The unfortunate collapse of the FTX and Alameda research has brought a wave of fear amongst the crypto community. The incident has led to a number of questions appearing in the crypto space. Are centralized exchanges(CEXes) safe? Are my cryptos secure in CEXes? Will decentralized exchanges replace CEXes?—and many more.
FTX’s recently highlighted shenanigans have given birth to some really serious concerns over the credibility and trustworthiness of centralized crypto exchanges.
FTX covertly transferred its user’s crypto assets into its sister firm, Alameda research leading to a liquidity crunch amidst numerous withdrawal requests. This ultimately led to FTX filing for bankruptcy on 11 November, 2022.
Undoubtedly, FTX pushed an already bleeding crypto market into an even miserable position. Amidst this prolonged crypto bear rush and rising anxiety of several worried investors— Binance CEO, Changpeng Zhao (CZ) called centralized cryptocurrency exchanges to publish their Proof of Reserves— for greater transparency and enhanced user confidence.
Proof-of-reserve is not a new concept. In fact, the idea of PoR got a slight push following the Mt Gox crisis in the year 2014 but later it lost momentum. After the FTX collapse, the idea of publishing POR has again come into prominence and is now being intensely debated and discussed. In fact, well-known crypto companies like Binance and crypto.com have already started the process of filling their PoR.
Let’s talk about Proof-of-reserves in more detail.
What are Proof-of-reserves?
A Proof-of-Reserves (PoR) is an independent audit carried out by a third party, which seeks to verify whether a custodian actually owns the assets it confirms to be in possession of, on behalf of its users. While taking a snapshot of each balance, PoR requires representation of all held balances into a Merkle tree—a privacy-friendly data structure—containing all client balances.
- PoR is similar to taking a cryptographic snapshot of all crypto tokens and coins held by a cryptocurrency exchange, including both assets and liabilities using a Merkle tree.
- It is supposed to be done with the help of a third-party auditor.
This brings us to our next question—
What is a Merkle tree?
Merkle tree, or a hash tree, is a tool for storing cryptographic data in the form of a tree. It permits reliable and secure scrutiny of data and synchronization of large structures of data. In a Merkle tree, every leaf or node is marked with a cryptographic hash of its child’s nodes.
A hash function converts an input into a fixed output known as a hash. The output is distinct for each input, allowing data fingerprinting. As a result, enormous amounts of data can be recognized using their hash.
A Merkle tree is an example of a cryptographic commitment scheme in which the tree root is a commitment, and other nodes are parts of the original commitment.
In the above example, the hash root is the hash of the entire tree. The root hash serves as the fingerprint for all data, consolidating huge data into a single hash.
Merkle tree structure is an efficient mapping technique for large amounts of data, and minute changes can be easily identified.
Using the Merkle tree for Proof of Reserves assessments allows verification of individual customer accounts to be included in the liabilities report scrutinized by a third-party auditor.
How does Proof of Reserve work?
Proof of Reserve of crypto exchange aggregated into a Merkle tree contains—a Merkle root— a cryptographic fingerprint of the entire data, showing the balances at an instant when the snapshot was taken.
Following this, ownership over the on-chain addresses with user-verifiable balances is established using digital signatures amassed by the exchange platform.
Since Merkle trees are a part of the blockchain, i.e., a decentralized distributed ledger, anyone can check and analyze if the balance matches the user balance shown by the Merkle tree.
The process can be self-attested or carried out by an independent third party, which is a more credible and trustworthy route.
What are the different types of Proof-of-Reserves?
A few blockchain analytics companies categorize the implementation of the proof-of-reserves in two ways: On-Chain and Off-Chain.
On-chain proof of reserves
In this case, a proof-of-reserve smart contract is deployed on one blockchain network, which gets data feeds with every block added to the chain from chainlink’s oracle specifying a user’s on-chain asset on other blockchain networks.
Off-chain proof of reserves
On the other hand, off-chain PoR involves a third-party provider. It receives API permission from a crypto exchange and other stakeholders involved in that exchange, including the auditor or custodian, to autonomously verify the exchange’s assets.
How can Proof of Reserve increase user confidence on exchange platforms?
Following FTX, there is renewed interest in Proof of Reserve. A number of exchanges, including Binance, Gate.io, KuCoin, Bitget, OKX, Deribit, and others, have expressed interest in publishing proof of reserve. Following are the benefits of publishing a crypto exchange’s PoR.
- A third-party auditor completes the proof of reserves, aka proof of reserve audit, by creating a snapshot of the firm’s balances to show credible “proof” that the crypto firm has enough assets to service its liabilities at any moment. Customers can withdraw their funds at any time, giving them a sense of trust that the crypto firm is not at risk of a liquidity crisis.
- Proof of reserves uses a Merkle tree (or hash tree), a secure data structure aggregating all customer balances without disclosing personal data. The Merkle root provides access to the total aggregate data.
- It also provides insights into fiscal discipline adopted by a crypto company regarding maintaining its balance sheet, particularly customer funds.
What is a Proof of Reserve audit?
Proof of reserve audit is a recurring third-party audit that confirms a centralized platform’s fund reserves.
A crypto company’s proof-of-reserves (PoR) audit results in a certification known as an attestation, which shows a company’s current reserve balance. Audits can be performed periodically, but some cryptocurrency firms provide a real-time PoR balance on their website that is updated regularly during the day.
It gives a clear overview of the platform’s financial state and whether it has enough funds to meet customer deposits. Users may utilize the cryptographic method to check their account balance.
Is Proof of Reserves enough to keep my crypto assets secure?
No. Even if an exchange platform has conducted a thorough PoR, there is no guarantee that your cryptos are safe.
Users would still have to trust the crypto exchange’s security standards and wallet addresses. They can only partially put their trust in an exchange or a third-party wallet. Investors must recognize that in order to protect their funds, they must regulate the private keys to their crypto assets.
The goal of proof of reserves is to balance the inherent transparency of blockchains with the ease of centralized exchanges. Although proof of reserves assures that a crypto firm has the assets needed to cover its liabilities, it is only a solitary point in time and not a continuous accounting of balances over time. It only displays the custodian’s on-chain assets and doesn’t record where they originated.
In fact, there have been debates over crypto exchanges that borrow assets to showcase a robust financial position but return to their initial position soon after the PoR. Hence, a third-party audit is imperative for building trust in the crypto community.
Following the FTX debacle and amidst the shout around the PoR, many crypto firms, including Binance, have released a crude PoR. It majorly involved putting the wallet addresses and showcasing the asset side of the balance sheet. In contrast, PoR is incomplete without PoL or Proof of Liabilities.
A PoR must disclose the liabilities to paint a full picture of the crypto exchange’s financial health. The difficult part is corresponding assets to outstanding liabilities. A crypto exchange can accomplish this by adding up its user balances, anonymizing them, and publishing the data in Merkel tree format. Depositors can then confirm that they belong to the liability set
Can DEXes replace CEXes amidst users’ mistrust?
Non-custodial exchanges enable users to self-custody their assets. Hence, there is complete confidence that the user’s funds are available at all times with the user’s full authorization. The funds are not even accessible to the exchange.
Proof of reserves is definitely a step in the right direction for any crypto firm, ensuring transparency and cryptographically proving that it has sufficient liquidity. With a number of regulations already lined up for the crypto industry, any crypto exchange or company that holds assets on behalf of its users would be in an advantageous position from a PoR audit. Although the process has its own downsides and is not a guarantee for the user’s asset security, it can still bolster the user’s confidence, imparting a certain level of transparency in the system.