The Status of Proof of Reserve as of Year End 2022

A bright spot in an otherwise bad year

Image courtesy of BitMEX Research

Who has done a PoR recently?

Click for full size
  • Impressively, I found that these exchanges in the aggregate underwent Proofs of Reserve covering $33b worth of assets (or 4% of total crypto market cap). Of course, these attestations are of varying quality, but it’s still a good and growing level of coverage. This is not to say that the other tens or hundreds of billions of custodial cryptoassets are not safe — many are with credible institutions like Coinbase, Fidelity Digital Assets, Gemini, etc.
  • Only BitMEX and Deribit are undertaking these procedures with a high frequency. This is doable because they don’t rely on auditors to oversee their process. Kraken has a slower cadence due to their usage of an auditor for oversight. For auditor-overseen PoRs, I don’t expect much faster than a monthly policy.
  • Only BitMEX and Deribit allow third parties to verify liabilities for themselves. Most of the exchanges covered allow their clients to individual verify whether their liabilities are included in the set (thus creating a kind of ‘herd immunity’ assuming that some clients actually did the verification and found it proper), but mostly these exchanges didn’t publish the full liability set. However, as a third party, I much prefer the model where anyone, whether a client or not, can undertake the verification for themselves.
  • Armanino and Mazars oversaw all of the PoR attestations where there was an auditor present, and they’re both out of the PoR market now. This is problematic for the sector. I’m hoping a few audit firms dip their toes back into the water. In the short term I expect these exchanges will mostly be unable to persuade audit firms to oversee their PoRs, as the public backlash against these audit firms has been pretty fierce.
  • There’s still a lot of room for improvement. My six point test (elaborated below) lays out very simple ways to improve. For a few exchanges, simply committing to running a PoR on an ongoing basis would help their score. For others, covering a larger share of assets or introducing an auditor would help. Generally, it is not too difficult for exchanges to improve their scores, should they want to.

Does ‘Proof of Reserve’ not count liabilities?

It’s frequently said that PoR refers to only half of the equation. This mostly stems from a terminology issue. When I, and most others that have been tracking PoR for a while, refer to PoR, we are talking about the procedure whereby both the assets and the liabilities are attested to. Proof of Reserve dates back to at least 2014 (arguably, Mt Gox’ infamous 424,242 BTC transaction in 2011 was the first attempt at a PoR, but it included only the asset side), and even back then, PoR was used to refer to both the assets and liabilities.

What do you make of the recent Proofs of Reserve?

I am very encouraged exchanges are taking up the practice. Not all of the recent PoRs are the same though. On my PoR tracking site, I have split up recent exchange attestations into ‘gold standard’, ‘good quality’, and ‘other’ to reflect these distinctions. To get the gold standard label, the exchange should do the following:

  • Satisfy the basic qualities of a PoR: cryptographic attestation to assets held, and a disclosure of liabilities
  • Optionally, but optimally, incorporate a third-party auditor in the process, to ensure that the attested-to liabilities match the internal database
  • If no auditor is involved, demonstrate a high level of credibility by undertaking a PoR for substantially all of the assets on the platform, and allowing third party verifiers to check the completeness of the liability set, including the non-negativity of liabilities
  • Commit to an ongoing procedure. There is a wide spectrum of frequency, and this is due to the different types of PoRs (supervised and unsupervised). I would like to see quarterly for PoRs supervised by auditors. For unsupervised ones, a more frequent cadence is possible
  • Did the entity perform cryptographic verification of assets held? (1 pt)
  • Does the PoR cover the vast majority of assets on the platform? (1 pt)
  • Is the procedure undertaken on a recurring basis with reasonable frequency? (1 pt)
  • Can users verify their inclusion in the liability set? (1 pt)
  • If the exchange has complexities around margin and lending, are these fully accounted for in the PoL? (1 pt)
  • Did a credible auditor provide oversight over the liability attestation? (1 pt)
Click for full size
  • Is the entity able to prove exclusive ownership of assets held?
  • Is the entity able to demonstrate that there is no window dressing to shore up cash positions prior to PoR attestations?
  • Does the entity clearly stipulate the segregation of client and operating capital?
  • Does the entity clearly ensure the seniority of client deposits in a bankruptcy or liquidation scenario?
  • (Longer term) Is the entity part of a consortium of provers collectively attesting to the non-duplication of client deposits?

