This article was first published on November 22, 2022 on tw.xrex.io in Mandarin

Once among the world’s top three exchanges, FTX suddenly went bankrupt, leaving a gap between liabilities and assets of more than US$9 billion. Retail investors in cryptocurrency, Web3 venture capitals, institutions, and banks around the world lost their money in an instant and had no way of seeking compensation.

John Ray, who oversaw the liquidation of Enron during the financial crisis, is in charge of FTX liquidation. He said in the report submitted to the US court disclosing FTX’s financial situation for the first time, “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here. From compromised systems integrity and faulty regulatory oversight abroad to the concentration of control in the hands of a very small group of inexperienced, unsophisticated, and potentially compromised individuals, this situation is unprecedented.”

The domino effect caused by FTX’s bankruptcy will continue to bring a high degree of uncertainty and potential crisis in the following weeks or even longer. This event also revealed that the Web3 industry is still in its early stage. From retail investors to institutions, from companies to accountants, from management teams to external investors, most people are not yet equipped with the ability to assess the risks and financial validation of the exchange. Meanwhile, this casts a shadow on the fast and rapid growth of the Web3 industry despite its great potential, as it has to face a high degree of distrust and suspicion from society.

As an international exchange with multi-national licenses and permits, the XREX team is constantly mulling over many questions, including, “How can our industry move forward?”, “How can such a trust deficit be effectively eliminated?”, “It is not that there is no competent exchange in the world. Do we have to be continuously questioned by society?”

We believe that many hardworking Web3 companies have the same questions on their minds. We are among the great number of people who hope to create a better future for mankind with blockchain technology. After the FTX storm, the first thing we need to do is to improve risk assessment and verification standards. No one should be vague about this matter anymore.

If you use an exchange at all, this is a complicated issue that you absolutely must spend time understanding. It is only when users have the ability to evaluate the safety of an exchange can they proactively detect risks and avoid being misled by wrong and/or deceiving information. On the other hand, the time you invest in yourself on acquiring fintech knowledge is never lost. XREX believes that only when more people have mature skills and correct methods to evaluate and monitor exchanges can the Web3 industry thrive and upgrade.

Proof of Reserves (PoR) is the topic that has received the most attention recently. Many domestic and foreign exchanges have announced that they will issue proof of reserves in the future. Why does XREX think that proof of reserves is not only ineffective but may even gain undeserving trust from the public?

What is “Proof of Reserves?” Why is “Proof of Solvency” more valid?

From the Three Arrows Capital (3AC) bankruptcy, the downfall of Terra Luna, and the FTX liquidation, the biggest question we need to reflect on is whether the companies have misappropriated user assets. You can see that there are two vital elements here, including “custodial assets” and “custodial liabilities” (namely the sum of the user’s balance).

This is why we say that simply submitting the “proof of custodial assets” (some peers call it “proof of reserves”) is not enough, as the other element is missing, namely custodial liabilities (the sum of the user’s balance).

XREX chooses not to use the word “reserves” in terms of “custodial assets” as an exchange is not a bank. Banks can legally implement “fractional reserves” to actively manage reserves, including external loans and investment in bonds, etc. On the other hand, exchanges cannot divert user assets, which is different from the traditional concept of “reserves.” Exchanges have user assets in “custody,” which is why we have replaced “reserves” with “custodial assets” to avoid confusion and misunderstanding.

Improving the ability of all users to assess and supervise exchange risks is one of the best ways to accelerate progress in this industry. The XREX team will continue to publish a series of articles on “Building Safe Exchanges Together” to share opinions on how to “effectively analyze exchange risks” for exchanges, users, investors, and institutions. We also welcome your feedback. In the first article of the series, we would like to discuss the “proof of custodial assets” and what is effective “proof of custodial asset solvency.”

On the Validity of “Proof of Solvency”

Whether it is due to the pressure of public opinion or to alleviate market panic, many exchanges have declared that they will provide “proof of reserves” in the future to ensure the safety of user assets (XREX prefers to call it “proof of custodial assets”). However, providing proof of reserves does not guarantee asset safety, nor does it mean that the exchange has no capital and liquidity problems. Why is that?

FTX went into bankruptcy due to the liquidity crisis, causing many people to be worried about whether exchanges routinely misappropriate user assets. The assets and liabilities of an exchange are relatively complex. As shown in Figure 2, they are divided into user assets and company assets.

The core of the following discussion is how to determine whether the exchange has misappropriated user assets. Therefore, we will focus on the scope covered by the red box in Figure 2. Terms such as “custodial assets,” “custodial liabilities,” “assets” and “liabilities” in the article from this point on refer to user assets and liabilities that are simply in the custody of the exchange, excluding the company’s general liabilities, company assets, and other user assets and liabilities that are not under custody (Note 1).

