The proof is in the (crypto) pudding: is Proof of Reserves a solution to crypto’s trust problem?

In any normal week, reports that nearly half a billion dollars in cryptoassets had been stolen from a cryptocurrency exchange would be major news. Unfortunately for FTX, which has been having anything but a normal week, the reported hack is barely a footnote to its precipitous, and very public, collapse—from crypto darling with a $32 billion dollar valuation to filing for bankruptcy over the course of just a week.

FTX’s rapid collapse, prompted by its inability to meet customer requests to withdraw approximately $5 billion in assets (akin, in effect, to a ‘bank run’) and revealing enormous balance sheet shortfalls, has been described as crypto’s ‘Lehman moment’. Concerned about contagion risks to the wider industry, cryptocurrency exchanges have scrambled to reassure users of their stability. Several leading cryptocurrency exchanges, Binance among them, have turned to ‘Proof of Reserves’ programs (PoR) as a means of achieving greater trust and transparency.

What is ‘Proof of Reserves’?

The basic idea underlying PoR is that it provides verifiable public evidence of the assets and liabilities held by a cryptocurrency exchange and, by extension, a foundation for third parties to assess its solvency. The Bitcoin Policy Institute describes it as ‘a method that uses techniques of cryptographic verification to publicly demonstrate possession of digital assets sufficient to cover outstanding liabilities’, ideally conducted by an independent auditor on a recurring basis.

Proponents of PoR tout its transparency (as it provides publicly accessible information about an exchange’s assets); its verifiability (as such information may be verified cryptographically); and its privacy (through use of Merkle-tree data structures)—all features which commend it as a particularly crypto-friendly solution to the distinct problems of trust and accountability facing the industry.

FTX: T is for ‘Trust(less)’…

The unravelling of FTX and the likely wrangling between its creditors that will follow highlights the dangers, and potentially existential scale, of trust and accountability shortcomings in the crypto space. Custodial cryptocurrency exchanges like FTX holding themselves out to users as—irony alert!—trusted intermediaries raise a tricky double-peril: that of too much trust and not enough accountability (acting as both ‘prevention’ and ‘cure’). Given Satoshi Nakomoto’s vision of blockchain as a decentralised, trustless ledger, in their present iteration such exchanges represent a dilution of blockchain’s promise of a trustless environment founded on the purity of technologically-enabled accountability.

The adoption by cryptocurrency exchanges of Proof of Reserves programs may go some way to improving transparency and in turn, rebuilding (and actually substantiating) trust in the industry. As a ‘blockchain-native’ solution, PoR deploys the cryptographic accountability introduced by blockchain to bolster trust in the system, with the added potential benefit of realigning cryptocurrency exchanges with the wider blockchain project.

An off-chain reality check

Proof of Reserves is not, however, the only solution available to address trust and accountability issues—and there are reasons to be cynical about a proposal touted by industry insiders as a means to resist state regulation. PoR is also subject to limitations, from the possibility of funds borrowed temporarily to bolster balance sheets, to hidden liabilities and competing ownership claims. These weaknesses point to inherent limits to on-platform solutions, which ignore off-platform reality at their peril. PoR alone cannot provide a trustless proof against fraud, nor a defence against hacks like the one suffered by FTX earlier this week.

In a recent article examining the latest developments in blockchain case law, we noted that the crypto industry may ultimately find it difficult to escape the long arm of off-chain regulation. Legal mediation through the courts, utilising existing legal concepts such as fiduciary duties and constructive trusts and backed by state authority, will remain attractive as an ex post means of securing accountability for those who have suffered losses. Focusing on ex ante accountability, FTX’s dramatic death spiral has already strengthened calls for increased financial regulation and oversight of the crypto industry to prevent similar scenarios from playing out in future.

Promising projects to reconcile legal rights with blockchain’s technical infrastructure are already underway. The Bitcoin Association, for example, has been developing 'a software solution to enable miners to enforce the legal rights of victims of crime', permitting them 'to freeze coins which are determined by valid legal process to be lost or stolen'.

Despite the best efforts of crypto enthusiasts to convince us otherwise, we do not (yet) live in a purely ‘on-chain’ world. There is a fundamental tension between the finality implied by Proof of Reserves, and the messiness of the practical and legal realities overlaying it.

Whether PoR can ‘solve’ crypto’s trust problem therefore seems to be the wrong question; and one which plays into crypto-evangelists’ framing of blockchain technologies as existing in a self-governing bubble untouched by irritants such as social and legal norms. A better question might be to ask whether, and how, technological solutions can develop alongside (or, even better, symbiotically with) more traditional regulatory approaches.