Proof of reserves is proof of nothing

Proof of reserves is all the rage on crypto platforms. The idea is that if the platform can prove to its customers' satisfaction that their deposits are fully matched by equivalent assets on the platform, their deposits are safe. And if the mechanism they use to prove this uses crypto technology, that's even better.  Crypto tech solutions have surely got to be much more reliable than traditional financial accounts and audits - after all, FTX passed a U.S. GAAP audit

No, they aren't. Proof of reserves as done by exchanges like Binance does not prove that customer deposits are safe. It is smoke and mirrors to fool prospective punters into relinquishing their money, just like claims that exchanges and platforms are "audited" or have "insurance". There are no audits in the crypto world, there is no insurance, and as I shall explain, proof of reserves proves absolutely nothing.

The biggest crypto exchange, Binance, uses a Merkle tree proof of reserves. Here's how it describes it:

A Merkle Tree is a cryptographic tool that enables the consolidation of large amounts of data into a single hash. This single hash, called a Merkle Root, acts as a cryptographic seal that “summarizes” all the inputted data. Additionally, Merkle Trees give users the ability to verify specific contents that were included within a particular set of “sealed” data. We use these properties of Merkle Trees during our Proof of Reserves assessments to verify individual user accounts are included within the liabilities report inspected by the auditor.

And here's a handy graphic showing how the hashing works: 

Of course, adding up balances doesn't need crypto technology. You can do that on an Excel spreadsheet. So the clever bit here is the hashing. This "seals" the numbers so that they can't be  amended. So far, so good. But what does it prove? 

It is supposed to prove that the assets in Binance's own wallets are sufficient to cover the total balance in all customer wallets. For any given asset, if the total in the Binance wallet is equal to or greater than the total in all customer wallets, then this proves those customer deposits are "fully reserved". It doesn't prove any such thing, of course - but we'll come to that shortly. 

Binance also provides a facility for customers to verify whether Binance's proof of reserves includes their individual deposits. This is how it works:

Log in to the Binance Website
-> Click on “Wallet”
-> Click on “Verification”
You will be able to find your Merkle Leaf and Record ID within the page.

Select the verification date you want to check. You will then find confirmation of the verification type, your Record ID (specific to your account and this particular verification), the assets that were covered, and your asset balances at the time of the verification.
The Record ID/Merkle Leaf enables you to independently verify that your account balance was included by the third-party auditor’s attestation report.

Eh, what's that? A third-party auditor's attestation? Where?

In November 2022, Binance employed the auditor Mazars to conduct a Merkle tree "proof of reserves" for Bitcoin (BTC) and its "wrapped" (derivative) versions BBTC and BTCB running on the BTC, ETH, BSC and BNB blockchains. The asset balance reported by Mazars was a pitiful $582,486 - a tiny proportion of the total asset balance of $69 billion Binance had reported only a couple of weeks before. It was also less than the total customer balances for the BTC assets, but Binance fudged that by instructing Mazars to include in its scope assets that customers had borrowed against collateral that was out of scope:

We found that Binance was 97% collateralized without taking into account the Out-Of-Scope Assets pledged by customers as collateral for the In-Scope-Assets lent through the margin and loans service offering resulting in negative balances on the Customer Liability Report. With the inclusion of In-Scope Assets lent to customers through margin and loans which are overcollateralized by Out-Of-Scope Assets, we found that Binance was 101% collateralized.

Mazar's proof of reserves showed that Binance had sufficient nominal reserves in dollar terms to enable all customers to withdraw their deposits of BTC and its derivatives. But the reserve mix was different from that of the customer balances and included assets of unknown value and liquidity pledged by customers as collateral: 

Clearly, if all customers had tried to withdraw their BTC and derivative balances at the same time, Binance would not have been able to honour those requests. 

And there is another problem. Proof of reserves is useless without proof of liabilities. For all we know, Binance has used the BTC and derivatives in its wallet as collateral against other borrowing. If it has, then the lenders, not Binance's depositors, have first claim on those assets. Binance's CEO, Changpeng Zhao, insisted on Twitter that Binance has no debt, but he has provided no proof and says proof of liabilities is "hard". Clearly, customer deposits aren't Binance's only liabilities. Until Binance discloses its other liabilities, we simply do not know whether the assets disclosed in Mazars' limited "proof of reserves" are available for distribution to customers, whether to honour withdrawal requests or in the event of insolvency

Without proof of liabilities, we do not know if the company is even solvent. Of course, a proof of liabilities combined with a proof of assets is a balance sheet. Maybe there's some merit in traditional financial accounts after all? 

Despite the limitations of Mazars' proof of reserves, word spread that it proved customers' BTC holdings on Binance were fully reserved. Worse, it became conflated with Binance's earlier publication of its wallet balances, which Binance had misleadingly called "proof of reserves", In December, no doubt concerned that its work was being misinterpreted to mean that all customer assets on Binance were safe when they plainly were not, Mazars stepped down as auditor.

Mazars' proof is no longer available on Binance's website, and Binance has so far been unable to find another reputable auditor willing to undertake a proof of reserves. It is even struggling to find an auditor willing to perform a traditional audit. 

Characteristically, senior managers at Binance blame ignorance of crypto among auditors for the company's inability to recruit a replacement for Mazars. But really, the problem is that Binance's marketing heavily depends on the company not disclosing its true financial position. And this in turn relies on crypto people not understanding what "fully reserved" really means. 

