Proof of Reserve: A Step Towards Transparency

Merkle Science
October 14, 2024

November 11th, 2022 will forever be remembered as the day FTX, one of the world’s largest and most reputed cryptocurrency exchanges, filed for voluntary bankruptcy. The company’s shocking fall from grace has led to at least $1 billion of customer funds disappearing altogether.

The collapse of the crypto exchange FTX and its subsequent bankruptcy filing underscore the need for robust digital asset risk compliance. While the FTX fallout has accelerated pressure for increased regulatory scrutiny, it also offers stark lessons in risk management, disclosure, and oversight.

It is imperative to mention the timeline and cascading effects of this fallout and how it acted as a catalyst for the 4th biggest bitcoin capitulation causing holders $10 billion in losses. The details available with the authorities suggest that:

  • 1) Sam Bankman's crypto venture FTX owes its top 50 unsecured creditors a combined $3.1 billion, with a handful of clients owing more than $200 million each. 
  • 2) FTX-affiliated companies owe their single largest creditor more than $226 million, according to a redacted list of the top 50 creditors released on 19th November. All of them were named customers, and 11 of them demanded nearly $100 million, according to the papers.


To understand the full chain of events, here is a brief timeline leading up to the fallout:

FTX’s Downfall

The FTX downfall can be traced back to its close links with Alameda Research, a cryptocurrency hedge fund that Sam Bankman-Fried (SBF) founded. Concerns about FTX surfaced after CoinDesk published a piece disclosing that majority of Alameda Research's holdings consisted of FTT, native token of the FTX.

Because FTT could not be converted to cash easily, the study highlighted worries about Alameda Research's capital reserves. In response to the report, Binance CEO, Changpeng Zhao, known as CZ, stated that he will sell all of Binance’s shares of FTT for $580 million.

This massive selloff by a crypto behemoth provoked a larger withdrawal, creating extra pressure on FTX to accommodate the escalating demand for client withdrawals. Due to a liquidity shortage, FTX suspended all customer withdrawals.

Binance, the cryptocurrency exchange whose CEO largely contributed to the selloff, previously agreed to buy FTX. SBF was optimistic about the deal, saying that it is “a user-centered development that helps the entire industry.” He further added that "CZ has done and will continue to do an excellent job building the global crypto ecosystem and creating a more decentralized economic ecosystem…What is important is that the clients are protected," he continued.

Unfortunately, Binance’s due diligence into FTX combined with recent press stories indicating abuse of customer assets and probable US government investigations caused the deal to fall apart, leaving FTX with no path forward.

The failed acquisition set in motion a chain of events which started with Sequoia Capital reducing its over $210 million holding in FTX to zero. Meanwhile, the SEC and the Justice Department launched investigations into the alleged mishandling of user funds by FTX, according to the Wall Street Journal.

In the aftermath of the collapse, the cryptocurrency ecosystem is yearning for a more robust disclosure mechanism to be adopted by centralized cryptocurrency exchanges - one that strengthens user security, ensures privacy protection, and provides transparency into how funds are managed and maintained.

To achieve the above-mentioned properties, one mechanism that is currently gaining interest is the concept of ‘Proof of Reserves’ or PoR. Proof of Reserve provides transparency into the total amount of funds and allocation funds held by an exchange. PoR is not only limited to exchanges, but any entity holding client funds can use this technique to ensure its clients that their funds are in reserve and are truly backed 1:1. This in theory would help identify red flags, prevent misuse of clients funds, and can avoid Alameda and FTX-like events from happening in the future.

What is Proof of Reserve?

Exchanges have always been vulnerable to hacks. As the value of cryptocurrencies rises and cryptocurrencies gain popularity, the stakes have also become higher. In 2014, Mt.Gox, once the largest Bitcoin exchange, filed for bankruptcy after losing 850,000 Bitcoins (worth about $450 million at that time). Since then, there have been numerous other exploits such as the Wormhole Protocol hack in February 2022 and the Ronin Network hack in March 2022, where the hackers stole $320 million in wETH (Wrapped ETH) and 620 million in ETH and USDC tokens, respectively.

