Proof of Reserves and Exchange Transparency

The collapse of FTX in November 2022 — which revealed that approximately $8 billion in customer funds had been misappropriated while the exchange maintained a facade of solvency — fundamentally changed the conversation about exchange transparency. Within days of FTX's collapse, Binance CEO Changpeng Zhao published a commitment to publish proof of reserves for all exchanges. Within weeks, most major exchanges had published some form of reserves data. But what does "proof of reserves" actually prove — and what are its limitations?

What Proof of Reserves Is Supposed to Prove

Proof of Reserves (PoR) aims to demonstrate two things: (1) the exchange controls sufficient crypto assets to cover all customer liabilities — i.e., if every customer demanded withdrawal simultaneously, the exchange could honour all requests; and (2) your specific account balance is included in the published liability set — you can verify that you personally are not excluded from the attestation.

Proving this cryptographically requires solving two distinct problems: proving that the exchange controls claimed assets (an on-chain proof), and proving that the sum of all customer balances equals the claimed liability figure without revealing individual account details (a privacy-preserving liability proof). Both are necessary — assets without liability proof means the exchange might be claiming assets against inflated or phantom liabilities; liabilities without asset proof is just a spreadsheet.

How Merkle Tree Proof of Reserves Works

The most widely deployed PoR method uses a cryptographic Merkle tree to prove liability totals while allowing individual users to verify their inclusion. The process works as follows:

First, the exchange creates a data set of all customer account balances (hashed for privacy) as the leaf nodes of a Merkle tree. Each leaf contains: an anonymised account identifier (e.g., hashed email) and the account's balance for each supported asset. Parent nodes in the tree contain the sum of balances of their children and a hash combining both children's hashes. The root of the tree — a single hash — commits to the aggregate of all customer balances without revealing any individual account details.

To verify inclusion, each customer receives their own leaf data and the "Merkle path" — the set of sibling hashes needed to recompute the tree from their leaf to the root. By following this path, the user can independently verify that their leaf (their balance) is included in the tree that the exchange committed to. If the root hash you compute from your Merkle path matches the published root, your balance is included.

Kraken pioneered this approach and open-sourced the tooling. Binance, OKX, Bybit, and others adopted it after FTX. Users with accounts on these exchanges can download their proof and verify it using the exchange's provided tool or an open-source implementation.

What Proof of Reserves Does NOT Prove

The critical limitation: PoR only proves a snapshot in time. An exchange could move assets to their published wallet addresses immediately before the snapshot, publish the PoR, and move those assets out again. Without continuous attestation or real-time on-chain monitoring, the PoR snapshot doesn't guarantee the assets are still there. This limitation is not theoretical — some exchanges have been criticised for borrowing assets from counterparties immediately before PoR snapshots.

More fundamentally, PoR proves assets exceed liabilities — but only for the on-chain assets explicitly included. If the exchange has significant liabilities not included in the Merkle tree (off-chain obligations, borrowed assets that net out as zero, undisclosed derivative positions), the PoR can show apparent solvency while genuine insolvency exists. FTX's balance sheet, had a PoR been conducted, might have appeared solvent due to the inclusion of self-issued FTT tokens as "assets" against real customer liabilities.

Additionally, most exchange PoRs are self-attested or audited by small firms — not the Big Four accounting firms that perform rigorous financial audits. Without independent auditor access to exchange operational systems, trading books, and legal entities, the attestation is limited in scope.

Full Reserve vs Fractional Reserve

A PoR showing 100% reserves means the exchange holds exactly the assets customers believe they hold — no rehypothecation, no lending of customer funds, no fractional reserve banking practices. A PoR showing 110% or higher indicates over-collateralisation — the exchange has more assets than liabilities, providing a safety buffer. A PoR showing 90% would indicate the exchange cannot fully honour all withdrawals — every published PoR should be at or above 100%.

The existence of PoR doesn't tell you whether the exchange is rehypothecating assets for yield or lending purposes between snapshots. An exchange could technically hold 100% reserves at snapshot time while running a fractional reserve between attestations. Avoiding this requires more continuous monitoring — which is why on-chain wallet tracking services that continuously monitor major exchange cold and hot wallet balances provide additional assurance beyond point-in-time PoR.

On-Chain Monitoring as Continuous PoR

Services like Nansen, Arkham Intelligence, and CryptoQuant continuously track known exchange wallet addresses, providing real-time visibility into exchange holdings beyond quarterly or annual PoR attestations. When an exchange's on-chain holdings decline significantly between PoR snapshots, these monitoring tools can detect it — providing early warning signals analogous to what on-chain analysts spotted in the weeks before FTX's collapse (large BTC and ETH outflows from FTX wallets were visible on-chain before the public announcement of problems).

Combining formal PoR attestations with continuous on-chain monitoring provides the most comprehensive picture of exchange solvency currently available. Neither alone is sufficient; together they provide reasonable confidence in an exchange's solvency posture — though neither is equivalent to the regulatory oversight and deposit insurance that protects traditional bank depositors.

Best Practices for Users

Check that your exchange publishes periodic Merkle tree PoR attestations and verify your own inclusion using the provided tool. Compare the reserve ratio (assets / liabilities) — it should exceed 100% for all assets. Cross-check on-chain wallet balances via Nansen or CryptoQuant against published reserve figures. Avoid maintaining large balances on exchanges that don't publish PoR data. The "not your keys, not your coins" principle remains the strongest protection: hardware wallet self-custody eliminates exchange insolvency risk entirely for funds you can afford to self-custody.

Related topics: crypto tools.