:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/5KVHC3L4DRFK5HT7VRLI4MPBQY.jpg)
Crypto exchanges have long fallen short of the ideal of transparency on which blockchain was founded in the late 2000s. Trust in crypto companies hit a low point in 2022, when several centralised platforms such as Celsius, BlockFi and Voyager declared bankruptcy after mismanaging customer funds. The failure of FTX alone wiped $200 billion from the cryptocurrency market, fanning the flames of an already brutal bear market.
By late 2022, investors began demanding serious change. To prevent the lack of transparency from causing another financial disaster, they asked crypto exchanges to open up their books to the public.
Several exchanges now publish a proof of reserve based on funds held in their on-chain crypto addresses. The addresses show that a given exchange holds reserve assets equal to or greater than the total amount of its users’ crypto deposits.
Crypto exchanges publishing proof of their reserves is a step in the right direction, but the movement certainly has its limitations. Exchanges do not publish complete logs of their outstanding debts and customers have little insight into how exchanges take snapshots of their reserves. Rigorous audits remain few and far between.
That’s why it’s important to stay vigilant, even when exchanges publish proof of their reserves. DefiLlama is among a handful of organisations pushing for greater transparency by drawing attention to these important figures. This work helps investors assess whether an exchange is safe to use, and identify which ones still suffer from a lack of transparency.
Why does crypto have a transparency problem?
Before digging deeper into proof of reserve, it’s necessary to understand why the industry has readily sacrificed transparency in favour of convenience for over a decade.
The price of entry on centralised exchanges — or CEXs —, like Binance and Coinbase, has always been control. CEXs store customers’ digital assets in giant crypto wallets to speed up trades, which they execute within their platforms rather than on blockchains.
Because CEXs spread funds over many different wallets, it’s difficult for users to know if a specific exchange holds enough assets in reserve to make all depositors whole at any given time.
A CEX could trade away or loan out users’ funds and they would be none the wiser — until they all tried to withdraw and found there wasn’t enough crypto available. This is a risk traders are willing to take in order to benefit from exchanges’ ease of use and low trading costs. Crypto exchanges are far more convenient than a slow and expensive blockchain.
Exchanges, obviously, say that they are very careful about how they handle their customers’ money, and to their credit, many have safeguards in place to prevent things like theft or misappropriation of funds.
Unfortunately, the industry is largely unregulated and some exchanges lie. In November 2022, FTX secretly lent over $8 billion of its customers’ money to its sister trading firm, Alameda Research. Alameda then drove itself into bankruptcy, bringing FTX – and nine million customer accounts – down with it.
Spooked by the market contagion that followed, investors withdrew billions worth of cryptocurrencies from centralised exchanges.
The alternative to keeping funds on a CEX is for investors to keep their crypto in a non-custodial wallet that they have complete control over. With a non-custodial wallet, users can connect to decentralised exchanges — immutable code deployed directly on blockchains like Ethereum — to trade assets.
Decentralised exchanges — or DEXs — do not custody users’ funds, removing the risk that they might misappropriate users’ crypto. In fact, all DEX transactions are public, meaning anyone can follow the flow of funds on a blockchain explorer.
DEXs sound like paradise, but the caveat is that trading on them can be far more expensive than trading on a CEX, and it takes a lot longer for trades to execute. Also, DEXs have no way to convert between fiat currencies like dollars and pounds and crypto, a service which requires a centralised custodian.
These drawbacks explain why CEXs have attracted significantly more capital than their decentralised counterparts.
Despite their ongoing issues with transparency, centralised exchanges still custody three quarters of the $1.2 trillion cryptocurrency market cap, according to a 2023 report from CoinGecko.
Why the move to proof of reserves?
CEXs are likely here to stay. But customers of centralised exchanges would probably prefer the entities safeguarding their money function more like banks than casinos.
In most countries, banks are required to follow strict government regulations to ensure they’re handling customer deposits responsibly and are solvent. Even though many banks use a fractional reserve system, where they only keep a small fraction of overall deposits in cash reserves, adherence to regulations and government guarantees on deposits helps the bank maintain trust with its customers.
However, CEXs do not receive the same level of government oversight as banks, and are not legally required to disclose proof that they are solvent. This often leaves investors questioning whether they are on Wall Street or the Las Vegas Strip.
As a result, several centralised exchanges have experienced bank runs that have left millions of customers with nothing. In late 2022, investors became tired of the lies and lip service and demanded that the largest crypto exchanges prove their solvency, too.
