The collapse of FTX has led to many users questioning the solvency of other centralised exchanges (CEXes).
CZ, Binance’s CEO, has led the way by calling all CEXes to produce a Merkle tree to act as Proof of Reserves.
All crypto exchanges should do merkle-tree proof-of-reserves.
— CZ 🔶 Binance (@cz_binance) November 8, 2022
Banks run on fractional reserves.
Crypto exchanges should not.@Binance will start to do proof-of-reserves soon. Full transparency.
However, what does this really mean, and is this a good enough method to verify all CEXes’ assets?
Here’s what you need to know.
What is Proof of Reserves?
Centralised entities use Proof of Reserves to attest that all of their users’ funds are backed 1:1.
This gives users greater confidence that all of their funds are in a crypto wallet that can be withdrawn, and that their funds are not being misused by the exchange for other activities.
FTX was guilty of this, where customers’ funds were lent to Alameda Research for investing purposes.
Amazing how this was happening right under our noses. What was SBF doing with all these customer funds? https://t.co/g3yCrrmlVO
— Ben Armstrong (@Bitboy_Crypto) November 14, 2022
As more users started to withdraw their funds from FTX, there were not enough assets on the exchange to process the withdrawals.
This eventually led to FTX completely pausing withdrawals, something we have seen in previous cases like Celsius and Hodlnaut.
Dear users, we regret to inform you that we will be halting withdrawals, token swaps and deposits immediately due to recent market conditions. We have also withdrawn our MAS licence application. Here is our full statement https://t.co/5KfHUBzWsn Our next update will be on 19 Aug.
— Hodlnaut (@hodlnautdotcom) August 8, 2022
This Proof of Reserves will provide greater transparency, especially since CEXes are not regulated yet.
Bank runs have occurred in traditional finance before, but governments have been able to bail them out. What’s more, users’ funds in these accounts may be insured (like the FDIC insurance), so it is not as risky as leaving your funds in a crypto exchange.
Some companies have already implemented a Proof of Reserves, such as Nexo,
and Gate.io.
What is a Merkle tree?
A Merkle tree is a data structure that consolidates a large amount of data into a single hash.
Merkle Trees – A Merkle tree is a fundamental part of blockchain technology.
— pastry (@PastryEth) February 5, 2022
It is a mathematical data structure composed of hashes of different blocks of data, and which serves as a summary of all the transactions within a block. pic.twitter.com/djxMOF1mnJ
Due to the large number of users that are using these CEXes, each CEX will have an extremely large ledger. Merkle trees help to summarise their users’ holdings in a single hash.
The assets in each user’s account will be stored in a leaf node, and all of these leaf nodes will form the Merkle tree.
[1/4] There is a lot of talk about “Merkle tree proof-of-reserve” systems
— BitMEX Research (@BitMEXResearch) November 9, 2022
Lets just do a quick refresh of the technical side of this
Technically, there is no need to involve a Merkle tree when proving reserves. A simple list of reserves is sufficient (Addresses, balances etc)
Every leaf node can be verified and proven to be a part of the Merkle tree, which makes it a secure and efficient method to verify large amounts of data.
However, due to the extent of data that each CEX has to process, most Merkle trees may take around 30 days before they are published.
It's critical for all major crypto venues to publicly share their auditable merkle tree proof-of-reserves or POF.
— OKX (@okx) November 8, 2022
We plan to publish ours in the coming weeks (within 30 days). This is an important step to establish a baseline trust in the industry.
More to come…
Kraken has been using such a method to conduct their Proof of Reserves each quarter, and the process is done this way:
- An auditor takes an anonymised snapshot of all balances held by users, and aggregates them into a Merkle tree
- The auditor obtains a Merkle root, which is a cryptographic fingerprint that identifies the combination of these balances when the snapshot was created
- The auditor collects Kraken’s on-chain wallet addresses, where all assets can be publicly verifiable
- The auditor compares and verifies that the balances in the wallet = users’ balances in the Merkle tree
The security and safety of your funds are our top priority 💪
— Kraken Exchange (@krakenfx) November 7, 2022
Our semi-annual Proof of Reserves audits ensure:
✍️ More accountability
🔍 More transparency
🔒 More security
Verify your balance 👇 #proofofreserveshttps://t.co/UnZfZEg22d
If the assets in the exchange’s wallets are equal to the balances in the Merkle tree, this would mean that all users’ funds are backed by actual assets that can be withdrawn at any time.
