Counting crypto on an exchange

One of the biggest revelations to come out of the FTX drama is that most crypto exchanges have gone by without having to prove the existence of funds held by clients.

Crypto exchange wallets and apps look and feel like banking products, so many investors just assume that these platforms must comply with the same types of laws and regulations. But that is not true. Also, the Federal Deposit Insurance Corporation (FDIC) insurance that guarantees $250,000 per deposit account in case of bank failure does not apply to crypto exchanges. Platforms like Voyager and FTX.US ran into trouble with the FDIC for suggesting such coverage.

Crypto exchanges are also not members of the Securities Investor Protection Corporation (SIPC), which offers cover against cash and securities if a member firm goes under. Keep in mind that most crypto projects and exchanges go out of their way to argue that tokens are not securities in an attempt to avoid the SEC.

All this confusion leads to questions about how investors and traders can verify that funds on exchanges actually exist. There is no silver bullet, but there are two approaches that are starting to gain more attention in crypto: issuing public wallets, proof of reserves, and audits.

Issuance of public wallets

This is the simplest and least reliable approach to proving solidity. It works like this: in order for crypto exchanges to accept token deposits, they need to set up public wallets on different blockchains. For example, Coinbase has dedicated wallets to receive money in BitcoinBTC
and EthereumETH
blockchains, among others. Every exchange should have a wallet on a blockchain for every token it supports. These wallets can be very large and can be tracked by crypto forensics and computer companies, so it is theoretically possible to see a rough real-time count of an exchange’s reserves on a minute-by-minute basis. That said, taking this step can be challenging from a technical POV.

Those are the complications. First, exchanges should be security-conscious, and it would be bad practice to hold all of a given asset in one wallet, providing a juicy target for hackers. Exchanges will split the reserves between multiple wallets, making assets harder to track. Additionally, there is no way to verify who the funds in a given wallet belong to. For example, it could be the exchange’s own tokens, not yours.

Reserve certificate

This practice moves the needle one step further because it uses a cryptographic computing technique known as Merkle Trees. This is a type of data structure that cryptographically connects all relevant information, in this case client balances. The advantage of using this approach is that customers can be sure (assuming they are sophisticated enough to understand how this works) that their accounts are included in the total balance produced by the certificate. In theory, this should prevent the company from simply posting a large balance online without verifying that the total figure is equal to the sum of all the smaller parts.

So this is a better approach, but it’s still not perfect. Here’s why. First, because this is a type of evidence and not a full audit, it does not cover additional information such as liabilities to see if any reserves were otherwise impaired. Because this is only a snapshot of the balances on a given day, there is also the chance that a bad operator could manipulate the balances to look solvable.

Due to the crypto-native aspect of proof of reserves, many exchanges have promised to deliver proof of reserves in the coming weeks. This will be a good step forward and I hope that this practice at least becomes the industry standard. Additionally, my expectation is that proof of reserves will be automated and continuous at some point in the future, making it more difficult for bad actors to manipulate reserves to demonstrate solidity on a few select days per year.

Companies that have completed proof of reserve include Kraken, Gate.IO, Luno, BitMEX, Binance, Huobi, KuCoin and OKX.

Supervision

These are intended to be the gold standard for solvency. Auditors take a comprehensive look at a firm’s overall financial health, assessing liabilities as well as assets. They also take into account fund flows throughout the company and look at financial procedures and controls in a given company. Audit is intended to be our best effort to understand the financial health of the company.

Of course, we know that audits are not perfect – after all, Enron and Wirecard, among other frauds, were continuously audited by large firms such as Arhtur Anderson and KPMG. FTX told Forbes that it had passed audits by two firms, Armenino and Prager Metis, although neither is regarded as a top auditor. In fact, it is suspected that FTX chose to use multiple auditors so that it could prevent a single firm from getting a complete picture of its financial health.

So how many crypto firms have actually been audited? Forbes managed to find out the auditors of 25 of the largest crypto exchanges by volume, as you can see in the following chart.

This is a good step, but as we all know, the value of the audit is only as good as the auditor.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *