The lack of transparency in the world’s most popular crypto service providers has led to their demise.

We’ve seen how, during a market downturn, customers of centralised exchanges were not able to withdraw their funds from FTX, Celcius, and Voyager among others, despite their relatively large market share. From this, we have solid proof that these companies were insolvent — for every dollar they owed to customers, they had less in assets.

No one should lose money to discover that these companies were insolvent. This is why other centralised exchanges now are starting to work with third-party auditors to create a proof of reserve for themselves.

In this guide, we’ll go over what proof of reserve is, how it works, and whether or not it can help investors regain trust toward centralised exchanges.

New to crypto? Start with our 101 guide on crypto.

What is a Proof of Reserve?

In the context of reserve auditing, proof of reserve is a piece of data (a proof) that allows anyone to verify that the auditing process was valid. It’s a solution to a problem that centralised exchanges are facing.

On one hand, they want to be trustworthy by showing how transparent they are. On the other hand, they don’t want to reveal every single account balances in a public document. Nor do they want to reveal the company’s finances, if it is a private company.

Another problem is that centralised exchanges want to make sure that customers can verify that the audit was done correctly, without trusting the third-party auditor. Therefore, a proof of reserve may be the most appropriate tool to solve the problem.

Related: What is blockchain technology?

What does a Proof of Reserve look like?

Proof of reserve isn’t like a traditional attestation document. An attestation document will show actual numbers that represent the health of a financial institution’s balance sheet.

Of course, as stated before, if the company is private, it isn’t obligated to reveal the actual financial data to the public.

The auditor could only give the public a Yes or No answer — whether the company is solvent or insolvent. They can do this by comparing the sum of the account balances of every customer with the wallet balances of the company.

But what the auditor can do is offer a clue or proof that they’ve done their job correctly. Therefore — it may seem like a surprise to you — a proof of reserve typically looks like this:

70726f6f66206f662072657365727665

How Proof of Reserve really works

In order for a reserve audit to be valid, the following must be done correctly by the third-party auditor:

They have an accurate snapshot of ALL customer accounts and balances.
They have an accurate snapshot of the exchange’s assets and liabilities.

What proof of reserve does is to prove that all customer balances have been accounted for. This is done by employing a tool called a Merkle Tree.

A Merkle Tree is actually a vital part in Bitcoin and blockchains, but it can also be used in this situation.

How a Merkle Tree is used for making the Proof of Reserve

Imagine a spreadsheet table with two columns. One column lists down all the account IDs, and the other lists down the account balance (of a particular coin or token) for each respective account ID.

If this spreadsheet were to go public, every account owner can go to this document and search for their account on this list.

Obviously, this is terrible for privacy reasons. So, the auditor should use a special function called a hashing function to make each data unreadable to the human eye.

A hashing function usually outputs a string of digital gibberish. But for the sake of simplicity, the hashing function for our example only joins up two strings of text into one.

Account_A + 1_BTC → Account_A_1_BTC

Account_B + 0.2_BTC → Account_B_0.2_BTC

Account_C + 1.3_BTC → Account_C_1.3_BTC

Account_D + 5_BTC → Account_D_5_BTC

This is the First Level hashing result. We’re not done here. We see that there are four accounts. They will make two pairs of accounts, and combine their hashing output to create two hashing outputs at the Second Level.

Account_A_1_BTC + Account_B_0.2_BTC = Account_A_1_BTC_ Account_B_0.2_BTC

Account_C_1.3_BTC + Account_D_5_BTC = Account_C_1.3_BTC_Account_D_5_BTC

So, that’s the Second Level hashing. When there are more accounts, there’ll be more levels of hashing until finally, we end up with just two pieces of data, the Last Level hash, which we have now.

We then take the last two pieces of data, and combine them into one piece of data — called the Merkle Root. In our case, it looks like this:

Merkle Root = Account_A_1_BTC_ Account_B_0.2_BTC_Account_C_1.3_BTC_Account_D_5_BTC

In real life, this one piece of data will look gibberish and unreadable. However, in our example, it’s very clear that if any of the account was missing or its balance was being tampered with, the Merkle Root will look entirely different. One small change can drastically change the Merkle Root.

The Merkle Root gives you the Proof of Reserve, as the one piece of data that summarises everything about that list of account.

How Proof of Reserve is used for verification

If you are an account owner of a centralised exchange, and you want to know if your account was included as part of the audit, you can do so without trusting any other software other than your own.

Instead of revealing every piece of information about every other account, the Merkle Tree will give you a few things in order to arrive to the same Merkle Root.

The Proof of Reserve (the Merkle Root)
The hash output of levels above that doesn’t include your account.

For Account A, the hash output of the first and second levels are used:

Account_B_0.2_BTC (first level)
Account_C_1.3_BTC_Account_D_5_BTC (second level)

Remember, these hash outputs aren’t readable in real life applications. From these three information, you can recreate the Merkle Root.

Account_A_1_BTC + Account_B_0.2_BTC = result

result + Account_C_1.3_BTC_Account_D_5_BTC = Merkle Root

If there’s an account that was excluded from the auditing process, say Account E, doing this work using Account E will never give you the same Merkle Root or Proof of Reserve.

This is what makes the Proof of Reserve a powerful yet trustless tool to ensure transparency from the auditor’s end.

What about transparency from the exchange’s end?

Proof of Reserve lets everyone know that the auditing process was done correctly, that every account and crypto balance is being recorded. When done correctly, the auditor knows exactly how much the exchange owes to the customers.

However, exchanges could still be dishonest from their end. They could simply borrow funds to make the impression that their wallet has enough funds to cover every customer. Proof of Reserve is only limited to the customer side of the equation.

Illustration for crypto transparency and research.

On-chain data must be thoroughly examined to ensure that the exchange’s funds are not borrowed from elsewhere.

This is why it’s important also to account for the exchange’s total liabilities, which unfortunately is still difficult to prove on-chain without the help of smart contracts.

After all, exchanges could evade the use of smart contracts to make a sneaky arrangement with shadow wallets (or even other exchanges). The controversy is a good topic for maybe another time.

Another worry is that the auditing process only takes a snapshot of a moment in time. At this stage, the process doesn’t work in real time, so again, exchanges could return their borrowed assets to shadow wallets after the auditors leave.

The takeaway

Proof of reserve allows anyone to “audit the auditing process”. By doing the hashing work themselves, if the audit is valid, they can arrive towards the same Merkle Root.

Proof of reserve may sound like an enticing concept at first. However, until regulators uphold a much higher standard for exchanges, relying on proof of reserve alone is not enough to gain the trust of centralised exchanges.

Further reading: Explore more topics on all things crypto in our learning hub.