Proof of Reserves: A Trust Standard for Centralized Exchanges
Proof-of-Reserves systems allow to combine the transparent nature of blockchains with the comfort of using centralized exchanges.
- The recent FTX liquidity crisis highlighted the need for the industry to mature, and find solutions to improve transparency.
- Many exchanges have adopted Proof-of-Reserves, a method that uses cryptography to confirm possession of sufficient assets to cover liabilities.
- Phemex, one of the leading exchanges in the crypto industry, recently released its Proof-of-Reserves, liabilities and solvency.
Share this article
The recent collapse of FTX, one of the industry’s largest and most trusted crypto exchanges, has opened the debate for setting standards to prove solvency in centralized exchanges.
Since the FTX insolvency news broke out, numerous centralized crypto exchanges have voluntarily released their Proof-of-Reserves to win back public trust and remain a popular option in the industry.
Proof-of-Reserves is a method by which custodial exchanges share publicly accessible evidence of their on-chain reserves. The intention is to demonstrate that the assets held on deposits match up with user balances, proving that the exchange is solvent.
To match on-chain assets with liabilities, exchanges rely on a system that adds client balances and publishes the data anonymously through so-called Merkle proofs. With this mechanism, exchange users can verify that their balance is included in the liabilities data set.
The Merkle tree technique uses cryptography to publish the list of customer balances while avoiding privacy leakage. This is achieved by sealing all the added data with a cryptographic hash or digital signature.
To guarantee the solvency and credibility of an exchange, the ideal scenario would be to have multiple ongoing attestations with the supervision of an on-chain auditor.
The auditor would take an anonymous snapshot of all the added exchange balances and include them in a Merkle root tree. The following step would be to verify each user’s balances against the information in the Merkle tree through its corresponding transaction hash.
Vitalik Buterin, one of the co-founders of Ethereum, recently wrote an in-depth article on how centralized exchanges can prove their solvency from Merkle trees. You can read it here.
The above illustration shows how account holders can verify their balances against the sum of all liabilities held by an exchange. In this case, account holder 001 would only need the information inside the red area to ensure his balance is part of the exchange’s liabilities (1,400).
Phemex, a leading cryptocurrency exchange, has also adopted the Proof-of-Reserves standard to improve transparency. Users can verify the exchange’s liabilities in addition to its Proof-of-Reserves through its platform. Phemex supports on-chain balance inquiries for ETH, BTC, USDC, USDT, and USD in trading balances.
The above model, although far from perfect, since it requires trust in a third-party auditor, ensures a certain degree of privacy as different parts of the tree are revealed to different users.
Most importantly, the more depositors verify their positions through the Merkle tree structure, the higher the chances that the exchange will not cheat by hiding liabilities.
If the industry can take away any positives from the downfall of FTX, is that standardizing a proof of reserves system for all custodian exchanges will invite more users to onboard our industry due to increased transparency.
Another positive consequence will be that any potential bad player not willing to prove their solvency will be kept on the sidelines. Something that will be viewed as a sign of maturity in our industry and potentially loosen the scrutiny of regulators and policymakers.
Improving exchange security and transparency shouldn’t come at the cost of leaving self-custody behind though. We should also continue highlighting the importance of eliminating third-party risk by teaching users the best options to manage their private keys. At the end of the day what is the point of using cryptography if you ultimately don’t control what should be your own crypto? You can learn more about these practices in the following article.