How Are Proof of Reserve Audits Conducted?

In the second and final part of our series on proof of reserves, we continue our deep-dive into the concept, take a closer look at Merkle Trees and examine how users can utilize proof of reserves in their due diligence.

Enter.art logo
@enter.artPUBLISHED 10TH JANUARY 2023

This article is a part of a two-part series. Catch part one "What is Proof of Reserves" here for the full picture. 



What is a Merkle Tree?

Bilde 07.11.2020, 14 54 18 (1).jpg


The Merkle tree is a method of data structuring that maintains the verifiability of data that is stored and makes it easier to access that data. The Merkle tree is made to partition related data into discrete chunks that may each be accessed without having to walk through each individual branch of data. The Merkle tree, as its name implies, has unique data organized into independent branches connected to a single root, the Merkle root.

The Merkle root ensures that the correct data is stored in each data branch by serving as the data branch’s sole point of connection. For the entire data tree, it offers a single point of verification. Additionally, it offers a uniform system of data protection, ensuring that the data kept in the branches cannot be altered or destroyed.

Merkle trees are already the primary data management technique and the fundamental building block of blockchains, utilized to handle the ever-expanding data set produced by network users. The Merkle tree offers a storage and identification system that keeps the data according to their hash, rather than an entire chain because each block added to the chain is identified with a hash. By using the block's hash, data in the block can be confirmed, negating the need to compute the whole blocks in the network. 

In that regard, a proof of reserve records a miniature Merkle tree of the assets and liabilities of an exchange on-chain. To validate the records, an auditor starts by taking a periodic record of an exchange’s asset in custody and arranging the individual data in the record using a Merkle tree. 

Here’s how an auditor creates the proof of reserves for an exchange…

How Are Proofs of Reserves Audit Conducted?

First, the auditor or auditing firm takes a snapshot of balances held by the institution and structures the snapshots of these balances using the Merkle tree system. The pieces of custodial data for the exchange being audited are organized into a unified tree of data, branched into partitions, and identified using hash codes.

The auditor obtains the Merkle root of the data tree. The Merkle root of any data tree is the single point of connection between data in the tree. The individual account that contributed these assets can be identified through their unique signature.

To verify the individual contributors, the auditor matches the digital signatures to the data records on the Merkle tree and confirms that the reported balance(s) of the individual are at least equal to those obtained from the Merkle tree.

Changes to the individual balances can easily be detected on the Merkle tree and it creates a sharp shift in the data structure. Thus, it will be impossible for exchanges to tamper with users’ balances and go undetected.

However, the Markle tree system is not without its limitations. The major limitation of the Merkle tree is that the tree only matches the snapshot at a specific time, and as the reserve balance changes, it will require a newly updated Merkle tree to reflect the change in balance.

How to Profile Exchanges Using Reserve Data Tools

Now that you are familiar with the concept of proof of reserves concept, you are prepared to learn more and conduct your own research on several centralized platforms. Following the collapse of FTX, a number of proof of reserves tools have quickly appeared, each of which provides cryptocurrency investors with a way to track the assets or the financial actions of their exchanges, especially as they concern custodied funds on their platform.

CoinGecko’s Reserve Data

Go to the Crypto Exchanges page on CoinGecko and look for the Reserve Data column. You can view exchanges marked as Available or Unavailable in this column.

Available denotes that users can undertake due diligence using certain reserve information.

Unavailable indicates that CoinGecko does not have access to the reserve information.

Bilde 07.11.2020, 14 54 18 (1).jpg



To view Binance's reserve data, click Binance to access the exchange's page, where you can choose to examine the exchange's reserves.

Bilde 07.11.2020, 14 54 18 (1).jpg


Once you are in, you will be able to see the exchange reserve data sourced by the CoinGecko team. Data on CoinGecko is aggregated from sources including Nansen and DeFiLlama, as well as the exchanges themselves if their proof of reserves has been published.

Nansen’s Asset/Net Worth Dashboard

Here's how to use Nansen's Asset/Net worth dashboard to obtain and track your exchange's financial information.

