When trust dies mistrust blossoms: Is Proof of Reserves a step towards rebuilding industry trust?

When trust dies mistrust blossoms: Is Proof of Reserves a step towards rebuilding industry trust?

While the recent arrest of FTX founder Sam Bankman-Fried is the first major move in holding to account those responsible for the USD 8 billion meltdown, joint efforts to rebuild trust in the industry may need to be more than just a screenshot.

Blockchain is transparency. It powers traceable and immutable transactions. So, shouldn’t it allow users to trade crypto with complete trust?

If you are a blockchain user, the answer is yes. But this does not hold true for most cryptocurrencies and tokens, which – for the most part – are traded on centralised cryptocurrency exchanges (CEXs).

CEXs provide millions of users with access to cryptocurrencies. They act as exceptional fiat on-/off-ramps that allow users to cash in or out of the market with ease. But there is a trade-off. Users forgo the use of blockchain when trading on a CEX and by extension, the transparency and security of those trades. Moreover, if users store their assets on a CEX, they relinquish full control of how they are stored and managed.

Still, thanks to their ease of use to the average investor, their growth has skyrocketed. Some are now responsible for managing billions of dollars in customer funds, but many lack the necessary infrastructures to govern such growth. For others, their opacity has led to several bouts of abuse, endless collateral rehypothecation and poor business decisions.

Although they may once have been perceived as the future of trading, CEXs are just as centralised and opaque – if not more so – than their traditional stock market counterparts – the bankruptcy of FTX being the most recent evidence of this obscurity.

On 8 November[1], in attempt to win back the public trust, the CEO of Binance Changpeng Zhao ‘CZ’ proposed a method called Proof of Reserves (PoR). Many exchanges embraced the approach, but a lot of critics were quick to point out its flaws.

Some of the new VC entrants ended up with less competitive deals at often historically high valuations and may not have exercised a high level of due diligence. While the downturn will cause weaker projects to fail, the economics for crypto VC investments have improved as previously stretched valuations have become more attractive, and the balance of power shifted back towards investors and away from fighting for access to deals.

Bear markets have historically been a fertile ground for VC investing because the demand for innovation to address bottlenecks and impediments is strong, it is easier to hire talent, the pressures of the bear market encourage focus, endeavour and financial discipline and the entry points for investors are lower. The bear market of 2014–5 spawned tremendous innovation, including projects like Ethereum and the Crypto Winter of 2018–9 was the period when dozens of the 2021 unicorns were seeded.

Strong, well-funded crypto venture capital companies welcome downturns and most of them are excited about the current opportunities.

Solving or sugar-coating a bigger problem?

PoR is a verification method where a CEX can publicly attest to its reserves.

Preferably, this method should be conducted by an independent auditor who would take a cryptographic snapshot of all account balances and aggregate them into a Merkle tree: a privacy-friendly tool that combines all user balances into a single hash or a ‘root’. This root acts as a ‘cryptographic seal’ that verifies all user balances.

Then, the auditor obtains digital signatures generated by the owners of the CEX to prove they control the wallets holding the assets. If the balances match, the auditor can confirm its reserves.

There are a few benefits to this method like the cryptographic hash function that makes the data in the snapshot immutable and anonymous. It is also inexpensive and suitable for frequent low-cost use.

But a cryptographic snapshot is still just a snapshot

PoR may sound appealing to the average user, but several matters seem to create a false sense of security. Here’s why.

  • The method’s inherent opacity – If a CEX wishes to fake its reserves, it has a lot of legroom to do so. A cryptographic snapshot of balances is just that: a snapshot. It does not prove a CEX’s balances in real-time and so it can be susceptible to manipulation

    For instance, a CEX can receive funds from another entity just in time for the audit, but it can return the assets once the snapshot has been produced and verified. This concern was revealed when Crypto.com sent USD 400 m worth of Ether (ETH) to another CEX: Gate.io, who returned most of the funds within a week. Gate.io CEO Kris Marszalek said the transfer was a ‘mistake’ and insisted it was supposed to be sent to a cold storage address[2].
  • Illiquid and worthless tokens as reserves – A PoR audit does not include any information on the quality and liquidity of the crypto assets used as reserves. This is why FTX collapsed. The now-defunct exchange could not cover user assets on a 1:1 basis, as its reserves consisted mostly of its uncollateralised token, FTT. This was covered up with creative accounting to artificially inflate its balance sheet but when customers lost trust in the exchange, its main reserve token plummeted[3], and its reserves were wiped out entirely. Strong cryptocurrencies like Bitcoin (BTC) and Ether (ETH), or regulated, fiat-backed stablecoins like USD Coin (USDC) and Paxos Standard (PAX) should only be used as reserves.
  • Proof of Reserves does not prove solvency – A snapshot of reserves cannot be mistaken for proof of solvency, as most audits do not account for liabilities and off-chain assets. If a CEX does not disclose its liabilities, how can it disclose its true solvency risk? This vagueness can lead to a dangerously false sense of security.

