Crypto custodians use Proof of Reserves (PoR) audits to show they’re holding users' funds in full. Binance conducts and publicly publishes internal audits, whereupon third-party auditors help to verify them using cryptographic techniques to prove users’ funds are securely held in company reserves. Binance users can also independently verify that their account balances are included in these audits.
Blockchain technology-enabled cryptographic proofs facilitate transparency of crypto exchanges’ financial transactions. Proof of Reserves (PoR) further increases this transparency by creating an authorized framework for auditing crypto custodians.
However, while it's one step forward, PoR still needs improvements to make the ecosystem more transparent and trustworthy.
What is Proof of Reserves (PoR)?
A PoR audit is one that aims to ensure that custodians are holding their clients’ funds in full. Custodial businesses in cryptocurrency use PoR audits to prove to depositors and the public that their deposits match their balances. These audits are conducted by independent third parties to eliminate the possibility of reserve data being falsified.
PoR is essential for several reasons. Firstly, it enables users to verify that the balances they hold on a cryptocurrency exchange, for instance, have absolute asset backing. Secondly, it drives businesses to meet transparency standards, making it difficult for them to engage in questionable or illegal financial activity.
Ideally, PoR should benefit both users and businesses. It protects users by minimizing security risks and safeguarding against harmful players. At the same time, it helps businesses retain users by increasing their trustworthiness.
The ability to audit crypto exchanges creates a more transparent crypto ecosystem. For example, PoR prevents exchanges from acting as banks that loan deposited assets to third parties.
Similarly, exchanges can't use deposits to invest in other protocols or businesses. In other words, PoR eliminates the risk of companies maximizing the yield and other possible returns from customer asset holdings.
With PoR, any entity can prove that a crypto exchange holds the entirety of its users’ deposits. Therefore, exchanges are naturally encouraged not to mishandle these balances as it would break user trust in them and affect their continuity.
What does PoR verification do?
In PoR verification, the auditor verifies the inclusion of each account’s balance using cryptography. There are a few key steps as to how this works.
Firstly, the auditor takes a snapshot of all account balances. It then converts the fund data to a Merkle tree, which is used to structure large amounts of data for more straightforward processing.
User balance data is hashed into a "leaf". A group of these "leaves" are then hashed to form a "branch", and a group of "branches" are hashed to form the "root".
Next, the auditor can use various methods to verify ownership of the user address. On Binance, for example, an auditor has three ways to identify ownership. When the extraction process for this information is run by the exchange, it is also verified by the auditors.
Cryptographic message signing: An auditor will provide the exchange a unique message to cryptographically sign using their associated private key(s).
Instructed movement of funds: The exchange is tasked with performing an “instructed movement of funds”, where the management will move a specific amount from a public key/address on a specific time and obtain the transactional hash to verify the instructed transaction on the respective blockchain.
Search addresses on a blockchain explorer: The auditor can also search the ETH and BSC (in the case of Binance) address(es) on Etherscan and BscScan, respectively to ensure that the addresses have been tagged as belonging to the exchange.
If the balances match from these forms of discovery, the exchange has verified PoR and shown that it holds all deposited assets in totality.
PoR: Limitations and potential improvements
A crypto exchange’s balances change as users move their assets in and out. The issue with PoR is that it verifies the correctness of reserve balances only at the specified time of the audit. This can be problematic because any issues may appear too late and a custodian may even use this opportunity to obscure facts.
It is also important to note that third-party businesses conduct the audits, which means audit results may depend on each auditor's competence or whether they’re influenced by outside interests.
But how can a crypto exchange improve its PoR audits to build and maintain users’ trust? It can start by shortening the intervals between audits to ensure there are no suspicious financial activities between cycles. An exchange could also use a reputable third-party firm with no financial interest in it or its related bodies.
Crypto exchanges use PoR to offer more transparency, which is essential during financial turbulence. Because it uses mathematics and cryptography instead of merely trust and communication like the traditional banking system does, blockchain technology can offer an even better way to audit the financial market.
Verifying that your account has been audited
You can also verify the inclusion of your Binance account in the last PoR audit yourself. Simply follow the instructions below.
Log into your Binance account and bring your cursor to "Wallet." Next, select the "Audits" tab.
You will see all the recent audits in which your account balance was verified by the PoR process.
Select a specific audit for which you want more information. There, you can also download the Merkle tree.
You can access a PoR audit to see if a crypto custodian holds the entire reserves of your and other users' funds. The audits should deter crypto exchanges from mismanaging user funds and help improve transparency in the crypto space.
PoR is the first step to regaining and maintaining the trust of the crypto users. Furthermore, it sets more requirements for exchanges, which will hopefully make user funds a priority and make the industry safer and more transparent for all.