Here are some other interesting characteristics of the Merkle tree:
#1 Tamper-proof
The Merkle root helps to make this entire tree tamper-proof, where changes to any part of the tree would be very obvious.
This increases the transparency of the Merkle tree and its legitimacy in proving users’ assets.
Why can't they tamper with data:
— Ankit Khandelwal (@KhandelwalinHK) November 14, 2022
The reason for the impact comes from the algorithmic characteristics of Hash generation, which will not be repeated here.
Simply put, if you tamper any record, their hash won't be the same. This will invalidate the authenticity of PoR.🧐
#2 Privacy-enabled
Another interesting feature of the Merkle tree is that it allows for privacy even though all users’ assets are publicly accessible.
When the auditor is taking a snapshot of the balances, these are all anonymised.
What’s more, each user is actually able to verify their assets at any point in time, after they have provided the necessary credentials.
They are only able to see their own assets, and will not be able to view the assets in other users’ accounts.
Is a Merkle tree Proof of Reserves sufficient?
Forcing greater transparency on CEXes is definitely a huge step forward for greater transparency in this industry.
In fact, the segregation of users’ assets from the CEXes’ own assets is a requirement for licensed Digital Payment Token Service Providers in Singapore by the Monetary Authority of Singapore.
However, there are still some questions about the legitimacy of these Proofs of Reserves.
On this website created by Nick Carter, he mentions that it’s still possible for CEXes to ‘cheat’ this Proof of Reserves by borrowing funds from other CEXes just in time for the snapshot.
There were alarm bells raised by this extremely suspicious transaction between Crypto.com and Gate.io, where Crypto.com sent 320,000 ETH from their cold storage to a wallet owned by Gate.io.
Anyone know why https://t.co/2vZHyCaKNe would send 320k ETH (82% of their ETH today) to https://t.co/bVgf3bCqwp on October 21? pic.twitter.com/2E1NxX1pJz
— Conor (@jconorgrogan) November 12, 2022
Both exchanges clarified that it was an accident, and the funds have since been returned.
Clarifications on @cryptocom's transfer for the sake of transparency & education:
— Gate.io (@gate_io) November 13, 2022
1) Snapshot for PoR audit taken on Oct 19. https://t.co/a4NJTN8Brj's deposit was not included https://t.co/5U5tZWFfBF
2) All 320K ETH were returned https://t.co/7G5l3YLLIhhttps://t.co/IvyiBu9aBY
Gate.io also mentioned that these funds were not included during their latest attestation of assets.
While this risk of CEXes making such transfers still exists, it’s much more noticeable since everything can be tracked on a block explorer.
Are CEXes really that safe?
FTX’s collapse has shown that even the largest giants can fall, and the saying ‘not your keys, not your coins’ still holds true today.
When you hold your assets on a CEX, you do not own the private keys. Instead, you are giving the CEX full control of your funds, as they are storing the funds in their wallet.
To make exchange holdings easier to understand, below are both their relevant portfolios & associated explanatory statements.
— Nansen 🧭 (@nansen_ai) November 15, 2022
– Binance
– Cryptocom
– OKX
– KuCoin
– Deribit
– Bitfinex
– Huobi
🧵👇
We strongly recommend that you hold your assets in a non-custodial wallet, where you will be given your personal private keys and seed phrase.
If you’re new to this concept of non-custodial wallets and decentralised finance, do let us know what your questions are in the comments below, and we’ll guide you along.
And if you’re ready to make your first step into this world of DeFi, you can consider trying out our all-in-one platform here!
🔍 Navigate the DeFi Space NOW with Krystal!
Start your journey NOW on Desktop, iOS or Android
📱 Social Media
- Follow us on Telegram:
Announcements | Krystal Global | Krystal Vietnam 🇻🇳| Krystal Turkey 🇹🇷 | Krystal Africa 🌍 | Krystal Indonesia 🇮🇩 | Krystal India 🇮🇳 | Krystal Bangladesh 🇧🇩 - YouTube