What’s proof-of-reserves?
At its core, proof-of-reserves is a public demonstration {that a} custodian holds the belongings it claims to carry on behalf of customers, usually utilizing cryptographic strategies and onchain transparency.
If each crypto trade can publish a proof-of-reserves (PoR) report, why can withdrawals nonetheless be delayed or halted throughout a disaster?
The reality is that proof-of-reserves will not be a belief assure. It reveals whether or not verifiable belongings exist on a platform at a single cut-off date, but it surely doesn’t affirm that the platform is solvent, liquid or ruled by controls that stop hidden threat.
However even when executed correctly, PoR is usually a point-in-time snapshot that may miss what occurred earlier than and after the reporting second.
With no credible view of liabilities, PoR can’t show solvency, which is what customers really need during times of withdrawal stress.
Do you know? On Dec. 31, 2025, Binance’s CEO wrote that the platform’s consumer asset balances publicly verified via proof-of-reserves had reached $162.8 billion.
What PoR proves and the way it’s normally finished
In observe, PoR includes two checks: belongings and, ideally, liabilities.
On the asset facet, an trade reveals that it controls sure wallets, normally by publishing addresses or signing messages.
Liabilities are trickier. Most exchanges take a snapshot of consumer balances and commit it to a Merkle tree, typically a Merkle-sum tree. Customers can then affirm that their steadiness is included utilizing an inclusion proof, with out everybody’s balances being made public.
When finished correctly, PoR reveals whether or not onchain belongings cowl buyer balances at a selected second.
Do you know? Binance lets every consumer independently confirm their inclusion in its PoR snapshot. Via its verification web page, Binance generates a cryptographic proof based mostly on a Merkle tree of consumer balances, permitting customers to substantiate that their account was counted with out revealing anybody else’s knowledge or balances.
How an trade can “cross PoR” and nonetheless be dangerous
PoR can enhance transparency, but it surely shouldn’t be relied on as the only measure of an organization’s monetary well being.
After all, a report on belongings with out full liabilities doesn’t display solvency. Even when onchain wallets seem sturdy, liabilities will be incomplete or selectively outlined, lacking objects reminiscent of loans, derivatives publicity, authorized claims or offchain payables. That may present funds exist with out proving the enterprise can meet all of its obligations.
Additionally, a single attestation doesn’t reveal what the steadiness sheet regarded like final week or what it appears to be like just like the day after the report. In concept, belongings will be quickly borrowed to enhance the snapshot, then moved again out afterward.
Subsequent, encumbrances typically don’t present up. PoR usually can’t let you know whether or not belongings are pledged as collateral, lent out or in any other case tied up, which means they will not be accessible when withdrawals spike.
Liquidity and valuation may also be deceptive. Holding belongings will not be the identical as having the ability to liquidate them shortly and at scale during times of stress, particularly if reserves are concentrated in thinly traded tokens. PoR doesn’t handle this concern; clearer threat and liquidity disclosures would possibly.
PoR isn’t the identical as an audit
Lots of the belief downside comes from a mismatch in expectations.
Many customers deal with PoR like a security certificates. In actuality, many PoR engagements resemble agreed-upon procedures (AUPs). In these circumstances, the practitioner performs particular checks and reviews what was discovered with out offering an audit-style opinion on the corporate’s total well being.
Certainly, an audit or perhaps a evaluation is designed to ship an assurance conclusion inside a proper framework. AUP reporting is narrower. It explains what was examined and what was noticed, then leaves interpretation to the reader. Underneath Worldwide Commonplace on Associated Providers (ISRS) 4400, an AUP engagement will not be an assurance engagement and doesn’t specific an opinion.
Regulators have highlighted this hole. The Public Firm Accounting Oversight Board has warned that PoR reviews are inherently restricted and shouldn’t be handled as proof that an trade has enough belongings to fulfill its liabilities, particularly given the shortage of consistency in how PoR work is carried out and described.
That is additionally why PoR drew elevated scrutiny after 2022. Mazars paused work for crypto purchasers, citing issues about how PoR-style reviews had been being offered and the way the general public would possibly interpret them.
What’s a sensible belief stack, then?
PoR could be a start line, however actual belief comes from pairing transparency with proof of solvency, sturdy governance and clear operational controls.
Begin with solvency. The true step up is displaying belongings versus a whole set of liabilities, making certain belongings are larger than or equal to liabilities. Merkle-based legal responsibility proofs, together with newer zero-knowledge approaches, goal to shut that hole with out exposing particular person balances.
Subsequent, add assurance round how the trade truly operates. A snapshot doesn’t reveal whether or not the platform has disciplined controls reminiscent of key administration, entry permissions, change administration, incident response, segregation of duties and custody workflows. This is the reason institutional due diligence typically depends on System and Group Controls (SOC)-style reporting and comparable frameworks that measure controls over time, not only a steadiness at a single second.
Make liquidity and encumbrance seen. Solvency on paper doesn’t assure that an trade can survive a run. Customers want readability on whether or not reserves are unencumbered and the way shortly holdings will be transformed into liquid belongings at scale.
Anchor it in governance and disclosure. Credible oversight relies on clear custody frameworks, battle administration and constant disclosures, particularly for merchandise that introduce extra obligations reminiscent of yield, margin and lending.
PoR helps, however it will probably’t substitute accountability
PoR is best than nothing, but it surely stays a slim, point-in-time test (though it’s typically marketed like a security certificates).
By itself, PoR doesn’t show solvency, liquidity or management high quality. So, earlier than treating a PoR badge as “protected,” take into account the next:
-
Are liabilities included, or is it belongings solely? Belongings-only reporting can’t display solvency.
-
What’s in scope? Are margin, yield merchandise, loans or offchain obligations excluded?
-
Is it reporting a snapshot or ongoing? A single date will be dressed up. Consistency issues.
-
Are reserves unencumbered? “Held” will not be the identical as “accessible throughout stress.”
-
What sort of engagement is it? Many PoR reviews are restricted in scope and shouldn’t be learn like an audit opinion.