As the crypto industry rally around the transparency of Proof of Reserves (PoR) auditsKraken is encouraged to see more focus placed on testing, rather than promises.
However, while others are rushing to catch up, we have observed attempts by other platforms and exchanges to pass off watered-down and misleading methodologies as a Proof of Reserves audit.
In addition to causing confusion in the marketplace, these sketchy practices promoted as proof-of-reserve audits will erode trust and undermine the shared mission of accelerating financial freedom and inclusion for all.
To provide the level of transparency that customers deserve, the broader crypto industry must adopt rigorous standards around proof-of-reserve audits. In the midst of the chaos of last month, the industry has failed to explain what Proof of Reserves audits should actually entail and has convoluted the process to capitalize on the hype.
Crypto stakeholders who do not understand the actual purpose and proper application of Proof of Reserves audits risk being misled. Customers are now presented with misleading and incomplete Proof of Reserves claims, leaving them open to deception and therefore financial harm. Kraken voluntarily conducted the industry’s first Proof of Reserves audit and set a legitimate standard by accounting for not only our crypto balances, but also our customers’ liabilities under the supervision of an independent auditor.
Kraken believes that Proof of Reserves audits should include the following five components. Not including one of these five means that, in Kraken’s opinion, there is room for manipulation of the results. At the most fundamental level, Proof of Reserves audits are a combination of Proof of Assets and Proof of Liabilities. The absence of one or the other does not meet the gold standard and is not valuable to clients of an exchange.
In short, Kraken believes that you deserve proof, not promises, when understanding the health of your cryptocurrency exchange.
What are the components of the Proof of Reserves?
As a company that strives to lead the industry in transparency and trustit is our responsibility to point out the deficiencies and vulnerabilities of the less rigorous practices that are labeled as proof of reserves audits.
While it pioneered the practice of periodic proof-of-reserve audits, Kraken established the framework for how to carry out the practice effectively. Despite our disagreement with others trying to redefine what proof-of-reserve audits are, there is an opportunity to standardize the practice and provide transparency in a decentralized manner across the crypto industry.
Simply put, Kraken believes that Proof of Reserves audits should be a combination of Proof of Assets and Proof of Liabilities, with other features that add peace of mind to the client. The absence of one of these components should mean that the process does not meet the standard of a true Proof of Reserves audit.
proof of responsibilities
Tl;dr: how much do you need to exchange
In essence, the Proof of Reserves is, first and foremost, a proof of the client’s responsibilities. Without a clear picture of how much of a given asset is required to trade to cover customer deposits, the following components are incomplete.
In order to not only claim, but also prove customer liabilities, Kraken hires a third-party auditor who confirms the validity of claimed customer liabilities. The auditor also plays an important role in the Testing of Liabilities component. ensuring there are no negative balances, which may have resulted from liquidated margin positions and therefore could lead to inaccurate audit results, have been included in the Proof of Reserves audit. The role of the auditor, as well as the potential to offset the need for the auditor through full data availability, is discussed in more detail in the following sections.
Tl;dr: how much does the exchange have
Once the amount of clients’ liabilities for which the exchange is responsible has been established, they must prove their assets. Assets must equal or exceed the exchange’s clients’ liabilities, which means they must hold, at a minimum, an equal amount of a given asset to equal the liabilities of that asset based on client deposits.
A bad actor could easily point to a random wallet full of crypto and say it’s yours. Posting unconfirmed wallet addresses is the crypto equivalent of posing in front of a big pile of money: It’s there, but no one knows for sure who the rightful owner of that pile of money is.
For starters, wallet addresses without corresponding signatures are meaningless, since there is no way to prove ownership of the wallet. Furthermore, even wallets with proven ownership fall short unless it can be guaranteed that accounts with negative balances were not included in the Proof of Liability (a process that can be accomplished through an independent third-party auditor).
Tl;dr: assign each customer balance a unique identifier
Each balance under the control of the exchange must be assigned a unique identifier, which can be recreated using the same inputs again, also known as a hash. The hash is mathematically repeatable/verifiable (and statistically/virtually unique).
These unique identifiers, assigned to each customer balance, are then systematically combined in pairs and then put back together to form a Merkle tree. The end result of this process, after the final two hash values are shuffled one last time, is known as the Merkle root. This value serves as a fingerprint for all customer balances and allows them to verify that their assets were included in the Proof of Reserves audit process through a customer portal.
Tl;dr: Third Party Authentication and Monitoring
Without an auditor overseeing and verifying the rigorous standards of the Proof of Reserves audit process, bad actors can hide or mislead their customers. For example, an auditor makes sure that accounts with negative balances, which artificially reduce the total liabilities for which an exchange is responsible, were not included in the audit. Involving an auditor is not a complete guarantee of accuracy, but rather acts as a further increase in rigor.
It is worth emphasizing that other exchanges that are not using a reputable independent auditor (or that are not disclosing all verifiably proven assets and liabilities to the public) are not completing Proof of Reserves audits.
Tl;dr: don’t trust, verify
After all is said and done, clients should be able to independently verify for themselves that their balances (the pool’s liabilities) were included in the Proof of Reserves audit. Exchanges must provide access to a portal hosted by an independent third party for clients to authenticate that their balance was captured in the audit. Without a customer portal, customers would have to trust and be unable to independently verify that the exchange and the auditor included their balance in the audit.
We believe that a proper proof of reserves audit requires data to be hosted in a separate and independent location. What is needed is the ability of customers to verify that their balance was presented to the auditor.
Kraken believes that a proof of reserves audit should include cryptographic proof of customer balances and wallet control. To be considered a true Proof of Reserves audit, exchanges must include:
proof of responsibilities
To provide transparency and trust within the crypto industry, proof must remain a fundamental part of Proof of Reserves audits. Less rigorous standards will dilute the self-governance potential of Proof of Reserves audits and erode transparency across the crypto ecosystem.
For those looking for an exchange that continues to lead the way in transparency and trust, get started with Kraken today.
There are no formally accepted rules or procedures that define a proof of reserves audit. For ours, we retain an independent accounting firm to perform work under the standards established by the American Institute of Certified Public Accountants and to issue an Independent Accountant’s Report on Agreed Procedures. This report includes specific procedures performed by that firm, as well as its findings.
These materials are for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell or hold any digital asset or to engage in any specific trading strategy. Some cryptographic products and markets are not regulated and you may not be protected by government compensation schemes and/or regulatory protection. The unpredictable nature of crypto asset markets can lead to loss of funds. Taxes may be payable on any returns and/or on any increase in the value of your crypto assets and you should seek independent advice on your tax position.
This post Proof of Reserves or Proof of Nothing: There is no middle ground
was published first on https://blog.kraken.com/post/16592/proof-of-reserves-or-proof-of-nothing-there-is-no-in-between/