How will security of crypto exchange be assessed

12/31/2022

3 minutes read

2022.12.31 01:23

Budrigannews.com – As the cryptocurrency industry tries to recover from the shock and losses of the current crypto winter, the term “proof of reserves” (PoR) has grown in popularity in recent weeks. Criteria and rankings for adequate PoR are beginning to emerge after a flurry of discussion and work, but the specifics of how to carry out proof of reserves and even who ought to do so remain open questions.

Quickly, the differences between proof of assets and proof of reserves, as well as their flaws as a pair, were pointed out. Major companies stepped up and quickly backed down as traditional auditors’ attempts to provide PoR were quickly met with failure.

I’m sorry but no. This is not PoR. This is either ignorance or intentional misrepresentation.

The merkle tree is just hand wavey bullshit without an auditor to make sure you didn’t include accounts with negative balances. The statement of assets is pointless without liabilities. https://t.co/b5KSr2XKLB

— Jesse Powell (@jespow) November 25, 2022

Cointelegraph was informed by Doug Schwenk, CEO of Digital Asset Research (DAR), that auditors may never provide users with the assurance they seek from PoR. Cryptocurrency trades 24 hours a day, seven days a week. “Ideally you would have a way to measure those liabilities and the assets in some kind of real time,” he stated. Audits are conducted on a regular basis.

DAR produces the FTSE Russell index in collaboration with the London Stock Exchange and provides information and vetting services to major traditional finance companies. We appreciate evidence of reserve. It is not sufficient for us to state that we are content, but it is definitely better than nothing.” Added he:

“In the world that we’re navigating right now, better than nothing is sometimes a good starting place.”

To make matters even more complicated, the challenges faced by centralized (CeFi) and decentralized (DeFi) platforms are vastly distinct. According to Amit Chaurhary, head of DeFi research for Polygon, a scalable blockchain ecosystem compatible with Ethereum, “proof of reserve is worthy of calling [itself] proof of reserve” in DeFi.

According to Chaudhary, the company’s zero-knowledge Ethereum Virtual Machine (zkEVM), which uses Merkle trees to see both positive (asset) and negative (liability) balances and enables a user to verify their accounts while maintaining a high level of privacy, adds “battled-tested security” to PoR. Additionally, while maintaining anonymity, zero-knowledge protocols can provide dual collateral control for safer settlement as well as Anti-Money Laundering and Know Your Customer controls.

The blockchain record’s immutability would permit audit process verification. Added Chaudhary:

“You can deploy an accounting system on your zkEVM. You can design your own accounting system.”

CeFi presents much greater challenges. “Since liabilities could be incurred off-chain, there is no method to show proof-of-liabilities and that a company can honor all customer deposits,” founder of the Aleph Zero blockchain Matthew Niemerg told Cointelegraph in a statement.

Centralized cryptocurrency exchanges are taking a variety of steps to provide PoR that meets users’ needs. Exchange OKX, which has recently committed to providing fresh PoR monthly, uses PoR based on an open-source Merkle tree protocol along with a Nansen dashboard. Nansen provides real-time, third-party transaction tracking.

#OKX released 2nd Proof-of-Reserves Report, Promises Monthly Publication

Reserve ratio: #BTC 101%, #ETH 103%, #USDT 101% pic.twitter.com/spcLT6M1VF

— Satoshi Club (@esatoshiclub) December 23, 2022

In a statement to Cointelegraph, OKX stated that the exchange uses a Merkle tree to verify its holdings of its top three assets, BTC, ETH, and USDT. This allows users to verify their holdings, verify that their balance is included in the exchange’s total liabilities, and compare OKX assets and liabilities.

OKX elaborated, “OKX discloses its wallet addresses via the Nansen dashboard.” With this, users can “ensure that OKX has enough reserves on-chain for users to withdraw” and check their OKX holdings in real time.

“Even if the books are audited by respected, independent third parties, no amount of math or cryptography can solve the human problem of deceit and fraud,” despite the efforts of OKX and other exchanges to provide transparency. “Plastic in, plastic out!” Niemerg said.

Cultural barriers can make it difficult to provide transparent services. According to Schwenk, traditional finance has the “benefit of living in 2022, where we have almost 100 years of highly regulated capital markets.”

For “the kind of firms that are used to having a high degree of confidence in their counterparty,” the DAR aims to “apply the same rigors as regulators.” Nevertheless, according to Schwenk sai, “It is impossible to get perfect information about any of these counterparties today, because many of them are still getting through some maturity questions and they struggle to be as buttoned up as you see in traditional finance.”

More Will Sam Bankman-Fried’s sentence be commuted for pleading guilty