This article comes from Nic Carter, compiled by Odaily translator Katie Koo.
This article comes from
, compiled by Odaily translator Katie Koo.In an interview with the Financial Times a year ago, SBF said that if FTX becomes the largest exchange, buying Goldman Sachs and CME would not be a problem. Today, one year later, we have witnessed the annual Drama event in the Crypto circle.CZ tweeted today that encrypted exchanges should not implement a partial reserve system like banks, and all encrypted exchanges should disclose reserve certificates.;And Binance will soon start to do proof of reserves to maintain full transparency. then。
OKX Announces Plans to Issue Proof of Reserves in Next 30 DaysWill the proof of reserves be the antidote to curb another "earthquake" in the currency circle? Odaily will take you to explore
What is a Certificate of Reserves?
The significance of reserves to the encryption industry, and an inventory of the reserves of institutions such as major encryption trading platforms to demonstrate the latest developments.
What is a Certificate of Reserves?If there's one thing I can do to improve the industry, it's to convince every custody provider in the cryptocurrency space to adopt a regular proof-of-reserve procedure.
Proof-of-reserve means that custodial businesses that hold cryptocurrencies should create public credentials about their reserves and match that with proof of user balances (liabilities).
In theory:
Proof of reserves + proof of liabilities = proof of solvency
The idea is to prove to the public (especially your depositors) that the cryptocurrency you hold in your deposit matches your user balance. Of course, in practice it's not that simple. Proving that you control some funds on-chain means little, you can always borrow those funds on a short-term basis. Therefore, the significance of point-in-time verification is relatively small.Additionally, exchanges may have hidden liabilities, or creditors claiming priority over depositors, especially if they do not legally “discriminate” against client assets on the platform. That's why Wyoming's SPDI Act is so important, it clarifies the legal status of depositors vis-à-vis custodians.
Proving liabilities is tricky and often requires a full assessment by auditors.
For example, exchanges can omit certain liabilities to "cheat" PoR (Odaily Note: Reserve Fund) verification. This is why I recommend both PoR protocols for users, allowing users to gain "herd immunity" by collectively verifying their individual balances, and PoR protocols for auditors, to prove that claimed liabilities are real.
Another concern is that exchanges may have unaccounted liabilities that pure cash flow analysis may not capture. For example, given the chaotic regulatory and legal environment in which many exchanges exist, depositors are not guaranteed priority over creditors in the event of bankruptcy. This means that, in the worst-case scenario, large debts may contain a hidden liability that undercuts savers' claims to reserves. This is why I recommend including an auditor in the PoR process so these more complex liabilities (and the assessment of depositor priorities) can be understood. In simple terms, exchanges should adopt a legal policy that enjoys absolute privilege over all creditors.
So the Proof-of-Reserves scheme is not entirely untrustworthy. Still worth a try, here's why:
This is good "custodial service". Regular PoR verifications show your end users that you are in good shape and that you are vigilant about solvency;
This is a powerful self-regulatory measure. If exchanges collectively adopt PoR, regulators may be more inclined to take a light-hearted regulatory approach. It is far better to operate in relative freedom through voluntary self-regulatory measures than to suffer onerous regulatory enforcement later on;It helps guard against "toxic" operators by leaving fractional reserves with nowhere to hide. The failure of these exchanges has serious repercussions for the entire industry, so it is in everyone’s interest to avoid them.Some people don't believe in the influence of Proof of Reserve (PoR) in the industry, and think that it is not perfect yet. Currently, there is little transparency in industry standards. For exchanges that are more heavily regulated, for example under the NY Trust License, claiming to be fair stewards of user funds sounds more convincing.
Some exchanges obtain banking partners through audits, but these audits are usually not consumer-facing, and many exchanges are loosely regulated. A stronger trust signal would need to allow depositors to personally verify that their deposits are actually under the control of the exchange.
If we let the “pursuit of perfection” hold back the adoption of processes such as PoR, we are likely to end up with an even worse situation where exchanges are subject to onerous, top-down regulation. I have always preferred industry-driven active self-regulation to national regulation.