Proof of Reserve (PoR) requires exchanges to confirm that digital assets like fiat-backed stablecoins and wrapped tokens are collateralized by the appropriate value of assets. It entails an impartial audit carried out by a third party auditor to verify that a custodian of digital assets genuinely owns the assets that it represents to its clients. 

To prove that they have the reserves to cover all customer deposits, many exchanges such as Huobi, Binance, Crypto.com, Deribit, KuCoin, OkxKraken, BitMEX,  are now using PoR. The idea is to demonstrate to the depositors that the cryptocurrency held on the deposit matches the user balances. PoR provides the transparency essential for cryptocurrency protocols, markets, users and regulators, ensuring a fair and authentic environment in the ecosystem.

How does Proof of Reserve Work?

PoR relies on a technique called a Merkle Tree (also known as a binary hash tree) to provide a cryptographically secure method of verifying assets in a reserve. 

The Merkle Tree data structure is used to verify the integrity of the data by comparing a hash of the data to the hash of the root node. If the two hashes match, the data is considered to be valid. 

Here is How PoR Works:

  • An independent auditor takes a snapshot of all the user balances held by a cryptocurrency exchange and aggregates them into a Merkle Tree. By storing these hashes in a Merkle Tree, it becomes possible to verify that a given transaction is included in a block without having to check the entire block. This is essential in ensuring the privacy of users, as it means that their transaction data can be verified without revealing their identity.
  • To further ensure privacy, each user's balance is also hashed with a unique salt before being stored in the Merkle Tree. This makes it impossible to determine the balance of any given user without knowing their salt. In cryptography, salt is a set of random data that is used as an additional input to a one-way function, that hashes data, a password and a passphrase.
  • Here, only those with access to the user's salt can view their balance. This ensures that even if someone were able to view the contents of the Merkle Tree, they would not be able to determine which account belongs to which user.
  • This dataset is then run through a cryptographic hash function through which the auditor obtains a Merkle root - a cryptographic fingerprint that uniquely identifies the combination of balances. 
  • The auditor gathers the exchange’s digital signatures that show the total number of assets held in reserve at a point of time and verifies whether or not it matches the user balances represented in the Merkle tree, therefore ensuring that the client’s assets are held safely and the protocol is backed by assets to efficiently meet all withdrawal requests. 

 

Furthermore, the Merkle Tree makes it easier for users to check whether their accurate account balance was included in the audit by comparing selective data within the Merkle Tree. They can verify this in two simple steps:

  1. Hash their account balance and unique ID
  2. Search for it in the Merkle Tree 

 

How To Build a Merkle Tree For Proof of Reserve?

Gate.io sheds light on the steps that can be used to create a Merkle Tree including:

 

  1. Hashed user ID(UID) and user balances are first extracted from the exchange data. 
  2. Each pair of hashed UID and user balance is hashed respectively, and then connected to the underlying block.
  3. Leaf nodes of the Merkle Tree are generated using the same hash function for each data block. 
  4. The resulting hashed data is hashed together in pairs to create the parent nodes. This process continues until a single hash known as the ‘Merkle root’ is obtained. 

           

image2

                

 PICTORIAL REPRESENTATION OF A PROOF OF RESERVE MERKLE TREE

                                                                                                                                 IMAGE: GITHUB.COM

Ensuring Transparency

Proof of Reserve ensures transparency with the help of a Merkle Tree. It is a privacy-friendly data structure that assures quick and easy verification of large volumes of data, enhancing accountability, credibility and trust between protocols and their users. 

Merkle Trees are also ideal for data integrity since user data is anonymized using a unique salt before being added to the Merkle Tree. Each user’s balance can only be viewed if one has access to this salt. 

Is Proof of Reserve enough?

