In response to FTX's recent shocking demise, cryptocurrency exchanges across the industry from Binance to Crypto.com are pledging to display proof of reserves as a way to boost transparency. The goal is to make sure a disaster like this doesn't happen again.
Leaders across the industry are applauding this abrupt shift toward transparency. Providing proof of reserves—a way to prove that a custodian still has their users’ funds—has been possible for ages, and exchanges are now actually finally implementing the technology.
But some industry leaders are warning users to remember that proving reserves has its limitations.
Casa CTO Jameson Lopp told Decrypt that “one of the primary problems is that it's impossible to prove a negative. Point being, you can't prove that there aren't more liabilities than there are assets.”
This follows up on his tweet last week arguing that "it's better to have [proof of reserves] than to not have it," but it's not a "panacea." Others worry that these proofs will lure users into a false sense of security if they don't understand the limits of what a proof of reserves can and cannot prove.
Proof of Reserves is not a panacea.
You're still trusting the auditor's attestation.
You're still hoping reserves exceed liabilities.
But it's better to have PoR than to not have it.
— Jameson Lopp (@lopp) November 9, 2022
Snapshot in time
A "proof of reserves" is essentially a snapshot—whose accuracy is backed by a cryptographic proof—of how many reserves a custodian has at one time, using the transparency of Bitcoin and other cryptocurrency blockchains; it's a way to prove that exchanges or other third-party custodians actually have their users’ money.
This type of proof has been in the news frequently recently as the industry explores it as a way to provide future FTX scenarios. In response, a top exchange Crypto.com released its proof of reserves last week, revealing that 20% of their reserves are in Shiba Inu, the dog memecoin modeled after Dogecoin, which started off as a joke. And the world’s largest crypto exchange Binance is planning on working on a proof-of-reserves protocol invented by Vitalik Buterin, creator of Ethereum.
One thing to keep in mind is that there are different types of proof of reserves, some more rigorous than others. Crypto analyst Nic Carter, who has been championing proof of reserves for years, endorses a form of it that includes reporting liabilities on top of reporting reserves, for a much clearer depiction of where the custodian stands financially.
On his website, he tracks how many custodians implement proof of reserves. Some exchanges such as BitMEX include liabilities in their snapshots, while others, such as Crypto.com, so far only show a snapshot of their reserves.
Carter agrees that proof of reserves is not perfect, but it is necessary for improving the industry. "To those who reject [proof of reserves] because it’s not perfectly trustless in its current implementation, I would respond that the perfect is the enemy of the good. At present, the industry standard is virtually no transparency," he writes on his website.
'Not your keys, not your coins'
The trick is, things can go awry even when proof of reserves is in place. Over the last couple of days, some exchanges have been accused of passing around millions of dollars of funds to help other exchanges pass proof of reserves audits. This hasn’t been proven, but it’s a theoretical possibility nonetheless.
Then, there's always the off-chance an exchange might not report all of its liabilities.
“What a [proof of reserve] really is, is an attestation. You're still trusting that the audit is complete and accurate. And having such an attestation in no way changes your security model as a customer of said custodian,” Lopp said.
As BitGo CEO Mike Belshe put it: "Proof of reserves is a good start. But it is impossible to prove non-existence of liabilities. Tracking liabilities comes with solid, clean financials, audits, and regulation."
Not to mention, proof of reserves can't prevent hacks, one of the most common ways that exchanges and cryptocurrency projects have lost funds over the years.
Is there a foolproof way of ensuring coins aren't lost by a trusted third party?
Many in the industry argue that the best way to ensure funds aren't stolen by a third party is to not trust them at all. After all, a common refrain across the industry is: "Not your keys, not your coins.”