A few days after events with FTX, a new concept started to spread all over the internet – a proof-of-reserves. Major exchanges started a marketing campaign in pursue to hold their users from leaving platforms, moving assets to cold wallets, or cutting their trades. The general idea that can be read throughout articles from those major players is that what happened to FTX won’t happen to us, we can show you proofs and make crypto great again.
Furthermore, if you read those articles about proof-of-reserves you probably noticed that conceptually it is described in two instances:
1) it’s a blockchain solution, and as you know blockchain remembers everything, and
2) information from blockchain is being verified by professional auditing companies.
Overall, those points are indeed valid and have basis for trust. But then, after some of exchanges provided their proofs of reserves a new scandal emerged: several of them, allegedly, swapped crypto assets between each other just at a time when they showed their proofs. And that’s where begin the issues with this concept.
Issue No.1 – These proofs are stamped in time.
After release of proof-of-reserve attestation (certificate) a prospective user can review what assets and in which quantity are in disposition of a certain custodian (crypto company). The nature of exchange business is a constant movement of assets: someone deposits crypto to a platform and someone if withdrawing it. The goal of reserve is to have at least 1:1 ratio of assets between those which were deposited by users and those in treasury to cover company’s liabilities before users in case they want to withdraw their assets. And having an attestation issued on a certain date doesn’t guarantee that the indicated amount of assets will be the same next day.
Issue No.2 – Auditing practices and standards.
As it was stated above, crypto companies engage auditors to verify their proof-or-reserves. This adds another layer to this process: auditors employ their methodologies to verify if the reserve assets are in place, that their numbers are as it is shown “on screen”, etc. Regarding the blockchain technology such audits can be conducted faster than in classic finances. It is achieved by gaining online access to the information via a read-only nodes on blockchains. In such a way auditors can receive the information they need without delays and process it faster.
However, virtual assets are of another nature comparing to traditional financial instruments and not all of attestation standards (e.g. the standards issued by the American Institute of Certified Public Accountants) are applicable to virtual assets. So, in most cases, auditors do their checks applying generic principles such as “prudence” and “going concern”.
Issue No.3 – There is no proper auditing regulation for crypto.
At this point one may say: “But wait, aren’t there already exist tools for on-chain auditing?”. And this person will be correct. They do exist, but the case is that for now there are no special methodologies for auditing crypto assets properly. Current tools are limited in their functionality. For instance, crypto firm may have reserves both in cryptocurrencies of various types along with classic assets like governmental obligations, or private companies’ securities, or commodities. Those assets won’t be shown on blockchain, thus, the picture can’t be full.
Also, audits cannot prove the sources of such reserve crypto assets, basically, where did the company take them. And this is another brick in the wall between current proof-of-reserves concept and legally proper auditing.
Issue No.4 – Privacy.
Another risk area is around the rights and ownership of crypto assets. While the blockchain can provide evidence of transactions such as the purchase of crypto currency, auditors should further consider the security of private keys that provide access to cryptocurrency.
The high privacy and secrecy levels in blockchain may inhibit access to audit evidence, which raises the possibility that management overrides may go undetected.
Issue No.5 – General crypto regulation uncertainty.
Last but not least, is a current state of affairs in worldwide crypto adoption and regulation. Nowadays there is no general line of understanding of different types of virtual assets in the world. Different countries oftentimes treat them differently and, in some cases, they have problems in categorizing of specific virtual assets.
The problem here is that despite countries may have slightly different auditing methodologies set in stone via legislative acts, all of them follow the uniform logic adopted worldwide. When we think of crypto we cannot say that the world is close to the point of reaching a global consensus on how to treat different types of crypto assets. For this reason, its auditing is also variable and will remain such until the next big shift in global understanding and regulation occurrence in the world.
And what conclusions can we make out of it?
Proof-of-reserves concept is indeed a good initiative but do not be misled with loud statements about “auditing on blockchain with professional auditors”. For the reasons indicated above there are flaws in this process for now, although they will be fixed eventually.
So, in general when you see a proof-of-reserve certificate you may be assured that for the date of its issuance and for some time in the future a specific company may have a certain credit of trust. But if you are not a professional auditor you will not know for sure what could have been missed just reading such certificate report, so still double check if your planned activities won’t be at a risk of failure due to an inability of company to pay for its liabilities. Or contact knowledgeable lawyers to review the report and provide you a list of possible risks under the reviewed report and action plan on how to avoid or at least minimize possible damage.
Obviously, the next major step will be made when a crypto specific auditing guidelines will be developed and used during reserves checks. And that will be the next iteration of bringing more trust to the published proof-of-reserves reports and in a crypto company’s creditworthiness.
Author: Danyil Voloshchuk, associate of the Technology and Investmens at the Juscutum