What are proof-of-reserves audits, and how do they work?

Blockchain
What are proof-of-reserves audits, and how do they work?
0


Key takeaways

PoR audits are cryptographic verifications used by cryptocurrency exchanges to prove they hold sufficient assets to cover customer deposits. Using methods like Merkle trees and zero-knowledge proofs, PoR ensures transparency, similar to how capital reserves are mandated in traditional finance for stability.Coinbase’s cbBTC uses PoR to verify that for every wrapped Bitcoin, an equivalent amount is securely held in Coinbase’s custody. PoR audits can verify asset holdings but do not account for liabilities, which can mislead users about an exchange’s solvency. 

Proof-of-reserves (PoR) audits have become a vital tool in the cryptocurrency industry to promote transparency and security, especially in the wake of high-profile exchange collapses like FTX. 

While similar in concept to traditional banking capital adequacy requirements, PoR audits come with certain limitations, especially in their inability to verify liabilities and their reliance on periodic reports. 

This article explores PoR audits, their role in crypto and their evolution into more robust models for ensuring exchange solvency.

What are proof-of-reserves audits?

Cryptocurrency exchanges are increasingly adopting proof-of-reserves (PoR) audits to verify they hold sufficient assets to cover user deposits. These cryptographic audits, using Merkle trees and onchain verifications, serve as a transparency mechanism in crypto, much like capital adequacy requirements do for traditional finance.

But does the PoR concept draw inspiration from TradFi?

In traditional banking, regulators have long mandated that financial institutions maintain a certain level of capital reserves to safeguard against potential risks. This framework ensures that banks can absorb unexpected losses and continue to operate during economic downturns. A pivotal moment highlighting the importance of such regulations was the 2008 financial crisis. 

During this crisis, many banks faced significant losses due to high-risk exposures, leading to a global economic downturn. In response, international regulatory bodies introduced more stringent measures to bolster the resilience of financial institutions.

One such measure is the Basel III framework, established by the Basel Committee on Banking Supervision. Basel III set forth comprehensive reforms to improve the regulation, supervision and risk management within the banking sector. 

Common equity tier 1 (CET1) capital requirements mandate financial services firms to hold a minimum amount of common equity relative to their risk-weighted assets, ensuring they have a solid capital base to cover potential losses.Leverage ratio serves as a backstop to the risk-based capital requirements, limiting the extent to which a bank can leverage its capital base.Liquidity coverage ratio (LCR) ensures that banks have sufficient high-quality liquid assets to withstand a 30-day stressed funding scenario.Net stable funding ratio (NSFR) promotes resilience over a longer time horizon by requiring banks to fund their activities with stable sources of funding.

These measures aim to enhance the banking sector’s ability to absorb shocks arising from financial and economic stress, thereby reducing the risk of systemic crises.

A parallel concept known as proof-of-reserves (PoR) audits has emerged in the world of cryptocurrencies to promote transparency and trust within digital asset platforms. PoR audits are cryptographic verifications that confirm whether a cryptocurrency exchange or custodian holds the assets it claims on behalf of its users. 

These cryptographic audits, using Merkle trees and onchain verifications, serve as a transparency mechanism in crypto. The primary goal is to provide assurance that these platforms are solvent and can meet customer withdrawal demands. Some audits provide the dollar equivalent of the reserves, whereas others report in major cryptocurrencies like Bitcoin (BTC) and Ether (ETH).

How do proof-of-reserves audits work?

PoR audits use cryptographic methods like Merkle trees to verify that exchanges hold sufficient assets to cover user deposits, but they don’t prove solvency, as they don’t account for hidden liabilities. 

These audits are designed to verify that cryptocurrency exchanges and custodians actually hold the assets they claim on behalf of their users. The process typically begins with asset verification, where platforms disclose wallet addresses or use cryptographic proofs, such as Merkle trees, to confirm holdings without revealing sensitive account details. 

A Merkle tree allows user balances to be hashed and aggregated into a single “Merkle root,” which auditors and users can verify independently. Additionally, a third-party auditor may be involved to assess whether the exchange’s reserves match its reported holdings. Alongside this, customer liability verification ensures that total deposits do not exceed available reserves, strengthening the credibility of the exchange’s financial standing.

While traditional PoR audits rely on Merkle trees, they have limitations, such as the inability to prove solvency (i.e., whether an exchange has hidden liabilities or outstanding loans). To address this, ZK-proofs are being explored as a more private and secure method of reserve verification. 

Zero-knowledge (ZK) proofs offer a more advanced solution by enabling exchanges to mathematically prove they are fully backed without revealing sensitive data, paving the way for proof-of-solvency audits.

A ZK-proof-based PoR system could allow an exchange to mathematically prove that its reserves exceed its liabilities without revealing individual account balances or wallet addresses. This eliminates the risk of exposing sensitive user data while still providing strong cryptographic assurance that the exchange is solvent. Some blockchain projects and exchanges are experimenting with ZK-proofs for PoR, but adoption remains in the early stages.

Ultimately, PoR audits are a critical step in improving transparency in crypto markets, especially after past exchange failures like FTX, which falsely represented its reserves. By combining Merkle trees with ZK-proofs, the industry could move toward proof-of-solvency audits, which not only verify reserves but also ensure an exchange does not carry undisclosed debts. 

Here are the differences between Merkle tree-based PoR and zero-knowledge proof-based PoR:

Merkle tree-based PoR vs. zero-knowledge proof-based PoR

If widely adopted, these methods could enhance trust in centralized exchanges (CEXs) while maintaining user privacy, offering a regulatory-friendly yet decentralized approach to crypto financial accountability.

Below is a list of exchanges and their PoR audit details.

Exchanges and their PoR audit details

Did you know? Following a hack in February 2025, Bybit underwent a comprehensive PoR audit conducted by the cybersecurity firm Hacken. This audit confirmed that Bybit’s holdings fully covered user liabilities, maintaining a 1:1 ratio for all in-scope assets. The audit encompassed a full verification of wallets containing 40 different asset types, ensuring transparency and security for all users.

What is Coinbase’s cbBTC, and how does it ensure trust through PoR?

Coinbase’s cbBTC is a token that represents Bitcoin (BTC) 1:1 onchain, fully backed by the equivalent amount of Bitcoin held in Coinbase’s custody. By wrapping BTC into cbBTC, users can interact with it in decentralized applications (DApps) and across various blockchains, such as Ethereum, Solana and Base, while retaining its Bitcoin value.

Coinbase uses PoR to ensure transparency and verify that the wrapped cbBTC tokens are fully backed by actual Bitcoin reserves held by Coinbase. PoR audits confirm that Coinbase holds sufficient Bitcoin in its reserves to support all issued cbBTC, maintaining trust and security for users who wrap or redeem their Bitcoin.

PoR audit and transparency for cbBTC

1:1 backing of cbBTC by Bitcoin: Coinbase ensures that for every cbBTC token issued, there is an equivalent amount of Bitcoin securely stored in its custody. This process ensures the integrity and security of cbBTC, allowing users to confidently use their wrapped tokens in decentralized finance (DeFi) and across multiple blockchain platforms.PoR for user assurance: PoR audits help verify Coinbase’s claims by cross-checking its Bitcoin reserves with the number of cbBTC tokens in circulation. This audit ensures that users’ wrapped tokens are always fully backed, offering additional security and transparency. As part of its PoR commitment, Coinbase has published audit reports that confirm its reserves.Secure handling of Bitcoin reserves: Coinbase ensures that the Bitcoin backing cbBTC is not sold, transferred or used for other purposes. The Bitcoin is held securely to maintain the 1:1 backing for cbBTC, ensuring that users can redeem their wrapped tokens for Bitcoin at any time.

CbBTC is accessible to Coinbase customers with verified accounts who are based in select regions, including the US (excluding New York), the UK, the European Economic Area (EEA), Australia, Singapore and Brazil. Additionally, users can acquire cbBTC through Coinbase Wallet or other third-party exchanges that offer support for it.

Did you know? While Coinbase provides transparency through PoR, you should be aware that the wrapping or unwrapping of cbBTC does not constitute a taxable event for the IRS, as clarified by Coinbase. However, you should consult tax professionals for personalized guidance.

Limitations of PoR approach

While proof-of-reserves audits verify that exchanges hold assets, they fail to account for liabilities, creating a false sense of security. Additionally, PoR audits are mere snapshots with no real-time oversight.

While proof-of-reserves audits enhance transparency by verifying that exchanges hold sufficient assets, they come with notable limitations that can create a false sense of security. 

Liability exclusion concern: One of the biggest concerns is the exclusion of liabilities. PoR audits only confirm the assets an exchange holds, not whether they have outstanding debts, obligations or hidden leverage. 

This was a critical issue with FTX, which falsely presented itself as solvent by showcasing its assets without disclosing the massive liabilities owed to creditors and users. Without a simultaneous proof-of-liabilities (PoL) audit, an exchange can appear well-funded while actually being deeply insolvent. Both assets and liabilities are needed to be included in this exercise for it to be completely useful.

Snapshot audits and ongoing solvency risks: Another key limitation is the snapshot nature of these audits, which provide verification for a single moment in time but do not guarantee ongoing solvency. An exchange could pass a PoR audit today and deplete reserves the next day by moving funds, taking on new liabilities or engaging in risky lending practices. 

For instance, when Binance published its first PoR audit in December 2022, it faced criticism because it was a one-time report rather than a real-time solvency check. Unlike traditional finance, where banks undergo continuous regulatory scrutiny and stress tests, crypto PoR audits lack ongoing oversight, leaving room for manipulation between audit periods. Some firms, like Nexo, introduced real-time PoR in 2021 but discontinued it in 2024, as their auditors could no longer support the capability.

Reliance on third-party auditors: Lastly, PoR audits rely heavily on third-party auditors, making their effectiveness dependent on the credibility and independence of the auditing firm. Some exchanges have opted for internal audits, which raises concerns about objectivity and transparency. 

A case in point is Mazars Group, the auditing firm that conducted PoR reports for Binance and Crypto.com in 2022. It later withdrew from providing crypto audit services, citing concerns over the reliability of the process. This incident underscored the industry’s need for stronger, independent and standardized auditing frameworks to ensure that PoR audits genuinely reflect an exchange’s financial health rather than serving as a mere public relations tool.

Proof-of-reserves as a step forward, not a perfect solution

PoR is a good step in the right direction. It is not perfect, but there is no need to make perfection an enemy of progress. Many of the recent developments in the cryptocurrency industry look promising, where PoR can not only serve native crypto assets but could also help traditional finance when their assets and liabilities are tokenized. 

In its ideal form, PoR should be used to assess the solvency of any counterparty, whether in DeFi, centralized finance (CeFi) or traditional finance (TradFi), making the future of finance more robust and reliable with its implementation



Source link

You might also like
Blockchain

Innovative Sequencing Models Aim to Redistribute MEV in Blockchain

Blockchain

NVIDIA Unveils Blackwell Ultra to Revolutionize AI Reasoning

Blockchain

Cryptocurrency’s Role in Fentanyl Trafficking and Countermeasures

Blockchain

Kraken to acquire NinjaTrader for $1.5B to offer US crypto futures

Leave A Reply

Your email address will not be published.

bitcoin
Bitcoin (BTC) $ 84,359.60
ethereum
Ethereum (ETH) $ 1,977.28
tether
Tether (USDT) $ 0.999808
xrp
XRP (XRP) $ 2.43
bnb
BNB (BNB) $ 630.38
solana
Solana (SOL) $ 127.62
usd-coin
USDC (USDC) $ 1.00
cardano
Cardano (ADA) $ 0.718744
dogecoin
Dogecoin (DOGE) $ 0.169287
tron
TRON (TRX) $ 0.235459