In the banking world, we have now, after many years of confusion, broadly reached agreement that the term "reserves" specifically means the liquidity that banks need to settle deposit withdrawals and make payments. This liquidity is narrowly defined as central bank deposits and physical currency - what is usually known as "base money" or M0, and we could perhaps also (though, strictly speaking, incorrectly) deem "cash". "Fully reserved" means the bank holds sufficient M0 to enable all customers to withdraw their deposits simultaneously. It's sometimes called "narrow banking". 

Anything other than this is "fractionally reserved" because only a fraction of depositors can withdraw their deposits simultaneously. High-quality liquid assets (HQLA) such as US Treasury bills can't be used to settle retail deposit withdrawals, so are not included in the definition of "reserves". So a bank that is holding sufficient HQLA to cover all customer deposits is still fractionally reserved unless the HQLA consists entirely of central bank deposits and physical cash. 

Unfortunately this is widely misunderstood, especially in cryptoland. Crypto people complain that traditional banks don't have 100% cash backing for their deposits, then claim stablecoins, exchanges and crypto lenders are "fully reserved" even if their assets consist largely of illiquid loans and securities. But this is actually what the asset base of traditional banks looks like. 

Most, if not all, crypto exchanges and platforms are fractionally reserved like traditional banks. They do not hold sufficient cash and tokens to enable all customers to withdraw their deposits simultaneously. This does not necessarily mean they are insolvent - but it does raise the risk of liquidity crises.

Investment firms that offer their customers the right to withdraw their investments on demand have similar liquidity needs to those of banks. These firms have limited access to central bank reserves (though the Fed's overnight reverse repo facility allows some of them to deposit funds at the central bank), and they don't tend to keep much in the way of physical currency. So for them, "reserves" means what banks would call HQLA - cash in bank deposit accounts, and short-term high-quality liquid assets such as treasury bills and commercial paper. Money market mutual funds are supposed to maintain sufficient reserves of this kind to allow 100% of investors to withdraw their money without the net asset value (NAV) falling below par - what is known as "breaking the buck". In 2008, Reserve Primary MMMF triggered a money market meltdown when it "broke the buck" and investors rushed to withdraw their money from money market funds. 

In cryptoland, reserves are usually described in two ways: as the "backing" for crypto assets such as stablecoins that are pegged at par to a fiat currency such as the US dollar, or the "backing" for crypto assets held on customers' behalf by a exchange or platform. These are not the same thing.

Stablecoin issuers aren't banks, so don't have access to central bank deposit accounts. But they need fiat cash or HQLA "backing" to maintain their pegs, even if they restrict redemptions (as Tether does, for example). So for them, the MMMF definition of "reserves" is perhaps the closest - though Tether's attestations conflate the reserves needed to "back" its stablecoins with the company's total assets. A fully reserved stablecoin issuer should hold sufficient cash in FDIC-insured bank accounts and short-term highly liquid safe assets such as Treasury bills to enable all stablecoins to be redeemed simultaneously. If its reserves consist of anything else, it is fractionally reserved and at risk of liquidity crisis.

However, neither the MMMF definition nor the banking definition really works for crypto exchanges like Binance, nor for lending platforms like Celsius. Customer deposits on crypto exchanges and lending platforms are a wild mix of cryptocurrencies, stablecoins, derivatives and other tokens. So reserves consisting of 100% fiat cash and T-bills would be exposed to enormous foreign exchange and liquidity risk. 

To be fully reserved, Binance needs to hold the exact same quantity and mix of crypto assets as its customers have deposited. If there is any mismatch, even temporarily, it is fractionally reserved. And if the reserve assets are encumbered in any way, it is also fractionally reserved. 

Proving Binance was fully reserved at all times across all assets would be a formidable undertaking. Even Mazars' limited proof of reserves covering BTC and two derivatives on four blockchains failed to prove that Binance was holding the same quantity and mix of assets as its customer balances. A full proof of reserves would need to cover every coin traded on Binance, with its derivatives, on every blockchain supported by Binance. I frankly doubt if any exchange, let alone an external auditor, is capable of proving a reserve position as complex as this. And that's before we even get to proof of liabilities.

U.S. regulators are on a mission to force crypto companies to protect their customers' assets properly. In March 2022, the SEC published new accounting guidance that aimed to ensure crypto exchanges and platforms maintained full reserves across the entire asset mix. SAB 121 advises crypto exchanges and platforms to record "safeguarding" liabilities and corresponding assets. And it requires any losses due to mismatches between the safeguarding liabilities and assets to be borne by the exchange or platform, not its customers. These safeguarding assets are the exchange or platform's "reserves".

But the SEC's guidance is at present voluntary and hardly any exchanges even try to comply with it, no doubt because it is really, really difficult and the company's profits are at risk. Instead, exchanges and platforms are rushing to implement crypto-tech "proof of reserves" gimmicks that are proof of nothing at all. There's no such thing as "fully reserved" in cryptoland. Whatever the snake oil sellers told you, your deposits are fully at risk and you can lose all your money

Related reading:

Why Coinbase's balance sheet has massively inflated

A Binance stablecoin wasn't always fully backed - Coindesk

After FTX: explaining the difference between liquidity and solvency - Coindesk

Image from Wikihow, with thanks


Popular posts from this blog

The sinking of Voyager

What was the real reason for the Bank of England's gilt market intervention?

The FTX-Alameda nexus