Source: Cointelegraph Original: "{title}"
Proof of Reserves (PoR) audits have become an important tool for promoting transparency and security in the cryptocurrency industry, especially following the collapse of well-known exchanges like FTX.
While conceptually similar to the capital adequacy requirements in traditional banking, PoR audits have some limitations, particularly in verifying liabilities and their reliance on periodic reporting.
This article explores PoR audits, their role in the cryptocurrency space, and how they are evolving into more robust models to ensure the solvency of exchanges.
Cryptocurrency exchanges are increasingly adopting Proof of Reserves (PoR) audits to verify that they hold sufficient assets to cover user deposits. These cryptographic audits, which use Merkle trees and on-chain verification, serve as a transparency mechanism in the cryptocurrency space, akin to capital adequacy requirements in traditional finance.
But does the concept of PoR draw inspiration from traditional finance?
In traditional banking, regulators have long required financial institutions to maintain a certain level of capital reserves to guard against potential risks. This framework ensures that banks can absorb unexpected losses and continue to operate during economic downturns. A key moment highlighting the importance of such regulations was the 2008 financial crisis.
During this crisis, many banks faced significant losses due to high-risk exposures, leading to a global economic recession. In response, international regulators introduced stricter measures to enhance the resilience of financial institutions.
One such measure was the Basel III framework developed by the Basel Committee on Banking Supervision. Basel III proposed comprehensive reforms to improve the regulation, supervision, and risk management of the banking sector.
These measures aim to enhance the banking sector's ability to absorb shocks from financial and economic stress, thereby reducing the risk of systemic crises.
In the cryptocurrency world, a parallel concept known as Proof of Reserves (PoR) audits has emerged to promote transparency and trust within digital asset platforms. PoR audits are cryptographic verifications used to confirm whether cryptocurrency exchanges or custodians genuinely hold the assets they claim to represent on behalf of users.
These cryptographic audits, which utilize Merkle trees and on-chain verification, act as a transparency mechanism in cryptocurrency. The primary goal is to provide assurance that these platforms are solvent and can meet customer withdrawal demands. Some audits provide reserves equivalent to USD, while others report in major cryptocurrencies like Bitcoin and Ethereum.
PoR audits use cryptographic methods such as Merkle trees to verify that exchanges hold sufficient assets to cover user deposits, but they do not prove solvency, as they do not account for hidden liabilities.
These audits aim to verify that cryptocurrency exchanges and custodians actually hold the assets they claim to represent on behalf of users. The process typically begins with asset verification, where platforms disclose wallet addresses or use cryptographic proofs (like Merkle trees) to confirm holdings without revealing sensitive account details.
Merkle trees allow user balances to be hashed and aggregated into a single "root node" (Merkle root), which auditors and users can independently verify. Additionally, third-party auditors may be involved in assessing whether the reserves of an exchange match its reported holdings. Meanwhile, customer liability verification ensures that total deposits do not exceed available reserves, enhancing the credibility of the exchange's financial condition.
While traditional PoR audits rely on Merkle trees, they have limitations, such as the inability to prove solvency (i.e., whether the exchange has hidden liabilities or unpaid loans). To address this issue, zero-knowledge proofs (ZK-proofs) are being explored as a more private and secure method of reserve verification.
Zero-knowledge (ZK) proofs provide a more advanced solution, allowing exchanges to mathematically prove they have sufficient reserves without disclosing sensitive data, paving the way for solvency proof audits.
ZK-proof-based PoR systems can allow exchanges to mathematically prove their reserves exceed their liabilities without revealing individual account balances or wallet addresses. This eliminates the risk of exposing sensitive user data while still providing strong cryptographic assurances that the exchange is solvent. Some blockchain projects and exchanges are experimenting with using ZK proofs for PoR, but adoption is still in its early stages.
Ultimately, PoR audits are a key step toward improving transparency in the crypto market, especially following the collapse of exchanges like FTX that misrepresented their reserves. By combining Merkle trees with ZK proofs, the industry can move toward solvency proof audits that not only verify reserves but also ensure that exchanges do not have undisclosed debts.
Here are the differences between Merkle tree-based PoR and zero-knowledge proof-based PoR:
Comparison of Merkle tree PoR and zero-knowledge proof PoR
If widely adopted, these methods could enhance trust in centralized exchanges (CEX) while maintaining user privacy, providing a regulatory-friendly yet decentralized approach to crypto financial accountability.
Here is a list of exchanges and their PoR audit details.
Did you know? After being hacked in February 2025, Bybit underwent a comprehensive PoR audit conducted by cybersecurity firm Hacken. This audit confirmed that Bybit's held assets fully covered user liabilities, maintaining a 1:1 ratio for all assets within the audit scope. The audit included a thorough verification of wallets containing 40 different asset types, ensuring transparency and security for all users.
Coinbase's cbBTC is a token that represents Bitcoin on-chain 1:1, fully backed by an equivalent amount of Bitcoin held in custody by Coinbase. By wrapping BTC into cbBTC, users can interact with decentralized applications (DApps) and various blockchains (such as Ethereum, Solana, and Base) while retaining the value of their Bitcoin.
Coinbase uses PoR to ensure transparency and verify that the wrapped cbBTC tokens are fully backed by actual Bitcoin reserves held by Coinbase. PoR audits confirm that Coinbase holds enough Bitcoin in its reserves to support all issued cbBTC, maintaining trust and security for users wrapping or redeeming Bitcoin.
cbBTC is available to Coinbase customers with verified accounts in specific regions, including the United States (excluding New York), the United Kingdom, the European Economic Area (EEA), Australia, Singapore, and Brazil. Additionally, users can access cbBTC through the Coinbase wallet or other third-party exchanges that support it.
Did you know? While Coinbase provides transparency through PoR, as Coinbase clarifies, wrapping or unwrapping cbBTC does not constitute a taxable event for the IRS. However, you should consult a tax professional for personalized guidance.
While Proof of Reserves audits verify the assets held by exchanges, they fail to consider liabilities, creating a false sense of security. Moreover, PoR audits are merely snapshots and lack real-time oversight.
This was precisely the key issue with FTX, which falsely portrayed itself as solvent by showcasing its assets without disclosing massive liabilities owed to creditors and users. Without concurrent Proof of Liabilities (PoL) audits, exchanges may appear well-capitalized while being deeply insolvent. For this process to be fully effective, both assets and liabilities need to be included in the assessment.
For example, Binance faced criticism when it released its first PoR audit in December 2022, as it was a one-time report rather than a real-time solvency check. Unlike traditional finance, where banks undergo continuous regulatory scrutiny and stress testing, crypto PoR audits lack ongoing oversight, leaving room for manipulation during the audit period. Some companies, like Nexo, introduced real-time PoR in 2021 but discontinued the service in 2024 because their auditors could no longer support this capability.
One example is Mazars Group, an auditing firm that conducted PoR reports for Binance and Crypto.com in 2022. It later withdrew from providing crypto audit services, citing concerns about the reliability of the process. This incident highlights the industry's need for a more robust, independent, and standardized auditing framework to ensure that PoR audits genuinely reflect the financial health of exchanges, rather than merely serving as a public relations tool.
PoR is a good step in the right direction. It is not perfect, but there is no need to let perfection be the enemy of progress. Many recent developments in the cryptocurrency industry look promising, and PoR can serve not only native crypto assets but also assist when traditional financial assets and liabilities are tokenized.
In its ideal form, PoR should be used to assess the solvency of any counterparty, whether in decentralized finance (DeFi), centralized finance (CeFi), or traditional finance (TradFi), making the future of finance more robust and reliable through its implementation.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