How do exchanges publish proof of their reserves?
Ideally, an exchange demonstrates its solvency by having a reputable accounting firm audit its books regularly, and by providing a constant proof of its reserves and a full disclosure of its liabilities. Frequent and complete reporting would demonstrate an exchange’s commitment to protecting its users from fraud and counterparty risk.
However, exchanges often compromise on transparency to remain limber and private. To avoid expensive auditing costs, they publish snapshots of their books that they call proof of reserves. In publishing these snapshots, exchanges aim to show that they hold funds of equivalent or higher value than user balances.
Exchanges employ different methods of proof to provide these snapshots. Some exchanges, such as OKX and BitMEX, release attestations of their reserves — where an auditor confirms that the exchange’s bank accounts and wallets are filled with enough money to credit customers. Others post their storage wallet addresses on Twitter or blockchain analytics platforms like Nansen, and others yet, like Binance, just publish a figure and say that they are good for it.
Note that none of this is the same as a proper audit, and there’s little to stop an exchange from moving funds into a wallet, taking a quick snapshot, then moving them elsewhere. Plus, most exchanges do not publish all their liabilities, leaving out debts they owe to banks or other companies. They only publish how much they owe their customers.
While methods diverge, most exchanges publish reports cryptographically in the form of a data structure called a Merkle tree. This structure allows the public to verify that an exchange can credit all its customers, without being privy to the amounts in each customers’ wallet. It is like a cryptographic stamp that says, “yes, the exchange has the money it claims to have”.
However, the Merkle tree is only as legitimate as the data included within it. The stamp is often, but not always, controlled by an independent auditing firm. Auditing firm Mazars no longer stands behind Binance’s Merkle Tree, for instance, and scrapped it from its website after the media heat on Binance became too hot to handle. As such, there is no way of knowing whether Binance’s proof of reserves data is complete.
Plus, the proof of reserves that exchanges publish have to be vetted. Sites like DefiLlama undertake the arduous task of tracking and tallying the staggering amount of wallets that exchanges publish as evidence into their proof of reserves.
CEX Transparency with DefiLlama
DefiLlama checks the data that CEXs provide on its CEX Transparency dashboard. The dashboard lists dozens of exchanges and provides a wealth of additional information, such as how much money is flowing into exchanges as deposits, if an exchange has received an audit and when that audit happened, and the total value of assets held.
Most CEXs can mint their own tokens at will to bolster their balance sheets, like a crypto Jerome Powell.
To prevent exchanges from using self-issued tokens to distort their balance sheets as FTX did with its FTT token before it imploded last year, DefiLlama includes a “Clean Asset” metric. Clean Assets counts the value of all crypto an exchange holds, minus self-issued tokens such as Bitfinex’s LEO token or Crypto.com’s CRO.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/DUCVAZVJONHRNGKQUJANEIXDKA.png)
A keen observer will notice the absence of information in the “Auditor” and “Last Audit Date” columns from the above table. Out of the 50 plus exchanges listed on the dashboard, only three have provided audit information. Additionally, DefiLlama cannot include CEXs on its dashboard that do not provide at least a published wallet address list.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/TGYFFEVZRRGY3BQERGXWUSKUQ4.png)
In the absence of proof of reserves, the flow of money into an exchange is a good indicator of how customers feel about the health of an exchange. A period where withdrawals exceed deposits usually indicates a lack of confidence. A quick glance at the asset inflows shows that Binance has had a rough month. The screenshot was taken shortly after the US Securities and Exchange Commission lobbed a barrage of charges against it, prompting customers to withdraw almost $4.5 billion.
While investors may never get the full story of a centralised exchange’s finances, outside of when a bank run occurs, some progress has been made to increase trust in these platforms. The failures of some of crypto’s largest exchanges throughout the latter half of 2022 serves as a stark reminder that not all funds are, as Binance’s CEO famously misspelt, “safu.”
Take all official statements with a pinch of salt and a sprinkle of scepticism. For everything else, there’s DefiLlama.
Next steps:
- investigate individual protocols within the dashboard to find specific methodologies for how DefiLlama gathers a CEX’s wallet data.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/MT5YYI4I4VATFPI3K462VVZEQY.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/S2DTCSS7BBHWPGVTADVFCZSPUE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/dlnews/6HNEZDMVZFAEXOUAOTFGRPLIDM.jpg)