Proof of Reserves can serve as a crucial aspect of cryptocurrency exchange’s ability to ensure users that their funds are safe and secure. PoR helps in establishing trust between the users and the exchange by providing transparency into the CEX’s funds on hand and continuously holding them accountable rather than onces a quarter. Without Proof of Reserves, there's no way to ensure that an exchange is holding the amount of cryptoassets it claims to be holding. This puts users' funds at risk and makes it easier for exchanges to engage in fraudulent activities.
PoR helps prevent scams and fraud by providing a transparent, accountable mechanism for verifying an exchange's assets. Because of this, PoR is an exciting development for the industry, as it allows organizations to leverage the immutability of a public blockchain and cryptographic mechanisms to provide proof of the existence and control of customers’ digital assets held by centralized organizations. This can significantly enhance the industry’s security and trustworthiness in a sector that has a long history of hacks and insolvencies.
List of major CEX hacks over the years.
Proof of Reserves offers significant benefits to both users and custodial institutions. For users, PoR enables the verification of asset custody, allowing for informed decision-making and accurate transaction records. This ensures confidence in the safety of their assets.
For custodial institutions, PoR helps regain and maintain user trust, which has been eroded by recent events in the industry. By developing robust PoR facilities, reputable institutions can demonstrate their commitment to transparency and accountability. Additionally, PoR provides an immutable, on-chain record that can be scrutinized for accuracy, further bolstering trust in the industry.
How Does Proof of Reserves Work?
Proof of Reserves works by having an exchange sign a message that confirms it holds a certain amount of crypto. This message is usually a cryptographic hash that contains the following:
- The exchange’s public address
- The amount of cryptocurrency held in the address
- The date the message was signed
The exchange can then share this message with its users, who can verify that the exchange has the requisite amount of cryptoassets to cover its liabilities.
To elaborate a bit further, custodial institutions in crypto typically use a hot wallet for day-to-day operations, such as fulfilling withdrawal requests from users, and a cold wallet for long-term storage and security of a portion of users' deposits. Users are typically given a unique wallet address to make deposits, which are then moved between the hot and cold wallets as necessary.
While details of the institution-held assets can be partly obtained by tracing the details of transactions involving their hot and cold wallets, this only presents an aggregated view of the total assets in custody and doesn't provide any information about which users own what portion of the total assets.
A PoR audit involves a deeper study to collate the total assets held by the institution and prove that the institution holds the appropriate amount of assets to cover the users' deposits. This process typically uses Merkle tree technology, which creates a hash tree to organize and verify the data’s integrity. By publishing a Merkle root of the users' balances on-chain, a custodial institution can provide proof of the amount of assets it holds on behalf of its users, while still preserving the anonymity of individual user account balances.
