The Ins And Outs Of Proof-of-Reserves

The Ins And Outs Of Proof-of-Reserves

The Ins And Outs Of Proof-of-Reserves

The Ins And Outs Of Proof-of-Reserves

The Ins And Outs Of Proof-of-Reserves

Read Time: 7 minutes

The staggering implosion of FTX, one of the big leagues in the industry, created a tremor that reverberated last week. The market crisis is so deep that the prices of digital currencies were plummeting, with the impact being felt by the world’s biggest cryptocurrencies, such as Bitcoin and Ethereum. 

With the crypto investors taken aback by the situation, what directions do the centralized exchanges pursue to win back the public trust? 

That gets us to know why centralized exchanges are committing to proof of reserve. Considering that proof of reserves lifts the transparency of crypto exchanges by showcasing their asset holdings matches with the liabilities, does that make them trustworthy?

This article comments on the views about proof of reserve and how good a solution it is to regain trust in centralized exchanges

Introduction To Proof of Reserves

A custodial service provider holding customers’ funds in crypto offers proof of reserve program. Through this, the crypto exchanges exhibit that the deposit on the reserves matches the liabilities. 

It convinces users that the exchange’s deposit holdings are enough to prove their solvency to the customers. 

Proof of reserve gives the balances of all the crypto holdings listed in the platform, and user’s can also collectively verify their balances. 

Deducing it into a simple equation,

Proof of Reserves + Proof of Liability = Proof of Solvency

Ref: Proof of Reserves – Nic Carter

Getting Into The Details…

Several crypto exchanges pledge to stay transparent by establishing their proof of reserves. While in reality, what’s the whole picture of it?

The cryptocurrency exchange uses proof of reserve as a medium to prove that its exchange has enough liquidity to initiate customer withdrawals. Also, customers can parallelly have a watch on their funds lying in the exchange. 

But how is this implemented? It involves using the Merkle tree, which produces an efficient data structure. Customers can point to their funds in this Merkle tree by giving the respective hash.

Does this mean the customer can be completely assured of their funds in the exchange? What if the exchange borrows funds to show accountability for liabilities?

That highlights the importance of hiring a third-party auditor to attest the on-chain or off-chain holdings match the money that the exchange claims to hold. A third-party auditor verification of the liabilities and the balances makes the proof of reserve trustworthy to some extent. 

More on proof of reserve audits in the upcoming passage. 

Workflow Of Proof of Reserve Audits

Exchanges can hide certain liabilities to match them up with the reserve holdings and portray themselves as faithful to users. 

That’s why it requires a third-party auditor to do the reality check on these by fully assessing the platform. 

The auditing process is as follows:

  • During an audit, the company submits records of all the holdings of the reserves and the user deposits. 
  • The auditor checks the holdings in on-chain and off-chain equals the claims of the total company’s reserve 
  • The auditor verifies user balances by hashing with their unique ID and validates the address by transacting random amounts to accounts.
  • A cryptographic Merkle tree is the integration of data structure. The hashes are aggregated to the Merkle tree, which creates a Merkle root. 
  • The accuracy of the user balances can be cross-examined by pointing to the specific hash of the user in the Merkle tree
  • And finally, if all the balances with the associated addresses from the Merkle tree match with the custodian claims, the auditor verifies the platform. 

The Underpinning Concerns On proof of reserve Audits

Exchanges can cheat by hiding certain liabilities from view. So, individuals can collectively verify their balances by verifying their hash position in the Merkle tree. This way, they can ensure the company reserves are enough to back their funds.

Proving control over the on-chain holdings of funds is tricky as the exchanges can forge by borrowing funds on a short-term basis. Also, the exchange reserves put to view on the dashboard are subjected to a specific moment in time and are not based on real-time.

And what if the auditors stand in favour of the reserve, it might give a false sense of security. That brings the user placing trust in audits to verify the reserve balance to a question.

These are some of the other concerns in completely placing trust in the proof-of-reserve disclosed by the company. 

CEXs Revealing Their Proof Of Reserve – From Where It All Started?

FTX Downfall Triggering CEXs To Disclose Proof of reserves For Better Transparency.

Let’s touch upon the history of FTX- the reason behind all the rage!

Timeline of Happenings In The FTX collapse

2017 – Sam Bankman-Fried(SBF) founded Alameda Research, a cryptocurrency trading firm. 

2019 – Sam Bankman-Fried founded FTX, a Cryptocurrency exchange which issues its own FTT token. FTX is the fourth-largest cryptocurrency exchange.