Proof of Reserve is one of the two variables in the Proof of Solvency equation. PoR only paints half of the picture, whereas disclosing an exchange’s liabilities gives a fair idea of the exchange’s status. Proof of Solvency in theory would be an optimal way for clients, partners, and third parties to verify the solvency of exchanges without compromising their users’ privacy.  

Here, an exchange first needs to prove custody and ownership of the reserves. Next, it would publish the liabilities on its books. Once both of these are known it becomes fairly apparent if the exchange has enough reserves to cover its liabilities. This output is what we call “Proof of Solvency”, which can be used to build trust and transparency between the exchange, its clients, and regulators and prove that an exchange is backed by assets enough to meet all withdrawal requests at any given time. 

 

Proof of Solvency = Proof of Reserve + Proof of Liabilities 

 

Does Proof of Reserve say Anything about Liabilities?

Without the context of total liabilities, proof of reserve becomes almost irrelevant. Where proof of liabilities requires careful reviewing by an independent auditor, perhaps multiple auditors are required to ensure all unique financial products such as staking, interest accounts, rehypothecation, collateralized loans, etc. are accounted for to provide full coverage and a high level of confidence in the total amount of liabilities.

Generally, the ratio between the reserves and liabilities provides the only health status indicator. Wherein larger reserves and lower liabilities are considered “safer”. Unfortunately, this is also easier said than done.

A few of the primary challenges with this approach include: 

  1. Ensuring complete coverage of liabilities
  2. Funds being moved to generate a more financially beneficial balance snapshot
  3. Enabling creditors to review and verify the liabilities (as well as report any fraudulent data).

 

One approach to solve this comes from Nic Carter “This is why I recommend both a user-facing PoR protocol, allowing users to obtain ‘herd immunity’ by collectively verifying their individual balances, and an auditor-facing PoR protocol, to prove that the claimed liabilities are faithful to reality.”

What is the role of an Auditor?

The auditor is responsible for collecting data from financial institutions and exchanges and verifying whether or not it matches the user balances mentioned in the Merkle Tree. 

To help enhance trust and transparency in the industry, Gate.io has made its Proof of Reserve auditing solution open-source. In 2020, Gate.io became the first exchange to provide third-party certified, user-verifiable Proof of Reserve audit. 

The company carries out audits with the help of a leading U.S. firm: Armanino LLP. Armanino LLP first conducts an audit and publishes the report on Gate.io’s reserve alongside user account balances that are compiled and encrypted using Merkle Tree. Users can then independently verify if their account balances are reflected in the reserve report correctly. 

Is it Possible To Cheat Proof of Reserve By Borrowing From Other Exchanges?

Unfortunately, yes. To cheat a PoR, exchanges may borrow funds to pass an audit and omit certain obligations. For this reason, it is recommended that a reputed, independent third-party auditor implements an audit for a crypto exchange or project that can ensure maximum security for investors, traders and regulators. 

What are The Limitations with Proof of Reserve?

While Proof of Reserve can offer transparency and enhance the credibility and trust between protocols and its users, it also has some limitations:

 

  1. Although Proof of Reserve discloses custody over on-chain data at the time of an audit, it cannot verify the exclusive ownership of a private key. 
  2. Proof of Reserve cannot determine whether the disclosed assets are held by an exchange in reserve or have been borrowed to pass an audit. 
  3. Proof of Reserve offers users a false sense of security. Audits provide an overview of assets held on the platform’s associated addresses without disclosing the company’s liabilities or obligations to their customers.

Companies Disclosing their Proof of Reserve 

After the collapse of FTX, one of the largest cryptocurrency exchanges, Binance published its Proof of Reserve disclosing $69 billion in assets. As of November 10th, Binance held 475,000 BTC, 4.8 million Ether, 17.6 billion USDT, 601 million USDC, 58 million BNB, and approximately 21.7 billion in its own stablecoin, BUSD. The total reserves held by Binance as of 10th November, was approximately $69 billion. 

To enhance transparency, several exchanges like Crypto.com and Okx published a list of their hot and cold wallets.