This Exchange Enables Users to Self-Audit the Firm’s Crypto Reserves – This is How it Works
Major crypto exchange OKX said it launched a self-audit feature, which currently supports three cryptoassets.
“You can now verify your assets are backed 1:1 on OKX,” said the announcement. The new feature supports Bitcoin (BTC), Ethereum (ETH), and the USDT stablecoin, with more assets to come, said the company.
Moving forward, we'll conduct regular Proof of Reserve audits to update our collateral balance and the status of your assets within our reserves.— OKX (@okx) November 23, 2022
The website offers users the option to view their audit, as well as to view OKX reserves. It claimed that its on-chain wallet holdings are public so that users can always verify that their funds are backed by real assets.
It also said that it regularly publishes Proof-of-Reserves (PoR) audits, enabling users to verify that their assets are held in the exchange’s reserves.
Proof of Reserves is a common audit method, said OKX, which is used to ensure that a custodian indeed holds sufficient funds to cover all assets deposited on their exchange. To verify the audit, three steps come into play:
- a Merkle tree is used, which is a data structure designed to encrypt data to verify all the user assets held on the exchange;
- the exchange’s ownership of OKX on-chain wallet addresses and the total OKX wallet holdings is verified;
- the exchange’s reserve ratio is verified by comparing total user asset holdings with total exchange assets from OKX on-chain wallet addresses.
Each user is given a unique anonymous user hash ID, and each user’s total asset balance becomes a Merkle leaf in the tree, said OKX, adding that,
“Combining the total sum of all our user’s assets produces a “Merkle root”, a cryptographic signature that represents all user holdings.”
The exchange also said it published a list of wallet addresses with a signed message “I am an OKX address”, where users can check the OKX assets stored on-chain.
The website also provides instructions on how to self-verify PoR: verify OKX wallet address ownership and balance, and check if one’s assets are included in the OKX Merkle tree.
There are some, however, who argue that certain types of PoR are not enough. Jesse Powell, co-founder and former CEO of crypto exchange Kraken, said he would be “more assertive” when it comes to “calling out problems.”
He tweeted that a PoR audit requires cryptographic proof of client balances and wallet control and that it must have:
- the sum of client liabilities (auditor must exclude negative balances);
- user-verifiable cryptographic proof that each account was included in the sum;
- signatures proving that the custodian has control of the wallets.
1/ I said I was going to be more assertive with calling out problems. This is one of them.— Jesse Powell (@jespow) November 22, 2022
"Reserves" = assets minus liabilities
"Reserves" != list of wallets
The Proof of Reserves AUDIT requires cryptographic proof of client balances and wallet control.https://t.co/ALcfi7rLUV https://t.co/TawYclk0nT
– OKX Exchange Shows Proof of Reserves
– Binance Provides Proof of Reserves in Response to FTX Collapse – This is How Much Money They Have
– Billion-Dollar Crypto Fund Grayscale Refuses to Post Proof-of-Reserves – Next Firm to Collapse?
– OKX Lures More Institutions with New Trading Feature