A window into web3: What is proof-of-reserve in crypto?

Trustlessness is a core principle of crypto. Unlike centralized exchanges (CEXs) that rely on intermediaries to facilitate transactions, transfers on peer-to-peer (P2P) protocols depend solely on code.

Ironically, trust remains a significant risk in other realms of the crypto ecosystem, highlighted by high-profile failures like Mt.Gox, Celsius, Voyager, and FTX. These platforms collapsed due to hacks that lost hundreds of thousands of BTC, reckless lending practices, and allegations of misappropriating customer funds. Such incidents severely eroded confidence in the crypto community, creating urgent calls for greater transparency. In response to these demands, proof-of-reserve (PoR) audits emerged as a transparency measure, offering a way for crypto platforms to verify their holdings. 

However, PoR audits have limitations – they provide a snapshot of reserves but don’t account for liabilities or a platform’s full financial health. While PoR can increase visibility into an exchange’s assets, full financial audits under American Institute of Certified Public Accountants (AICPA) and Public Company Accounting Oversight Board (PCAOB) guidelines remain the gold standard for assessing solvency.

In this guide, we’ll explain how proof-of-reserve reports work, their pros and cons, and what to look for when evaluating a crypto platform’s financial transparency.

What is a crypto proof-of-reserve report?

A proof-of-reserve (PoR) report is an audit designed for cryptocurrency businesses and protocols, including exchanges, third-party custodians, and decentralized finance (DeFi) platforms. Its purpose is to verify that an entity holds enough digital assets ("in reserve") to cover its current client liabilities. For a crypto platform to remain solvent, its reserves must meet or exceed its liabilities.

Conducted by external auditing firms, PoR reports add a layer of transparency and trust, ensuring that a company’s claims are supported by verifiable results.

How does proof-of-reserve work in crypto? 

Proof-of-reserve (PoR) reports confirm whether a crypto platform holds enough digital assets to meet its obligations. One common method is to share the public addresses for crypto wallets that serve as the platform’s treasury. By broadcasting these addresses on websites or social media, platforms allow traders to independently verify their holdings using blockchain explorers like Blockchain.com or Etherscan.

However, showing public wallet addresses alone doesn’t confirm a platform’s solvency. PoR reports must also include a snapshot of current liabilities (the total amount of crypto owed to customers). To balance transparency with user privacy, many platforms use a cryptographic tool called Merkle trees to organize and verify their proof-of-liabilities (PoL).

A Merkle tree is a data structure that secures user balances through layers of hashing, creating unique, irreversible strings of letters and numbers for each data point. These hashes are combined in multiple rounds to generate a "Merkle root hash" that summarizes all account balances. This process ensures data integrity while protecting individual user identities. A platform is solvent if its PoR matches or exceeds its final PoL.

Why are proof-of-reserve reports for exchanges important?

PoR brings greater credibility to crypto by providing extra assurance on the financial health of trading hubs. Investors know their tokens are well-managed and available for withdrawal whenever they choose. 

• Transparency: There's no hiding crypto holdings or transactions on public blockchains. When an exchange provides its public addresses in a PoR report, anyone can verify its crypto holdings at any time.
• Accountability: PoR audits hold entities responsible for their actions. If any accounting issues or questionable activities arise, authorities have a clear audit trail to check a crypto business's actions.
• Risk prevention: The trackable evidence in a PoR deters risky or illegal practices, like misusing investor funds or committing fraud. The confidence PoR builds also reduces the likelihood of panic-driven selloffs (or "bank runs") that solvency rumors can cause.
• User confidence: PoR's features collectively boost trust, giving crypto traders greater assurance rather than blindly trusting it to act in their best interests.

2025

Crypto Tax
Guide is here

CoinTracker's definitive guide to Bitcoin & crypto taxes provides everything you need to know to file your 2024 crypto taxes accurately.

Get startedLearn more

Concerns about proof-of-reserve in crypto 

PoR has already become a common procedure on many crypto trading sites, but it’s still a relatively new transparency tool. Even with broad adoption in the crypto ecosystem, concerns regarding the reliability and effectiveness of PoR reports do exist.

Lack of standardization

Merkel tree cryptography has become a common strategy for creating PoR reports, but there's no universal standard for implementing this screening method across the industry. Without consistent guidelines, exchanges may omit details about their financial health. This lack of agreed-upon standards for PoR reporting makes it challenging for users to compare crypto protocols accurately. 

Third-party trust issues

Ironically, PoR audits still require a degree of trust. Most exchanges rely on third-party auditors to validate their reports. While this outside assistance is meant to add credibility, users must trust the auditor's expertise and integrity. Some auditing firms may lack the expertise to assess crypto reserves properly or, worse, accept incentives to overlook potential red flags. 

Incomplete or misleading reports

Many PoRs use snapshot reporting rather than showing real-time info on a platform's assets and liabilities, which doesn't necessarily prove an exchange holds the required amount of assets it needs at all times. During the time gap between snapshots, exchanges could temporarily move funds to mask problematic activities. Also, some PoR reports exclude certain liabilities or omit depreciating assets, leaving users with an incomplete picture of an exchange’s financial position.

Solvency vs. liquidity

A solvent exchange isn’t always a liquid one. Even if an exchange can meet its obligations on paper, it may lack the liquidity to handle a sudden surge in withdrawals (a "bank run"). For example, funds locked in staking protocols with week-long withdrawal periods may not be immediately accessible. PoR reports don’t always account for such liquidity challenges.

User privacy and security concerns

Despite using cryptographic techniques like Merkle trees, PoR reports still pose privacy risks. Exchanges often store know-your-customer (KYC) data, creating centralized records vulnerable to breaches. A single data leak could expose personal details linked to user balances. 

Post-verification manipulation

Even after a PoR audit, an exchange could manipulate its reserves. For example, as previously mentioned, it might borrow funds temporarily to pass an upcoming snapshot, only to return them later or continue to engage in risky behaviors. This undermines the integrity of the PoR report, leaving users with a misleading impression of the platform’s financial health.

Where to find PoR reports 

If a crypto platform has PoR credentials, this information should be easy to find on its official website. Start by checking the platform’s URL domain and social media accounts for links to their latest PoR data. 

Third-party crypto price aggregators like CoinMarketCap and CoinGecko list exchanges alongside trust scores, often factoring in PoR reports. These sites also provide links to exchanges’ PoR data. Onchain analytics platforms like Glassnode, Chainalysis, and Nansen offer insights into blockchain movements and wallets tied to major custodians. Also, blockchain explorers such as Etherscan and Blockchain.com allow users to search wallet addresses and view exchanges’ latest holdings.

Accuracy you can trust with CoinTracker

Proof-of-reserve audits bring transparency to crypto exchanges. CoinTracker does the same for your crypto portfolio. By syncing all your activity – exchanges, wallets, DeFi, and NFTs – CoinTracker documents detailed records of every transaction, helping you track cost basis, identify tax-loss harvesting opportunities, and file accurate, compliant tax returns.

Get started for free today and discover how effortless tax season can be with CoinTracker.

Disclaimer: This post is informational only and is not intended as tax advice. For tax advice, please consult a tax professional.