To echo the article published by Vitalik, the founder of Ethereum, we believe that effective proofs which can help users evaluate the safety of the exchange’s custodial assets are as follows.

Take Bitcoin as an example:

1. What we need to prove is that an exchange (or any form of cryptocurrency company, such as wallet and digital asset banks) has complete “custodial asset solvency” for its users, meaning “custodial assets” are enough for settling all “custodial liabilities.”
2. “Custodial assets” refers to the total number of Bitcoins held by the exchange for all users.
3. “Custodial liabilities” refers to the sum of the Bitcoin balance of all customers of the exchange.

Summary: “Proof of custodial assets” (referred to as “proof of reserves” by many peers) is only one of two sets of accounts for “proof of custodial asset solvency.” Two separate accounts should be issued in the “proof of custodial asset solvency,” one is the “proof of custodial assets,” and the other is the “proof of custodial liabilities.” By issuing none or one of these does not make for a complete “proof of custodial asset solvency.”

“Number of Tokens” Matters More Than “Current Market Price”

The issue of “proof of reserves” was proposed soon after FTX went bankrupt, but many people may not understand it very well. Meanwhile, many different opinions have surfaced to make the definition somewhat vague. We believe that the term “proof of custodial asset solvency” is more precise than “proof of reserves.” Therefore, we also hope to give “custodial assets” a clear definition in the article. We believe there are two key points:

1. The “custodial assets” of an exchange should not be the “current market price” of all custodial digital assets of an exchange’s users.

2. The “custodial assets” of an exchange refers to the classification of each type of digital assets, such as Bitcoin, Ethereum, USDT, etc., from the perspective of spot goods, by calculating its absolute number rather than the current market price.

What does it mean? Let’s say there is an exchange called A with a total of 1,000 Bitcoin deposited by users. Regardless of daily price fluctuations, A must ensure there are at least 1,000 Bitcoins in the wallet, rather than owning any other types of assets equivalent to the “current market price” of 1,000 Bitcoins. This is the only way A can achieve “custodial asset solvency” in the encrypted asset type of Bitcoin.

In other words, if an exchange claims that its “custodial liabilities” are currently worth US $10 million, and its “custodial assets” are currently worth US $15 million, it does not mean that it is solvent. If the users have deposited $10 million USDT in total, but the exchange has 1.5 times the equivalent of Bitcoin rather than USDT in the reserves, it does not mean that it has “custodial asset solvency” either.

The core of the two key points discussed above means that the “custodial liabilities” of the exchange toward users must be repaid in the “correct” currency in the “correct” amount. Since this is the nature of liabilities, the exchange’s selection of the definition of “custodial assets” should naturally be consistent with liabilities, so that the final requirement of “custodial asset solvency” can be met.

Summary: For a complete proof of solvency targeting each digital asset, including Bitcoin, Ethereum, USDT, USDC, etc., a subcategory of “custodial asset solvency” should be independently issued. These reports are then aggregated into a “proof of custodial asset solvency.”

“Proof of custodial assets” benefits from the characteristics of the blockchain itself, which is relatively simple compared to “proof of custodial liabilities.” The exchange’s “proof of custodial liabilities” has certain technical difficulties and thresholds, as users’ various asset balance data only exists in the centralized database. We have published another article to address this in a more comprehensive manner. Please see the XREX article “Proof of Liabilities for User Assets in an Exchange: Three Generations of Merkle Tree’s Technological Evolution.”

Five Elements That Should Be Included in the “Proof of Custodial Asset Solvency”

In the future, presenting “proof of solvency” will be an important task for all exchanges and companies in the field. It is also one of the issues that attract everyone’s attention while examining an exchange. We believe that the “proof of custodial asset solvency” issued by an exchange should contain the following five elements:

