How crypto companies can provide proof of reserves

Tl;dr: As a public company, Coinbase already proves our reserves using our audited financial statements. We're also exploring various novel ways to prove reserves using more crypto native methods and are announcing a $500k developer grant program to encourage others to do so as well. On-chain accounting is the future, but as we discuss in this post, there are pros and cons to the various ways this can be implemented today.

By Philip Martin

Company

, November 25, 2022

Coinbase Blog

Millions of people recently put their money and trust into FTX and were taken advantage of. This should never have happened. The resulting fallout has caused some crypto firms to struggle with liquidity, which has sparked a needed discussion regarding proof of reserves and the liabilities of a crypto exchange.

Proof of reserves is a way to verify that a platform holds enough assets to match their users’ deposits. That way, if a user wants to withdraw their assets, they know they’ll actually get them back.

There are several complementary ways of proving reserves and liabilities of a crypto exchange — from more traditional to more advanced. Different approaches provide different types of assurance.

As a public company with audited financials, Coinbase already has the traditional approach in place. What you may not know is that this method also uses cryptographic proofs in some ways. Our financials are subject to quarterly external auditor review, and we also file annual audited financial statements with the SEC. When external auditors come in to look at our cold storage reserves, they randomly sample addresses that we claim to own, and require us to move those funds to demonstrate ownership, going through our key signing ceremony. Starting in the second quarter of this year with the effectiveness of SAB 121, we were also required to account for crypto assets held for our customers as liabilities and assets explicitly on our balance sheet. 

Importantly, independent external audits don’t just make sure we hold the crypto we say we do. They also tell the story of how those numbers came to be — and attempt to unearth issues that might otherwise go undetected until it’s too late. They also test and obtain evidence of how our controls work — including how our hot and cold storage operate. This is the most mature form of financial audit out there today, with a large number of public companies who have gone through it.

That said, this is cryptocurrency. Our ideal is a distributed, trustless system. So how do we get from here to there? The entire cryptocurrency space is based on cryptographic verification. As a user, if you hold private keys locally, you can verify your funds yourself — no auditor needed. For a custodian like Coinbase, the ideal approach would be to help you verify the presence of your funds even when you don’t hold the private key directly. How could we go about this? Here are a few techniques, in rough order from least to most desirable:

  • Self-attested proof-of-reserve (PoR). Also known as Proof of Assets. In this technique the platform discloses their addresses and provides proof (such as a signed message) that they have access to the associated private key.

  • Third party audited PoR. As above, but conducted by an independent 3rd party.

  • Self-attested PoR-and-liability (PoRL). As above, but including both a proof of assets and a proof of liabilities, generally using a Merkle tree to allow for customer validation of the inclusion of their specific balances in the total liability amount.

  • Third party audited PoRL. As above, but conducted by an independent 3rd party.

Even the best of these approaches come with real downsides (as also noted by others in cryptocurrency). For example: 

  • In a PoR scheme, a purely on-chain mechanism (such as disclosing addresses and signing a message using the private key for that address) does not prove that liabilities are less than assets. 

  • In an audited PoRL scheme, customer liabilities are proved using Merkle trees with a third party checking for negative or missing balances. However, this can result in privacy issues such as the disclosure of customer balances or the disclosure of platform level customer activity trends. For example, if the entire tree is shared it exposes all balance data on the platform on a per account basis, even if only associated with a random identifier. If just customer specific branches are shared many customers could aggregate their view of the tree to rebuild the whole and aggregate per-token balance data is still exposed to the public.

  • In a self-attested PoRL scheme, platforms can game their liabilities by leaving out liabilities from accounts that are unlikely to verify the inclusion of their assets and it also has the same privacy risks as above.

  • None of these approaches can account for off-chain liabilities, such as lending. 

Third party audited PoRL on a quarterly schedule starts to approach public company audited financials — supplemented by new cryptographic evidence all along the way – but as you can see it still requires trusting some sort of third party. That’s why, for crypto startups that aren’t at the scale of a public company and/or don’t publish audited financials, I’m an advocate for PoRL when conducted by an independent third party and with privacy controls on the Merkle tree. However, gaps remain relative to traditional financial audits, most notably that it’s a point in time audit and doesn’t address the financial controls in place that produce the financial data under audit. 

We're excited to see how far we can go as an industry with on-chain accounting. Demand now exists for a privacy-respecting, on-chain, continual proof of solvency that is robust to off-chain events that could impact the viability of assets. This will likely take the form of a Zero Knowledge PoRL such as that proposed by Vitalik (https://vitalik.ca/general/2022/11/19/proof_of_solvency.html). It may not happen overnight, but as more business functions move on-chain, we’ll get there. 

One silver lining in the collapse of FTX is a huge focus on transparency into the assets and liabilities of different crypto firms. At Coinbase, we believe that you deserve the best of both tradfi and DeFi. Today we are the only company in crypto that is providing the transparency and assurance of a public company financial audit. For tomorrow we are working toward a decentralized system where you don’t have to trust us, or any institution. You only need to trust the math. Everything should be transparent, immutable, and verifiable to all. 

In order to take concrete steps toward that future world, we are announcing a new developer grant through Coinbase’s 2023 ​​Crypto Community Fund. We’ve allocated $500,000 to support people or teams who are advancing the state of the art in on-chain accounting, privacy preserving techniques related to proof of assets or liabilities (including the application of zero knowledge techniques) and or closely related technologies.

Coinbase logo
Philip Martin

About Philip Martin

Philip Martin is the Chief Security Officer for Coinbase, where he is responsible for developing the technology, processes and team that safely store one of the world’s largest holdings of cryptocurrency. Prior to Coinbase, Philip built and led the Incident Response and Security Engineering teams at Palantir Technologies, developed new virtual infrastructure at Amazon A9 and spent a decade as a US Army counterintelligence agent in a range of foreign and domestic roles.

Take control of your money. Start your portfolio today and get crypto.

Sign up for a Coinbase account today and see what the world of decentralized finance can do for you.