2021 – SBF promoted the traders of Alameda research to co-CEOs and turned his focus towards the FTX platform.

Up until the publication of the CoinDesk report on Nov 2nd, 2022, FTX was believed to be doing just fine. Let’s have a look at the series of events following that. 

Nov 2nd’22: CoinDesk report on Alameda’s troubled balance sheet that gave in to speculations as it exposed Alameda’s huge reliance on FTX exchange’s FTT token.

Nov 6th’22: Changpeng Zhao(CZ), CEO of Binance, tweeted on their plan to sell off Binance’s holding of FTT tokens, referring to the CoinDesk article on FTX and Alameda’s blurred funds. 

Meanwhile, the suspicion of a lack of liquidity to back user transactions on FTX started growing after the CZ tweet, and users started withdrawing funds. SBF posted a tweet the same day saying the platform saw a $5B withdrawals on 6th Nov. 

Nov 8th’22: Binance and FTX CEOs struck a deal signing a non-binding letter of intent to buy the failing FTX exchange and ease the market panic. 

FTX halted the non-fiat customer withdrawals. SBF tweets on FTX liquidity issues with apologies. 

Nov 9th’22: Having said that, it completed its “corporate due diligence,” Binance withdrew the plan of acquiring FTX exchange.

Nov 11th’22: FTX filed for voluntary chapter 11 bankruptcy proceedings for FTX, FTX.US and Alameda.

Nov 11th’22: On the evening of Nov 11th Friday, FTX and FTX.US wallets were drained of more than $600M in an apparent hack. FTX circulated a message on Telegram stating FTX apps are malware and asked users to stop any interactions with the platform.

Centralized Exchanges Response In The Wake Of FTX crash

Following the FTX implosion, Binance CEO CZ proposed publishing Merle-tree proof of reserves by crypto exchanges to curb the widespread panic prevailing around the industry. 

Top exchanges like Kraken and released auditor-assisted proof of reserve paired with Merkle tree for user validation.  

While others, like Coinfloor and HBTC, provide self-assessed proof of reserve with the Merkle tree approach for users to verify their balance.

Several other crypto exchanges, including Huobi, Poloneix, and, have also announced to engage in publishing their reserves to the public view. 

The world’s top cryptocurrency exchange – Binance leading the path to greater transparency!

Following Binance’s commitment to transparency, it disclosed its cold wallet addresses and holdings of the cryptos listed on the platform.

Binance reserves hold 475,000 BTC, 4.8M Ether, 17.6B USDT, 601M USDC, 58M BNB and 21.7B of its native stablecoin, BUSD.

Furthermore, CZ tweeted about creating Merkle Tree proof of funds to be shared with the community in the coming weeks. 

Pondering On Company’s Reserve – A Sigh of Relief Though!

While it is clear that producing proof of reserve is no match to the transparency that decentralization provides, it is still better than nothing for the following reasons.

  • Ensures exchanges are vigilant to depositor funds about solvency. Customers can be convinced of their funds in reserve, which ensures their project’s continuity with the exchange. 
  • It works as a strong self-regulatory measure. Thereby exchanges regularly expose the reserve holdings to the public, promoting openness about the rules played by the exchange.
  • Routine PoR attestations make it virtually impossible to hide Fractional reserves.

PoR Auditing For Improved Transparency And Trustworthiness

On a concluding note, Merkle tree Proof of reserve might be an improvement but not a complete solution. It is a good verifier for customers to have information about their funds without complete control over them. 

And for ease of access, QuillAudits pitches in “Web3 suggest” to bring communities together to acquire collective information on documented proof-of-reserves by exchanges.

To learn more about PoR audits, our security experts at QuillAudits are just a click away:


What is PoR attestation?

Proof of reserve gives the balances of all the crypto holdings listed in the platform, and user’s can also collectively verify their balances. Third-party auditors do the PoR attestation for a periodic review of balances in the reserves.

What are considered to be reserve assets?

Assets with a strong-liquidity profile, such as Bitcoin(BTC), Ether(ETH) and stablecoins such as Binance(BUSD), dai(DAI), and USD Coin(USDC). 

Is auditing a must to verify a company’s reserves?

Third-party attestations affirm the transparency of the company’s reserves much better than self-attested. At the same time, it is also important that the custodian provides cryptographic hashes to the users to verify their balances in the reserves.

Will PoR regain trust in centralised exchanges?

While it is clear that producing proof of reserve is no match to the transparency that decentralization provides, it is still better than nothing. Read the article to know more about this.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+