In my opinion, "Proof of Reserves" (PoR) refers to a specific procedure in which a custodian transparently proves the existence of an on-chain reserve and then provides an equivalent proof (usually in an audit with the help of an attorney), to demonstrate that outstanding liabilities do not exceed these reserves. This term usually refers to related programs. For example, stablecoin proofs are sometimes referred to as PoR. But in this case, on-chain liabilities and reserves in the banking system. In my opinion, Proof of Reserves specifically refers to the process by which entities demonstrate the existence of cryptographic reserves that match certain notes they issue.
PoR status of some industry players
Entities with recent PoR verification (updated: 11/07/22):
Kraken (auditor assisted, user verification using merkle method, by point in time) (November 8, 2022)
Nexo (auditor assisted, ongoing) (verified daily)
Coinfloor (self-assessment, user verification using merkle method, ongoing) (August 2021)
Gate.io (auditor assisted, user verification using merkle method, by point in time) (May 2020)
HBTC (self-assessment, user verification with merkle method, by point in time) (May 2021)
BitMex (self-assessment, user verification using merkle method, by point in time) (August 2021)
Ledn (user verification using merkle method, ongoing [every half year]) (August 2021)
partial verification
Bitbuy (Assisted by forensics company, no user verification, by point in time)
other
Shakepay (assisted by forensics company, no user verification, according to time point)
other
CoinShares (XBT provider ETP with Armanino real-time verification)
Note: I state them "as is" and do not endorse or guarantee their correctness.
secondary title
common problem
If you mean "proof of solvency", why do you say "proof of reserves"?
Proof of reserves sounds better, solvency is a higher bar. Ideally, PoR should be combined with a full accounting of known and hidden liabilities, resulting in stronger guarantees of solvency.
Will exchange/user privacy issues be leaked?
As long as exchanges let people know the total value of deposited assets, they don't have to reveal any additional information. In practice, it is not important to determine how many tokens an exchange has, and many third-party providers actively publish this data. So any attempt to hide the amount of tokens deposited is doomed to fail. Through the Proof of Responsibility tool, user information is anonymized and decentralized. This only allows users who know their account IDs and balances to verify that they are included in the merkle proof without spying on other users.
So what about the privacy concerns of DEXs?
The growth of DEX is exciting and meaningful to the industry. However, cryptocurrency users have a clear preference for custodial ownership, at least for some of their tokens. Self-hosting is hard, and not everyone can do it. About 20-25% of all BTC and ETH are held in custodial environments. By encouraging custodial exchanges to adopt PoR, I hope that user assurance on custodial exchanges can be improved.
Do you need an auditor?
In BitMEX's case, I believe users are adequately assured without third-party auditors. In fact, by running the process, users can be sure that BitMEX controls a specific amount of BTC, and that their account balances are included in the final merkle balance tree, so that if enough users run the analysis, you can get reliable Assurance that BitMEX will not selectively exclude any liabilities, thereby inflating their solvency.
In this case, only BTC has proven itself in a relatively simple full reserve setup. However, in a more complex setup, which could be a fractional reserve model or a more bank-like environment, or have multiple assets, even non-blockchain assets and potentially fiat assets, then you will need to incorporate auditors. Armanino LLP has been conducting PoR procedures for many years and is a specialist in this field.
I want to adopt PoR, is there any recommendation?
I recommend updating your legal clauses to clarify:
a) Separation of customer deposits and working capital;
b) Priority of customer deposits in liquidation;
c) Your responsibilities to depositors, if any, under your regulatory regime.
As for adopting a PoR strategy, I recommend a merkle approach with continuous, augmented-auditor, user-verifiable proof of solvency. Point-in-time validation is not enough. I recommend using an auditor to assist and certify the liability aspect. Currently, Armanino, Mazars and KPMG are well known auditing/accounting firms that provide these services. I strongly recommend allowing depositors to use the Maxwell/Todd merkle method to verify that their balances are included in the proof of liability.
Why do I need the assistance of an auditor or an external third party?
In order for users to have confidence in the status of their accounts, it is necessary to hire a trusted auditor who is willing to put their professional reputation on the sidelines to assess liabilities.
