Summary

Cryptocurrency custodians use Proof of Reserve (PoR) audits to prove that they hold all their users' funds. Binance conducts and publicly publishes internal audits, which third-party auditors help verify using cryptographic techniques to prove that user funds are securely held in the company's reserves. Binance users can also independently verify that their account balances are included in these audits.

Introduction

Cryptographic proofs enabled by blockchain technology facilitate transparency in financial transactions of crypto exchanges. Proof of Reserves (PoR) further enhances this transparency by creating a framework for auditing crypto custodians.

However, although this is a step in the right direction, PoR still needs improvement to make the ecosystem more transparent and trustworthy.

What is Proof of Reserves (PoR)?

A PoR audit aims to ensure that custodians hold their clients' funds in full. Cryptocurrency custodial companies use PoR audits to prove to their clients and the public that their funds match their users' balances. These audits are conducted by independent third parties to eliminate any possibility of data falsification of reserves.

PoR is essential for several reasons. First, it allows users to verify that the balances they hold on a cryptocurrency exchange, for example, are backed by real assets. Second, it pushes companies to adhere to transparency standards, making it more difficult for them to engage in dubious or illegal financial activities.

Ideally, PoR should benefit both users and companies. It protects users by minimizing security risks and shielding them from malicious actors. At the same time, it helps companies retain users by increasing their reliability.

The ability to audit cryptocurrency exchanges creates a more transparent cryptocurrency ecosystem. For example, PoR prevents exchanges from acting like banks that lend deposited assets to third parties.

Similarly, exchanges cannot use user deposits to invest in other protocols or companies. In other words, PoR eliminates the risk that companies maximize their profits using users' funds.

With PoR, any entity can prove that a crypto exchange holds all user deposits. Therefore, exchanges are naturally encouraged to manage these funds properly, as doing the opposite would lead to a loss of user trust and affect their future.

How is a PoR verification conducted?

In the PoR verification, the auditor checks the inclusion of each account balance using cryptography. Several key steps are necessary to perform this verification.

First, the auditor takes a snapshot of all account balances. They then convert the fund data into a Merkle tree, which is used to structure large amounts of data for simpler processing.

A user's balance data is hashed into a 'leaf'. A group of 'leaves' is then hashed to form a 'branch', and a group of 'branches' is hashed to form a 'root'.

Next, the auditor can use different methods to verify the ownership of the user's address. On Binance, for example, an auditor has three ways to identify ownership. When the process of extracting this information is executed by the exchange, it is also verified by the auditors.

  • Cryptographic message signature: An auditor will provide the exchange with a unique message to be cryptographically signed using its associated private key(s).

  • Specific fund movements: The exchange is required to perform a 'specific fund movement', where the management of the exchange will move a specific amount from a public key/address at a specific time and obtain a transaction hash to verify the transaction on the blockchain where it occurred.

  • Address search on a blockchain explorer: the auditor can also search for the ETH and BSC addresses (in the case of Binance) on Ethereum and BscScan respectively to ensure that the addresses have been marked as belonging to the exchange.

If the balances match after these verifications, the PoR audit will be validated and the exchange will have proven that it holds all of its users' funds.

PoR: limitations and potential improvements

The balances of a cryptocurrency exchange change as users move their assets. The problem with PoR is that it only verifies the accuracy of reserve balances at a specific moment. This can be problematic, as any issue that arises after the audit would be detected too late, and the custodian might even hide this situation.

It is also important to note that these audits are performed by third-party companies, meaning that the audit results may depend on the skills of each auditor and can be influenced by external interests.

But how can a cryptocurrency exchange improve its PoR audits to establish and maintain user trust? It can start by shortening the intervals between audits to ensure there is no suspicious financial activity between cycles. An exchange could also engage a reputable third-party company with no conflict of interest with the exchange or associated organizations.

Cryptocurrency exchanges use PoR to provide more transparency, which is essential during times of financial turmoil. By using mathematics and cryptography instead of relying solely on trust and communication like the traditional banking system, blockchain technology can offer a better way to audit the financial market.

Verify that your account has been audited

You can also check the inclusion of your Binance account in the latest PoR audit. To do this, please follow the instructions below.

  1. Log in to your Binance account and hover over 'Wallet'. Then, select the 'Audits' tab.

  1. You will see all recent audits in which your account balance was verified through the PoR process.

  1. Select a specific audit for which you would like more information. You will also be able to download the Merkle tree.

In conclusion

You can access a PoR audit to see if a crypto custodian holds the entirety of the reserves of your funds and those of other users. Audits should deter cryptocurrency exchanges from mismanaging user funds and contribute to improving transparency in the crypto space.

PoR is the first step to regaining and maintaining the trust of crypto users. Moreover, it sets more requirements for exchanges, which should prioritize the security of user funds while making it more transparent.

More information:

  • What is fractional reserve?

  • Beginner's guide to security tokens

  • What is quantitative easing (QE)?

  • The psychology of market cycles

  • The Beginner's Guide to Cryptocurrency Trading Strategies