Merkle Tree Proof Of Reserves — What It Really Means

Krystal Wallet
Krystal Wallet
Published in
5 min readNov 17, 2022

The collapse of FTX has led to many users questioning the solvency of other centralised exchanges (CEXes).

CZ, Binance’s CEO, has led the way by calling all CEXes to produce a Merkle tree to act as Proof of Reserves.

However, what does this really mean, and is this a good enough method to verify all CEXes’ assets?

Here’s what you need to know.

What is Proof of Reserves?

Centralised entities use Proof of Reserves to attest that all of their users’ funds are backed 1:1.

This gives users greater confidence that all of their funds are in a crypto wallet that can be withdrawn, and that their funds are not being misused by the exchange for other activities.

FTX was guilty of this, where customers’ funds were lent to Alameda Research for investing purposes.

As more users started to withdraw their funds from FTX, there were not enough assets on the exchange to process the withdrawals.

This eventually led to FTX completely pausing withdrawals, something we have seen in previous cases like Celsius and Hodlnaut.

This Proof of Reserves will provide greater transparency, especially since CEXes are not regulated yet.

Bank runs have occurred in traditional finance before, but governments have been able to bail them out. What’s more, users’ funds in these accounts may be insured (like the FDIC insurance), so it is not as risky as leaving your funds in a crypto exchange.

Some companies have already implemented a Proof of Reserves, such as Nexo,

and Gate.io.

What is a Merkle tree?

A Merkle tree is a data structure that consolidates a large amount of data into a single hash.

Due to the large number of users that are using these CEXes, each CEX will have an extremely large ledger. Merkle trees help to summarise their users’ holdings in a single hash.

The assets in each user’s account will be stored in a leaf node, and all of these leaf nodes will form the Merkle tree.

Every leaf node can be verified and proven to be a part of the Merkle tree, which makes it a secure and efficient method to verify large amounts of data.

However, due to the extent of data that each CEX has to process, most Merkle trees may take around 30 days before they are published.

Kraken has been using such a method to conduct their Proof of Reserves each quarter, and the process is done this way:

  1. An auditor takes an anonymised snapshot of all balances held by users, and aggregates them into a Merkle tree
  2. The auditor obtains a Merkle root, which is a cryptographic fingerprint that identifies the combination of these balances when the snapshot was created
  3. The auditor collects Kraken’s on-chain wallet addresses, where all assets can be publicly verifiable
  4. The auditor compares and verifies that the balances in the wallet = users’ balances in the Merkle tree

If the assets in the exchange’s wallets are equal to the balances in the Merkle tree, this would mean that all users’ funds are backed by actual assets that can be withdrawn at any time.

Here are some other interesting characteristics of the Merkle tree:

#1 Tamper-proof

The Merkle root helps to make this entire tree tamper-proof, where changes to any part of the tree would be very obvious.

This increases the transparency of the Merkle tree and its legitimacy in proving users’ assets.

#2 Privacy-enabled

Another interesting feature of the Merkle tree is that it allows for privacy even though all users’ assets are publicly accessible.

When the auditor is taking a snapshot of the balances, these are all anonymised.

What’s more, each user is actually able to verify their assets at any point in time, after they have provided the necessary credentials.

They are only able to see their own assets, and will not be able to view the assets in other users’ accounts.

Is a Merkle tree Proof of Reserves sufficient?

Forcing greater transparency on CEXes is definitely a huge step forward for greater transparency in this industry.

In fact, the segregation of users’ assets from the CEXes’ own assets is a requirement for licensed Digital Payment Token Service Providers in Singapore by the Monetary Authority of Singapore.

However, there are still some questions about the legitimacy of these Proofs of Reserves.

On this website created by Nick Carter, he mentions that it’s still possible for CEXes to ‘cheat’ this Proof of Reserves by borrowing funds from other CEXes just in time for the snapshot.

There were alarm bells raised by this extremely suspicious transaction between Crypto.com and Gate.io, where Crypto.com sent 320,000 ETH from their cold storage to a wallet owned by Gate.io.

Both exchanges clarified that it was an accident, and the funds have since been returned.

Gate.io also mentioned that these funds were not included during their latest attestation of assets.

While this risk of CEXes making such transfers still exists, it’s much more noticeable since everything can be tracked on a block explorer.

Are CEXes really that safe?

FTX’s collapse has shown that even the largest giants can fall, and the saying ‘not your keys, not your coins’ still holds true today.

When you hold your assets on a CEX, you do not own the private keys. Instead, you are giving the CEX full control of your funds, as they are storing the funds in their wallet.

We strongly recommend that you hold your assets in a non-custodial wallet, where you will be given your personal private keys and seed phrase.

If you’re new to this concept of non-custodial wallets and decentralised finance, do let us know what your questions are in the comments below, and we’ll guide you along.

And if you’re ready to make your first step into this world of DeFi, you can consider trying out our all-in-one platform here!

🔍 Navigate the DeFi Space NOW with Krystal!

Start your journey NOW on Desktop, iOS or Android

📱 Social Media

--

--