Should exchanges release only the merkle tree or a full list of liabilities?

There’s a degree of controversy over this. Exchanges aren’t keen on releasing a full dump of liabilities like BitMEX or Deribit do. If they have 100m+ users, like Binance does, such a file would also be insanely large and unwieldy. And even if you split up balances randomly, you’re still releasing a lot of data — and there’s always ways to extract some signal from such a large dataset.

What’s next for Proof of Reserve?

Now that PoR appears to be catching on, there are many possible refinements. The core procedure hasn’t changed much since it was proposed by Maxwell in 2013 — improvements have been largely incremental. It was 2015 when the Provisions paper was first published proposing ZK proofs for a more privacy-preserving liabilities side, and yet we still find ourselves with no deployed implementation of the idea. Newer schemes like Ji and Chalkias’ Generalized Proof of Liabilities rely on Zk proofs (specifically, bulletproofs) and look promising, though.

  • ZK proofs of liabilities. These don’t leak client data but still provide credible attestations. The merkle approach, even if privacy is sought by splitting up accounts into random pieces, still leaks all sorts of data regarding client behavior. I think exchanges should be comfortable sharing aggregate deposits, but they may not wish to share the distribution of ownership on a weekly or daily basis. Eliminating these privacy concerns makes exchanges more likely to pursue PoR and on a more frequent basis.
  • Legal and contractual assurances on top of PoR. PoR is not a substitute for clear terms that establish the seniority of depositors in a liquidation situation and the segregation of client and operating capital.
  • Audit firms reentering the space. Right now, the major CPA firms that did AUPs for PoR have deprecated their practices. I would like to see some audit firms step up and start supervising PoR attestations again, as the non-supervised PoRs just don’t provide the same assurances. This is especially the case for more complex liabilities relating to margin and lending.
  • Standardization of PoR. One issue we haven’t addressed is the possibility to engage in window dressing by borrowing prior to a PoR and returning the funds after. More frequent attestations mostly fixes this (hard to engage in window dressing if you are doing daily PoR attestations), but another way to address it would be getting a number of exchanges on a shared PoR standard. If they were in some kind of PoR consortium, they could attest to the respective uniqueness of capital and it would be relatively easy to verify that.
  • Dedicated custodians building out their own PoR practice. Exchanges are unbundling and some are outsourcing custody. This is because we have good, high quality custodians, that now support all the requisite assets. So we can expect that crypto might end up more like tradfi, with order matching, clearing/settlement, and custody being distinct functions. In this world, a handful of custodians might end up being very important. Clients of the exchanges relying on these custodians deserve to know that their funds are accounted for. For this reason I want to see these custodians start to build their own PoR practice, so that they can cater to these requests as they emerge. This was the case with the Bitcoin held by Coinbase on behalf of GBTC — but Coinbase hadn’t built the proving infrastructure yet, so we were left with an unsatisfying answer.
  • A larger set of ‘PoR watchers’. Right now most PoRs are being treated as equally valid or equally stupid, depending on your perspective (there’s a few BTC maxi cynics that hate PoR because they think it normalizes third party custody at the expense of the pure and holy self-custody). I would like to see more critical eyes affixed on PoRs so that exchanges were encouraged to provide better and more complete attestations. I would be much happier if there were dozens of people like me that took the time to evaluate these PoRs.
  • DEXes that obsolete CEXes. Of course, functional DEXes are the equivalent of a continuous PoR, because clients generally retain their own assets until it is time to conduct a swap. Something a few folks have noted is that exchanges like StarkEx are kind of a middle ground between a pure on-chain DEX and a centralized exchange that does a PoR. You can think of a proof of reserve as an attempt to bring off chain functions on chain. DEXes are the end state there. If we can get performant and trustworthy DEXes, then we won’t have to worry about CEXes (and PoRs) as much.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store