What is Proof-of-Reserves?
A Proof-of-Reserves (PoR) is an independent audit overseen by a third party to verify the custodian’s balance sheet, thus ensuring accountability and liability toward all clients’ assets.
How is it done?
During the audit, proof of reserves obtained via anonymised snapshots of users’ account balances. Thereafter, they are combined into a cryptographic Merkle Tree which generates a Merkle Root — a privacy-friendly and unique fingerprint which represents all the users’ balances.
By cross-examining only a few anonymous balances with verified ones, the Merkle tree enables the authentication of the accuracy of all accounts, while eliminating the need to examine each individual account.
Digital signatures of custodians are procured as the final step to certify that they control the on-chain addresses holding the assets, and allowing auditors to confirm that the platform maintains a reserve of all clients’ assets.
Importance of Proof-of-Reserves
Crypto exchanges are the most highly trafficked crypto companies in the world, and there are growing statistics of crypto companies failing because of liquidity issues. This highlights the significance of offering a PoR as verifiable proof that customers’ funds are safe while preventing financial meltdowns, as seen in the recent downfall of FTX.
By employing mitigation measures such as PoR, it could have (in theory) prevented the fraudulent movement of over $10 billion of customers’ assets and averted one of the biggest crises seen in the history of crypto.
In addition to Proof-of-Reserves, other security measures, such as Proof-of-Work (PoW) and Proof-of-Stake (PoS) are also established in the blockchain. With PoS, participants, also known as “validators”, stake a set amount of crypto tokens in return for an opportunity to validate new transactions and earn compensation. Through this, the PoS process encourages the development of new blockchain nodes, which authenticates the legitimacy of network transactions, known as blocks.
Limitations of Proof-of-Reserves
Even with PoR in place, there are still some starkly worrying loopholes which have been highlighted. Although crypto exchanges have diligently published their proof of reserves in response to public demands after the FTX crisis, some have been accused of transferring funds to help other exchanges pass the audits. Crypto.com in particular, transferred 280,000 Ether to Gate.io after delivering its PoR results, thus further fuelling concerns regarding the legitimacy of audits.
The Middle Ground
Although the model of PoR is neither perfect nor fool-proof, the recent cataclysmic meltdown of multiple high-profile crypto corporations unveils the urgent need for regulation to minimise its potential to uproot the stability of our current financial system. Imposing PoR may seem trivial, but it is an essential step in the right direction.
How can Regtank help?
The Regtank solution is designed and developed by following the Financial Action Task Force (FATF) guidelines. The solution enables companies to fulfil the latest regulatory obligations in multiple jurisdictions and keep up the fight against ML/FT activities with our innovative customisable risk engine. Adopting a risk-based approach, Regtank is constantly improving on the solution and is aligned with the Monetary Authority of Singapore’s (MAS)’s supervisory expectation on name screening practices.