Krystal Blog Logo

Merkle Tree Proof Of Reserves – What It Really Means

●   5 min

The collapse of FTX has led to many users questioning the solvency of other centralised exchanges (CEXes).

CZ, Binance’s CEO, has led the way by calling all CEXes to produce a Merkle tree to act as Proof of Reserves.

However, what does this really mean, and is this a good enough method to verify all CEXes’ assets?

Here’s what you need to know.

What is Proof of Reserves?

Centralised entities use Proof of Reserves to attest that all of their users’ funds are backed 1:1.

This gives users greater confidence that all of their funds are in a crypto wallet that can be withdrawn, and that their funds are not being misused by the exchange for other activities.

FTX was guilty of this, where customers’ funds were lent to Alameda Research for investing purposes.

As more users started to withdraw their funds from FTX, there were not enough assets on the exchange to process the withdrawals. 

This eventually led to FTX completely pausing withdrawals, something we have seen in previous cases like Celsius and Hodlnaut.

This Proof of Reserves will provide greater transparency, especially since CEXes are not regulated yet.

Bank runs have occurred in traditional finance before, but governments have been able to bail them out. What’s more, users’ funds in these accounts may be insured (like the FDIC insurance), so it is not as risky as leaving your funds in a crypto exchange.

Some companies have already implemented a Proof of Reserves, such as Nexo,

pxELDkuSD5oJocF0s7ois4w8rGlpFnwozZpK4il9bTo2ctvD7 1CASyKzl8W2mFDroTkKAZHA5zWDPrPltwyytM6NcltD gH 4ZKvCWzwSiY8Gsi YaSabX9KHITIFFaNPnmy ErBga1BpeU6XErczJSiCN8Sc5c DjJDcuR76d994TD ihXGnusuWhJw

and Gate.io.

Gg6cLwIrfYlJpMWZ5y jyHKPUMkRP3YqdlCRDcfPOGifhJYj2ltuOxgJHVsXxuOPr acFC10V4xPsqX0dRHBvq0fy3rfsjJze3czGOxB6AwV4FDCEP1yVuJ7TNMSyA3KR7RR0ITty yWRKveaKTGvEH8sdr0ajJlhaX pBUgJhZpSC4yeT5sTi6nNUj6IA

What is a Merkle tree?

A Merkle tree is a data structure that consolidates a large amount of data into a single hash.

Due to the large number of users that are using these CEXes, each CEX will have an extremely large ledger. Merkle trees help to summarise their users’ holdings in a single hash.

The assets in each user’s account will be stored in a leaf node, and all of these leaf nodes will form the Merkle tree.

Every leaf node can be verified and proven to be a part of the Merkle tree, which makes it a secure and efficient method to verify large amounts of data.

However, due to the extent of data that each CEX has to process, most Merkle trees may take around 30 days before they are published.

Kraken has been using such a method to conduct their Proof of Reserves each quarter, and the process is done this way:

  1. An auditor takes an anonymised snapshot of all balances held by users, and aggregates them into a Merkle tree
  2. The auditor obtains a Merkle root, which is a cryptographic fingerprint that identifies the combination of these balances when the snapshot was created
  3. The auditor collects Kraken’s on-chain wallet addresses, where all assets can be publicly verifiable
  4. The auditor compares and verifies that the balances in the wallet = users’ balances in the Merkle tree

If the assets in the exchange’s wallets are equal to the balances in the Merkle tree, this would mean that all users’ funds are backed by actual assets that can be withdrawn at any time.

Here are some other interesting characteristics of the Merkle tree:

#1 Tamper-proof

The Merkle root helps to make this entire tree tamper-proof, where changes to any part of the tree would be very obvious.

This increases the transparency of the Merkle tree and its legitimacy in proving users’ assets.

#2 Privacy-enabled

Another interesting feature of the Merkle tree is that it allows for privacy even though all users’ assets are publicly accessible.

When the auditor is taking a snapshot of the balances, these are all anonymised.

What’s more, each user is actually able to verify their assets at any point in time, after they have provided the necessary credentials.

1XvT00O3J42wY4nTlrM2RdxJIQhEt0PjPRI0u6p7MFkzqBn4Ys MkCGLO1Dowzi09sspi4tu8Hq3G4KRHwNGHtJm BWA qFJpSa8StM6u3iuNzFF0aK hY3n2c09if70f 7YJrnpgGwFKVpzfeVHZ93r07EduDLW1mGsKzHRNY FkE0 0kQWp0kl9aR

They are only able to see their own assets, and will not be able to view the assets in other users’ accounts.

Is a Merkle tree Proof of Reserves sufficient?

Forcing greater transparency on CEXes is definitely a huge step forward for greater transparency in this industry.

In fact, the segregation of users’ assets from the CEXes’ own assets is a requirement for licensed Digital Payment Token Service Providers in Singapore by the Monetary Authority of Singapore.

d11qMYGZqVMHtbT8LdPuIDYix3pPExJIikjHhkadubrOHtjgtAVv8b1Nmx4lX11lfnOtCoUVyVTnkZHzcGBcbYadvz0j7TT8duWXTXgr9oJ6X7LF8XXKZhYeGpM5zQ0pC mLDX YX0AKiaMpqKHaLBRa6LVjDBBzyv 7rrRGOGfktLT ST4gCWbjwy0C

However, there are still some questions about the legitimacy of these Proofs of Reserves.

On this website created by Nick Carter, he mentions that it’s still possible for CEXes to ‘cheat’ this Proof of Reserves by borrowing funds from other CEXes just in time for the snapshot.

There were alarm bells raised by this extremely suspicious transaction between Crypto.com and Gate.io, where Crypto.com sent 320,000 ETH from their cold storage to a wallet owned by Gate.io.

Both exchanges clarified that it was an accident, and the funds have since been returned. 

Gate.io also mentioned that these funds were not included during their latest attestation of assets.

While this risk of CEXes making such transfers still exists, it’s much more noticeable since everything can be tracked on a block explorer.

Are CEXes really that safe?

FTX’s collapse has shown that even the largest giants can fall, and the saying ‘not your keys, not your coins’ still holds true today.

When you hold your assets on a CEX, you do not own the private keys. Instead, you are giving the CEX full control of your funds, as they are storing the funds in their wallet.

We strongly recommend that you hold your assets in a non-custodial wallet, where you will be given your personal private keys and seed phrase.

ODNCO6gqZNUm0A7GVCn6fRzQtjOj3da65CxvNY9jtZASu

If you’re new to this concept of non-custodial wallets and decentralised finance, do let us know what your questions are in the comments below, and we’ll guide you along.

And if you’re ready to make your first step into this world of DeFi, you can consider trying out our all-in-one platform here!

🔍 Navigate the DeFi Space NOW with Krystal!

Start your journey NOW on Desktop, iOS or Android

📱 Social Media

How do you rate this article?

0
0

Leave a comment

Your email address will not be published.