According to Powell, a complete proof-of-reserve audit must include the sum of client liabilities, user-verifiable cryptographic proof that each account was included in the sum and signatures proving the custodian’s control over the wallets.
The collapse of the crypto exchange FTX revealed the importance of proof-of-reserves in avoiding situations involving the misappropriation of users’ funds. While exchanges have proactively started sharing wallet addresses to prove the existence of users’ funds, several entrepreneurs, including Kraken CEO and co-founder Jesse Powell, called the practice “pointless” as exchanges fail to include liabilities.
According to Powell, a complete proof-of-reserve audit must include the sum of client liabilities, user-verifiable cryptographic proof that each account was included in the sum and signatures proving the custodian’s control over the wallets. While Kraken’s proof-of-reserve does allow verification of assets against the company’s liabilities, Powell continues to call out other players that have missed out on including accounts with negative balances.
I’m sorry but no. This is not PoR. This is either ignorance or intentional misrepresentation.
The merkle tree is just hand wavey bullshit without an auditor to make sure you didn’t include accounts with negative balances. The statement of assets is pointless without liabilities. https://t.co/b5KSr2XKLB
— Jesse Powell (@jespow) November 25, 2022
Powell called out CoinMarketCap in the past for sharing an incomplete proof-of-reserves as it lacked “cryptographic proof of client balances and wallet control.” He reiterated that reserves are not the list of wallets but assets minus liabilities.
Binance’s recently released proof-of-reserves system allows users to verify their assets using a Merkle tree. However, Powell shared his displeasure as the system failed to include accounts with negative balances, stating that:
“The whole point of this is to understand whether an exchange has more crypto in its custody than it owes to clients. Putting a hash on a row ID is worthless without everything else.”
Moreover, he asked the media and journalists to refrain from “overselling it and misleading consumers.” Instead, he recommended they take the time to understand the motive behind proof-of-reserves.
On the other hand, few community members refuted Powell’s need for a trusted auditor.
In this instance, the best-case scenario would be building a system that does not allow crypto exchanges to withdraw a depositor’s funds without consent.