    Ideally, a CEX would provide proof of its reserves (assets) and liabilities (owed to customers). If a CEX holds more reserves than its liabilities, the auditor can confirm its solvency.

Encouraging good business practices

Several credible CEXs have published their proof of reserves and liabilities, such as Kraken and Coinbase, but the latter already is a highly regulated publicly traded company.

What should be encouraged, for the time being, is voluntary transparency by those that operate within muddy waters and weak jurisdictions. For them, a PoR audit is a step in the right direction, but their lack of transparency and regulatory oversight will continue to raise red flags.

This is because they are not decentralised, meaning they are not trustless like blockchain systems. They are private, opaque, centralised entities.

Currently, fully regulated entities are the most trusted

Currently, fully regulated entities are the most trusted

A PoR audit may provide some customer assurance in terms of liquidity, but without an independent auditor or without disclosing its liabilities, any cryptographic snapshot should be rendered useless.

“The only ones that can be trusted to a degree are fully regulated, onshore banking licence holders that undergo regular, complete audits from known independent firms,” said Spool.fi’s core contributor, Philipp Zimmerer.

To put it bluntly, operating in a strong jurisdiction is – for now – the best standard to justify trust in a CEX. Jurisdictions like Switzerland – where regulatory clarity is long established – can provide a CEX with a strong legal base and allows customers to invest in cryptocurrencies with legal certainty. In other words, a CEX is held accountable for its actions.

Trust in those that will keep you safe

As a trusted, regulated crypto bank, Sygnum operates in one of the most advanced crypto-friendly financial market infrastructures in the world. We are subject to regulatory obligations that strengthen investor protection, business conduct rules and transparency for clients.

When FTX collapsed, customers looked to store their crypto assets in a safe haven. In November alone, our customers consolidated an additional USD 550 million worth of crypto assets into Sygnum. This demonstrates the trust our clients have in us, and it is why we continue to push our modus operandi: ‘Future has Heritage’, which is the creed that guides us in stabilising and future-proofing a safe and secure crypto ecosystem for all.


Learn more about digital asset banking at Sygnum here.

[1] CZ Binance tweet, November 8, 2022.

[2] Crypto.com Recovery 400 million after misplaced ether eth transfer, Bloomberg, November 13, 2022.

[3] What happened to FTX, Forbes, December 13, 2022.

This document is purely for educational purposes and has been issued by Sygnum Group. It is not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful to address such a marketing communication. It does not constitute an offer or a recommendation to subscribe, purchase, sell or hold any security or financial instrument. It contains the opinions of Sygnum Group, as at the date of issue. These opinions and the information contained herein do not take into account an individual‘s specific circumstances, objectives, or needs. No representation is made that any investment or strategy is suitable or appropriate to individual circumstances or that any investment or strategy constitutes personalized investment advice to any investor. Therefore, you must verify the above and all other information provided in the document or otherwise review it with your external advisors. Some investment products and services, including custody, may be subject to legal restrictions or may not be available worldwide on an unrestricted basis. The information and analysis contained herein are based on sources considered as reliable. Sygnum Group uses its best efforts to ensure the timeliness, accuracy, and comprehensiveness of the information contained in this document. Nevertheless, all information indicated herein may change without notice.

Read next article

Local restrictions – Provision of cross-border services

It looks like you are using a computer with an IP address located outside of Switzerland.
If you are located in Switzerland, please click “Continue” to access the Sygnum Bank AG (Sygnum) website.

If you are not located in Switzerland, please read below.

This website and the information contained herein are addressed solely to persons residing or domiciled in Switzerland.

Sygnum is a regulated bank supervised by the Swiss Market Financial Authority (FINMA). The products and services on this website are authorised in Switzerland. Sygnum cannot promote its products and services in other countries where it is not authorised by the supervisory authority of that country to do so.

If you click on “Continue” to visit this website, you confirm that you have read and understood the above and you are visiting this website on your own initiative without any active promotion or solicitation from Sygnum.

Investor qualification

The following content is available to qualified investors. Please confirm your details below to visit this page, or please see our other digital asset updates here.

Security alert

Stay alert to fraudulent communications. Sygnum will never post messages on social media or private messaging applications regarding e-banking access or logins. If you have concerns, contact us.