legal terms to clarify:
a) Separation of customer deposits and working capital;
b) The priority of customer deposits in liquidation;
c) your responsibilities, if any, to depositors under your regulatory regime.
As for adopting a PoR strategy, I recommend a merkle approach to ongoing, auditor-augmented, user-verifiable proofs of solvency. Point-in-time proofs are not enough. I recommend using auditors to assist and prove the liability side. Currently, Armanino, Mazars, and KPMG are known auditing/accounting firms that provide these services. I strongly recommend allowing depositors to use the Maxwell/Todd merkle approach to verify that their balances are included in the proof of liability.
Why do I need the assistance of an auditor or external third party?
In order for users to have confidence in the status of their accounts, it is necessary to hire a trusted auditor who is willing to risk their professional reputation to assess the liabilities.
Who are the market leaders in PoR/real-time validation?
Armanino is the market leader. They have by far the most professional programs and services in the industry, as well as the most active clients in the field. I hereby declare that I have no commercial relationship with them in any form.