The Asset/Net worth tool from Nansen continuously monitors wallet activities. Using its technology, you can examine other specific data that might aid in estimating the impact of your institutions' operations on your finances as well as view institutional and individual wallet balances across a number of chains.

Bilde 07.11.2020, 14 54 18 (1).jpg


To use the Nansen Asset/Net Worth tool, follow these steps:

  • Visit the Nansen Asset tracking website. You may access the analytics page for your wallet and track your own wallet by connecting your wallet.
  • A number of well-known custodial cryptocurrency exchanges are featured on the webpage. To check wallet balances across more than 40 blockchain networks, click the desired exchange you want to examine.

The wallet balance for the exchange is displayed on the launch page, along with a breakdown of how it is distributed among the various assets. We used Kucoin Exchange in this case. At the time of writing, the exchange is reported to have customer crypto assets worth $2.6 billion. The distribution of these holdings is revealed in the information that follows.

Bilde 07.11.2020, 14 54 18 (1).jpg



  •  To view the assets stored on the selected network, choose the network. As seen in the figure above, we chose the Tron blockchain. USDT makes up about 62% of the assets kept in the exchange's custody on the Tron blockchain. By clicking the chain, you may get this information for different chains.

Bilde 07.11.2020, 14 54 18 (1).jpg



  • By selecting the Analytics tab or View Full Analytics, you can examine additional data. The analytics page's data demonstrates how the assets and asset prices of the exchanges have grown over time. The chain's explorer allows you to view the wallet addresses of the exchange and keep tabs on activity. Here is a comprehensive tutorial on how to use Etherscan, Ethereum's explorer.

Bilde 07.11.2020, 14 54 18 (1).jpg



  •  If an exchange isn't listed, you can try to track their portfolio by getting their cold wallet address and looking up their records in the Nansen app. Input the address in the box at the top corner of the platform.


Conclusion

The cryptocurrency industry is in a pitiful situation as a result of the recent surge of misappropriation of assets by exchanges. Despite this, the implementation of Proof of Reserves is a bright spot and a significant takeaway from the unfortunate events. The industry as a whole is pressuring centralized exchanges to offer more openness, and users may soon have tools to confirm and hold exchanges accountable.

Industry players can also make use of the tools mentioned above to guarantee the availability and safety of their funds, establishing a procedure that may help make the cryptocurrency market safer for investors. This is significant from the users' perspective. Even if you engage in personal research and invest in your preferred cryptocurrency projects, make an effort to push your institutions for greater transparency and confirm the security of your assets, particularly if you use a centralized exchange for asset custody.

Ultimately for users who are already familiar with public-private keys—and can afford them, the best way to keep funds safe is to retain full custody of their assets. 

The significance of handling users' funds with honesty and extreme care for custodial institutions cannot be overstated. But now more than ever, it is important to also demonstrate the care being taken and give users the ability to verify claims made about how their money is being managed.

As a general rule, exercise caution and conduct your own research before making any cryptocurrency investments.



This article is written by Chidera Anushiem as a part of enter.blog's bounty program and is a part of a two-part series. Do you have an interesting topic, series or subject you think would be fitting for enter.blog? 

You can now submit your articles to enter.blog and get paid for your contributions!
Read more and submit your article here

Crypto & Learning

Hungry for knowledge? Here you can get acquainted with blockchain, wallet security, DeFi and much more.

View all

PUBLISHED 25TH MARCH 2022

What are DAOs?

Decentralized Autonomous Organizations (DAOs) give online groups with common goals the means to pursue those goals from a flat hierarchy. Here’s how DAOs are making waves in NFT and Crypto Communities, and how you can create your own.

PUBLISHED 2ND OCTOBER 2022

Five Types Of Consensus Mechanisms You Should Know About

How do blockchains ensure that transactions are real, valid, and not the product of fraud? The answer is consensus mechanisms, and in this article, we take a closer look at the pros and cons of five of the most popular consensus mechanisms in crypto.

PUBLISHED 16TH MARCH 2022

What is DeFi?

In this guest article from the enter community, we explore a topic close to our hearts - DeFi. What is it, how does it differentiate from traditional finance, and what are the advantages?

{{loaderText}}