The Blog

Node Notes: Understanding proof of reserves

Welcome to our new series, Node Notes, where we’re spotlighting topics from our bi-weekly research piece, The Node Ahead. If you want to read the full piece, you can check out our blog or sign up to receive The Node Ahead straight to your inbox. This edition of Node Notes is an excerpt from Node Ahead 38.

One of the benefits of crypto is that the blockchain is an immutable ledger of historical transactions that are publicly accessible. This means that anyone, at any time, can prove what assets they hold and how much. We can also verify what assets are held by anyone else so long as we know their public address. Thus, if two parties want to transact with each other, they can verify the other has the requisite amount of assets to complete the transaction without having to know anything else about their counterparty or use a middleman. This is the core concept behind the meme “Don’t Trust, verify.”

That’s all well and good if I already know who I want to transact with. However, there are many instances where it’s far more efficient to have a marketplace connecting millions of people. This is why DeFi, which allows users to maintain self-custody of their assets at all times, has so much potential. Because everything happens on-chain, there is extreme transparency in these services in near real-time. It’s because of this open nature that none of the stalwart DeFi protocols went down, none created debt greater than their assets, and none defaulted on their users in 2022. Despite the market chaos caused by fraudulent off-chain activities, DeFi showcased the benefits of decentralization last year.

But not everyone is comfortable using decentralized services yet, given the technical complexity that is often involved. In addition, many larger institutions have compliance standards that require them to use regulated third-party custody services. As much as I believe in DeFi, I also recognize that centralized custodians, lenders, and exchanges have existed from the beginning of the crypto industry and will continue to be a useful and necessary part of the crypto ecosystem for years to come.

For centralized entities, the way they prove their solvency is by third-party audits. Audits are extremely valuable, but they do have some disadvantages. For one, they are expensive. Second, audits are typically only done once per year, and financials are released on a quarterly basis for public companies and potentially not at all for private companies. Third, audits still require users to trust that the auditor did their job thoroughly. Even if there isn’t any malicious intent, auditors are still human and make mistakes. Finally, this all assumes you are using a US-regulated entity. Regulatory requirements vary from jurisdiction to jurisdiction, meaning the quality of audits is not standard throughout the industry.

The ideal scenario would be to extend this principle of “don’t trust, verify” from the decentralized world into centralized services to take advantage of the transparency and benefits of blockchain without sacrificing the convenience of centralized services. Imagine if there was a process that allowed a custodial-based service to prove, beyond a shadow of a doubt, that they are fully solvent on a daily basis. Fortunately, that’s possible, and it’s called proof of reserves.

Proof of reserves (PoR) is a process used by an organization to cryptographically demonstrate that it possesses an adequate reserve of assets to meet all customer liabilities. Thus, if a user wants to withdraw their assets, they know they will actually get them back. In the wake of the fraud committed by FTX, Celsius, and others, providing this level of transparency goes a long way to instilling confidence that a user’s assets are being safely held on their behalf.

The beauty of proof of reserves is that this is a truly novel feature of cryptoassets. Remember the first paragraph in which discussed how we can prove ownership of a digital asset to anyone at any time in a peer-to-peer manner? Well, you can’t do that with any other piece of financial or personal information without relying on a third party. Proof of reserves is only possible with cryptoassets and allows for custodial services to transparently prove to customers that they hold full reserves and even allow customers or third parties to verify for themselves. And the best part is proof of reserves could be standardized over time so that PoR looks very similar across any jurisdiction. Thus, exchanges and other crypto custody-based services can be made more accountable than traditional financial services.

It’s possible that had proof of reserves been more widely implemented throughout the industry, it could have prevented FTX in the first place or at least significantly reduced the damage it caused. Proof of reserves doesn’t stop a centralized exchange from illegally rehypothecating customer funds, but the moment an exchange began operating on a fractional reserve basis, they would fail the PoR attestation. So PoR makes it virtually impossible to behave badly for any meaningful period of time. Had every exchange been issuing regular PoR attestations the last couple of years, one of two things would have happened in the case of FTX. The mismatch of assets and liabilities on FTX would have been much easier to discover much earlier on, or FTX would have been unwilling to produce a PoR, thus alerting the market much sooner.

The good news is that following the FTX collapse, more exchanges are beginning to implement proof of reserves today. Longtime PoR advocate Nic Carter surveyed the crypto landscape and found that eleven major exchanges have done at least one PoR attestation since November of last year, covering $33 billion worth of assets. Five of those exchanges are doing PoR on a monthly basis or more frequently, including two producing attestations on a daily or bi-weekly basis.

Even more exciting is that we are still in the very early stages of unlocking what proof of reserves can do. According to Nic Carter, “I could see interlocking or recursive Proofs of Reserve allowing an ecology of custodians, exchanges, prime brokers, trading firms, and lenders to transact with each other with confidence. These proofs could allow counterparties to demonstrate the existence and nature of assets on their balance sheet (or facts about the assets without revealing sensitive info).  Imagine lenders able to demonstrate the solvency of their portfolio by pulling through balance sheet data provided by their borrowers. Borrowers could also demonstrate the exclusivity of pledged collateral to their lenders (eliminating Archegos or Three Arrows type problems). The design space is enormously large and has barely been explored. Exchange solvency is just the most pressing need, so that’s where this tech is being applied first.”

Unfortunately, PoR is often misunderstood by both proponents and critics. One of the biggest misconceptions is that PoR only covers assets and not liabilities. This comes from the fact that some exchanges did provide asset attestations without the corresponding liabilities following the collapse of FTX simply to ease short-term fears. However, the intent of PoR has always been to provide transparency on both sides of the ledger by including ownership of assets as well as demonstrating outstanding liabilities owed to clients. We know this is possible because crypto exchanges Bitmex and Derebit do proof of reserves that include the entire liability set in addition to the assets.

A second objection that is often made has to do with privacy concerns in which PoR could potentially reveal private financial information, such as account balances, and how these balances change over time. However, in modern methods for conducting PoR (such as those implemented by Bitmex), user information is anonymized, and account balances are split into multiple parts, meaning the distribution of account balances cannot be triangulated. The aggregate assets and liabilities are thus able to be reported without revealing specific user financial data. Furthermore, zero-knowledge proof tools are beginning to be developed, which will further enhance an exchange’s ability to keep user data private. When combined, these innovations allow users to have a higher degree of confidence in the solvency of the exchange without sacrificing privacy.

And to be clear, no one is calling for proof of reserves to replace a traditional audit, but PoR is a highly complementary solution. A financial audit covers much more than just the solvency of an organization, it includes financial, operational, and governance aspects of the business that proof of reserves does not address. However, audits are infrequent (typically once per year), take a long time to complete (typically months), and are expensive. In comparison, PoR can be performed as often as needed, including daily, takes a matter of minutes, not months, and is relatively cheap. Proof of reserves is a tool that gives users and regulators confidence over the custody and solvency of a platform and should be incorporated with traditional measures such as annual audits.

Though there is no industry standard for a proof of reserve attestation yet, the good news is regulations are being put forth that should make proof of reserves more ubiquitous and standardized. The Texas legislature recently introduced a bill asking for segregated custody at exchanges alongside quarterly PoR attestations, and Wyoming also included PoR in its 2021 Digital Asset Custody Framework. More recently, Senator Thom Tillis said that he is drafting legislation to require digital asset exchanges and custodians operating in the U.S. to provide an independently verified proof-of-reserves for their assets.

One inherent advantage digital assets have over legacy financial assets is the transparency and ability to audit that they provide. We should be doing more to take advantage of these native characteristics to minimize bad actors and promote more trust in the industry.

Disclaimer:  This is not investment advice. The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained constitutes a solicitation, recommendation, endorsement, or offer to buy or sell any securities or other financial instruments in this or in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction. All Content is information of a general nature and does not address the circumstances of any particular individual or entity. Opinions expressed are solely that of Brett Munster and do not express the views or opinions of Blockforce Capital or Onramp Invest.