Proof of Reserves (PoR) is a cryptographic mechanism allowing a cryptocurrency exchange to prove it holds sufficient assets to cover all customer balances — without revealing individual user data. After FTX’s collapse in November 2022 exposed undisclosed insolvency, PoR became the industry’s primary transparency standard. But PoR is only as meaningful as its implementation: a technically correct Merkle tree proof with a flawed liability-inclusion process proves nothing useful. This entry covers the mechanics, limitations, auditor landscape, and current implementation status across major exchanges.
How Proof of Reserves Works
A complete PoR system requires two components:
- Asset proof: Cryptographic proof that the exchange controls wallets containing specific funds
- Liability proof: A complete accounting of all user balances the exchange owes
Together they prove Reserves ≥ Liabilities. Without the liability proof, an exchange could theoretically borrow assets for a day, prove it holds them, and return them after — proving nothing about actual solvency.
Merkle Tree Liability Proof
The Merkle tree method (popularized by the 2012 Provisions paper by Dagher et al.) allows exchanges to prove every user’s balance is included in the total liability proof without revealing anyone’s individual balance.
How it works:
- The exchange assigns every user account a unique “account hash” containing their balance
- These hashes are grouped in pairs and hashed together to form parent nodes
- The process repeats up the tree until a single “Merkle root” hash is produced
- The exchange publishes the Merkle root and total liabilities
- Each user can verify their specific balance is included by downloading their unique “Merkle path” — the chain of adjacent hashes from their leaf to the root — and recomputing the root
If their balance was excluded or tampered with, the recomputed root would differ from the published root.
Asset Proof Limitations
Proving wallet control is straightforward: sign a known message with the private key. But asset proofs have weaknesses:
- Snapshot timing: Exchange takes a snapshot at time T, proves assets at T, then withdraws after the proof is published. Customer deposits may cover a brief shortfall
- Borrowed assets: Exchange borrows BTC from a third party for the duration of the proof window
- Commingling: Assets on one exchange prove reserves for a different entity in the same corporate group
- Off-chain liabilities: Derivatives, lending positions, or institutional obligations not captured in the liability tree
The gold standard is a real-time + auditor-verified PoR with independent confirmation of asset addresses and liability completeness.
Third-Party Auditor Landscape
Post-FTX, several accounting firms began offering PoR attestation services:
| Firm | Notes |
|---|---|
| Mazars | Audited Binance’s PoR in late 2022, then abruptly suspended all crypto PoR work in December 2022 |
| Armanino | Audited FTX before the collapse (non-PoR audit); later withdrew crypto practice |
| Hacken | Security firm offering PoR attestations; used by smaller exchanges |
| Chainlink PoR | Decentralized oracle network providing real-time on-chain PoR feeds for wrapped assets (not full exchange PoR) |
| Deloitte / PwC | Have not broadly adopted exchange PoR; focus on traditional financial statement audits |
The Mazars withdrawal highlighted the reputational risk for Big Four-adjacent firms in crypto attestations following FTX.
Exchange PoR Status (2024)
| Exchange | PoR Method | Auditor | Frequency | Shortcomings |
|---|---|---|---|---|
| Binance | Merkle tree (self-published) | Suspended after Mazars withdrew | Monthly snapshot | Liability completeness disputed; Mazars withdrew |
| Kraken | Merkle tree | In-house + periodic third party | Quarterly | Long-standing, considered most credible |
| Coinbase | Publicly traded (full SEC audit) | Deloitte | Annual (10-K) | Not crypto-native PoR but highest regulatory scrutiny |
| OKX | Merkle tree | Self-published | Monthly | Auditor independence lacking |
| Bybit | Merkle tree | Self-published | Monthly | No third-party verification |
| BitMEX | Balance-sheet level | Self-published | n/a | No user-verifiable Merkle proof |
What PoR Doesn’t Prove
Even a perfect technical PoR implementation does NOT prove:
- Solvency: Off-balance-sheet liabilities (loans, derivatives, employee obligations) are not captured
- Future solvency: Today’s PoR says nothing about tomorrow
- Absence of fraud: Management could still commit fraud in ways beyond asset/liability gaps
- No lending: Exchange might be lending customer funds out; PoR only snapshots the time of proof
A complete picture requires PoR + full audited financial statements + regulatory oversight — the combination only publicly traded exchanges (Coinbase) currently provide.
Related Terms
Sources
- Dagher, G., Bünz, B., Bonneau, J., Clark, J., & Boneh, D. (2015). “Provisions: Privacy-Preserving Proofs of Solvency for Bitcoin Exchanges.” CCS ’15.
- Vitalik Buterin (2022). “Having a Stake Is Not Enough: A Defense of Proof-of-Reserves.” Vitalik.ca.
- Chainalysis (2023). “Evaluating Exchange Proof of Reserves: What Works and What Doesn’t.”
- Hacken (2023). “Exchange Proof of Reserves Audit Report: OKX.” Hacken Security.
- Kraken Blog (2022). “Kraken’s Proof-of-Reserves Program Verification Guide.” Kraken.