The collapse of the cryptocurrency exchange FTX has left a lot of people a lot poorer, with billions in customer funds vanishing overnight. Now, as the bankruptcy process unfolds, users stand next to no chance of getting their funds back in their entirety. Disgraced former FTX CEO Sam Bankman-Fried even speculated in a recent interview that FTX users might be lucky to get pennies on the dollar back when all is said and done.
Such a massive failure on the part of a largely unregulated entity – FTX was domiciled in the crypto-friendly Bahamas – is leading people to wonder what’s next for crypto custody. Is it really possible for the third-largest exchange to just go up in smoke with all of your funds? Apparently yes, as these exchanges are not FDIC-insured and lack legally required audits and disclosures, unlike public companies operating in the traditional financial sector.
The answer to these problems that’s gotten the most airtime recently is something called proof-of-reserves (PoR), which is a catch-all term for solutions that get exchanges to release financials. The idea holds some promises but also falls short in crucial ways.
Then, on the other end of the spectrum, there are voices from the “Not your keys, not your crypto” movement pushing the public to get their funds off exchanges and into hardware wallets and other self-custody solutions.
Let’s take a look at the various ideas popping up and see what we can learn about the future of crypto custody.
Proof of Reserves
Since there is no depositor insurance in crypto, it’s an absolute necessity that centralized exchanges (CEXs) have funds in excess of their customers’ deposits at all times. Currently, there is no real mechanism for ensuring this. Proof-of-reserve methods would allow CEXs to demonstrate they actually have the assets they claim to hold.
The means of doing this involves something called a Merkle tree, which is a cryptographic data structure that maps out the finances of an exchange. The cryptographic nature of these data structures is supposed to ensure user privacy. These “hash trees” can then be examined by third-party auditors, with the results published for anyone to see.
Ethereum co-founder Vitalik Buterin has suggested that ZK-SNARK technology could be used in combination with Merkle trees to add an increased layer of privacy in proof of reserves.
Amid the FTX scandal, Binance founder Changpeng Zhao (CZ) announced that he would be implementing PoR for his exchange, which he later did. Soon, other exchanges such as Crypto.com, KuCoin, and Bitfinex followed suit.
Problems with Proof of Reserves (PoR)
The trouble with proof of reserves is that they’re just that: proof of reserves. Without corresponding proof of liabilities, the information is essentially worthless, as Kraken CEO Jesse Powell put it.
It’s also not simple to audit these assets and liabilities and keep the audits adequately updated. Under none of the proposals under discussion would audits be done in an automated manner in real-time. They require teams of professionals from third-party companies who work on longer timescales.
And of course there is always the question of malfeasance or incompetence on the part of auditors. Indeed, FTX had multiple auditors, though none were from the Big Four accounting firms. (In fact, one reportedly only had an address in the metaverse.)
Then there is the matter of off-chain assets, which the cryptographic methods used in proof of reserves don’t go near. This is particularly relevant on the liability side, where the auditing work required would be more in line with what happens at publicly traded companies.
What is Proof of Keys?
One novel method of testing the solvency of an exchange has come from the Proof-of-Keys movement, an idea dreamed up by the cryptocurrency investor and commentator Trace Mayer in 2019. The idea is part of the larger “Not your keys, not your crypto” movement, which urges people to take their funds off exchanges and place them in secure cold-storage solutions like hardware wallets.
The gist of it is that on one day every year (Proof of Keys day), cryptocurrency holders are supposed to withdraw all of their funds from the exchanges on which their crypto is held. In effect, this simulates a run on the bank. Therefore, any exchanges holding only fractional reserves could in theory be exposed when the tide goes out.
Fractional reserves are commonplace in the banking sector. In crypto, however, since there is little recourse for depositors in the event of exchange insolvency, the idea is supposed to be shunned.
The first Proof of Keys day was held on January 3, 2019 – the 10-year anniversary of Bitcoin’s genesis block – and the next will be on January 3, 2023. With the current bear market conditions leading to low liquidity at many crypto entities, it’s certainly possible the next Proof of Keys day could expose some more bad actors.
In any case, Proof of Keys day is an excellent opportunity for crypto holders to learn about how to take responsibility for their financial well-being and get into self-custody, which is always preferable to keeping your money with someone else. The general wisdom among longtime crypto users is that you should not be keeping any more funds on an exchange than you are willing to lose – and the same is true to a lesser degree of hot wallets like MetaMask.
While it’s not difficult to get up and running with hardware wallets such as the CoolWallet S or the CoolWallet Pro, many people still need a nudge to take the first steps. Proof of Keys day is an excellent opportunity to get started on this most important aspect of crypto.