Crypto exchanges can go bust when they do not have the funds to fulfill customer withdrawals. This is a significant problem if you are a customer of a crypto exchange and have entrusted the company with your coins, only to learn later that the exchange had squandered all the money ferried through its platform.
These companies appear to have a habit of hiding their reserves or outright lying about them. An exchange may have used your money to prop up its failing trading firm, as happened with FTX. They may have accidentally wired hundreds of millions of dollars worth of customer funds to another exchange, as befell Crypto.com, or lost it all in a hack, as happened with Mt. Gox.
Even regular audits or attestations by third parties may not suffice. The companies may have tricked the auditors: Perhaps they only moved funds into the right wallets just in time for the third party to tick the box that claims the funds are in the right place, then invested money in risky funds.
Remember: Crypto exchanges are not the same as banks. For starters, crypto isn’t insured by government depositary schemes. Accordingly, customers must take due diligence matters into their own hands when choosing where to park their money. They need to check the exchange's terms of service and see what guarantees the exchange is making about holding their funds. Even then, they have to trust that the exchange will live up to the promise of those terms.
But what if customers could verifiably track the location of their funds in real-time?
Enter proof-of-reserves and Merkle trees
Several crypto exchanges are advocating for a form of transparency called proof-of-reserves. This is a cryptographic method of proving that an exchange is liquid enough to process all customer withdrawals, and otherwise allows customers of a cryptocurrency exchange to keep tabs on where their money really is.
One way of doing this involves using something called Merkle trees. These produce efficient data structures called “hash trees” that can be securely verified; these structures, kind of like a map of customers’ funds, work even when the reserves become complicated.
The idea is that, following the publication of a proof-of-reserves certificate, anyone could follow the money and work out how much crypto an exchange holds. In effect, it is a bona fide verification tool to prevent exchanges from surreptitiously running off with customer deposits.
Kraken’s proof-of-reserve report from August 2022, for instance, attested that “Kraken retained custody over a sufficient amount of the in-kind assets to cover the in-scope client liabilities as observed within the database related to Kraken’s spot exchange.” In other words, a third party said that Kraken has enough crypto to cover all current customer withdrawals.
Although proposals for proof-of-reserves often require the hiring of a third-party attestor to confirm that the on-chain funds actually match up with what the exchange claims to hold, the improvement on the current system would be on-demand, real-time tracking of exchange reserves.
In effect, proof-of-reserves brings crypto exchanges closer to the treasuries of decentralized finance protocols, where all funds are matched to cryptocurrency wallets that anyone can trace on-chain at any time.
The idea for proof-of-reserves based on Merkle trees became particularly popular after the collapse of FTX. Binance’s CEO, Changpeng Zhao, tweeted that his exchange would begin to implement proof-of-reserves.
According to a spokesperson, its reserves “would be audited by a third-party vendor with user verification available on third-party platforms to verify and audit our customer holdings.” The world’s largest crypto exchange will first verify BTC reserves.
To be clear, Merkle tree-based proof-of-reserve would not prevent the misappropriation of customer funds completely. It only tracks holdings and would not prevent an exchange from, say, lending money to dodgy borrowers who have no hope of repaying.
And proof-of-reserve does not provide customers with greater control over their funds; it just provides information.
Even if FTX had implemented proof-of-reserve (in addition to its audited financials), a customer would simply have been able to watch their crypto going for a quick walk off a cliff – but that customer wouldn’t have been able to prevent it from happening in the first place.
Ultimately, a proof-of-reserve is only as good as its verifier. A crypto exchange could lie outright, and a third-party attestor could still uphold the lie. If the attestor is corrupt or incompetent, perhaps by overlooking missing wallets or failing to understand how an exchange had structured customer holdings, the whole purpose of proof of reserve would be undermined.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.