1. The “proof of custodial asset solvency” should include two sets of proofs, including “custodial assets and “custodial liabilities”
   A valid “proof of custodial asset solvency” should include two sets of proofs, including “custodial assets” and “custodial liabilities,” as cross-comparison is the only way for effective verification.
2. Decentralized open participation in verification
   Senior Bitcoin believers like to say, “Don’t trust, verify.” This is also one of the core spirits of decentralized technology. A complete “proof of custodial asset solvency” report cannot require the public to blindly trust the ability or brand of the accounting firm that issued the report. Furthermore, it is best not to require manual output by accountants. Instead, it should be automatically generated by the program every day or even every hour.
   The reports automatically generated by the program must be verified independently by each user. The more people who are willing to spend time verifying, the more likely it is to spot the flaws. On the other hand, if many people participate in independent verification and never find any flaws for a long period of time, people’s confidence in the solvency of this exchange will increase.
   Meanwhile, each user can not only independently verify through the open source code and API, but also automate the verification task by scheduling automatic execution for constant reviews.
3. High level of transparency
   All programs related to the “proof of solvency” report issued by an exchange should make the source code open so that the community can develop and improve verification tools on their own, and continue to optimize this system that can rebuild trust in the cryptocurrency industry.
4. Protect user data privacy
   To achieve decentralized verification, a solid “proof of custodial asset solvency” must disclose additional information; such disclosure may harm user privacy. This contradiction can be reduced by advanced algorithms, so that data that can be verified by decentralization that needs to be made public can be reduced to a minimum (see the XREX article “Proof of Liabilities for User Assets in an Exchange: Three Generations of Merkle Tree’s Technological Evolution”).
5. External audits by accountants
   While achieving automatic decentralized verification, we must also understand there is no perfect algorithm; any algorithm must have loopholes that can be used for cheating (see Hu’s dataset and Kryptos’s dataset). As the Web3 industry is young, the most effective verification is to combine decentralized verification with external audits by accountants to ensure the highest audit quality (Note 1).

What’s Next for XREX?

The XREX team has always taken safety, legal compliance, and adhering to the highest international standards as our core foundation that cannot be compromised when it comes to managing the exchange. We are mobilizing the team to quickly implement our “proof of custodial asset solvency.” We would like to share our goals by stage with you here. XREX can earn user trust by completing the following work, allowing them to verify that XREX has not ever misappropriated user assets:

1. Two sub-reports will be issued for each type of digital asset, namely “proof of custodial assets” and “proof of custodial liabilities.” The two sub-reports for each type of digital asset will be aggregated into one “proof of custodial asset solvency” by XREX.
2. The “proof of custodial asset solvency” of XREX can be independently verified by each user without the need for accountants.
3. XREX will make the source code public so that the community can develop and improve verification tools to maintain a high level of transparency.
4. Each user can not only verify independently but also automate the verification task by making the source code and API public. Automatic execution can be scheduled to improve verification efficiency.
5. Protect the privacy of user data by disclosing a minimum of the necessary information. Read the following article for further details: “Proof of Liabilities for User Assets in an Exchange: Three Generations of Merkle Tree’s Technological Evolution.”
6. Introduce third-party verification by having at least one external audit by accountants each year. The possibility of cheating can be minimized coupled with decentralized user verification mechanisms. Read the XREX article to discover how to prevent cheating: “Proof of Liabilities for User Assets in an Exchange: Three Generations of Merkle Tree’s Technological Evolution.”

Improving the ability of the industry, investors, regulatory agencies, and all users to assess and supervise the risks of exchanges is one of the best ways to accelerate the progress of the industry.

We hope to share the knowledge the XREX team has in this article and the series of “Building Safe Exchanges Together.” We hope to spark discussions to contribute to the self-discipline and legislation of the industry. If you find this article helpful, please share it with more regulatory agencies, self-regulatory organizations, scholars, exchanges, and friends who use exchanges and invest in cryptocurrency.

We also want to seek partners here! If you are a developer, scholar, accountant, lawyer, government agency, competent authority, or individual who is interested in “proof of solvency” and more cryptocurrency knowledge, please contact us at info@xrex.io. Let’s work together to protect users and improve the security of the entire Web3 industry. While reducing the possibility of the next FTX tragedy, we would also like to rebuild everyone’s confidence in blockchain technology and the cryptocurrency industry.

We believe that blockchain is an important technology that will change society, the economy, and behavior after the Internet. Even if there are setbacks, bubbles, and crises in the process, we will continue to work hard and contribute!

Special thanks go to Jasmin Tsai, resident accountant of C&R International Law Office and AppWorks, Dien Chang, founder of urCFO and former partner of Deloitte Taiwan, and 徐懿文, CFO, and XREX consultant, for their guidance.

This article is co-authored by the following XREX members: Wayne Huang, 黃建超, 尤芷薇, An-Tsu Chen, Wegin Lee, Nick Liao, Sun Huang, and 蕭滙宗.

Other “Building Safe Exchanges Together” articles you might be interested in:
Proof of Liabilities for User Assets in an Exchange: Three Generations of Merkle Tree’s Technological Evolution

Notes

Note 1: As shown in Figure 2, an exchange not only manages the assets and liabilities of user assets but also its own operating assets and liabilities (the part outside the red box in Figure 2). Therefore, while the “proof of custodial asset solvency” can verify that an exchange has not misappropriated user assets, it does not necessarily mean that user assets can be repaid in case of bankruptcy.

Why is that? This is decided by the legal framework of an exchange. For example, when it goes bankrupt, do investors or users have the highest liquidation preference? Does the exchange have other creditors who have the power to liquidate and distribute custodial user assets? Does the exchange owe taxes or employee salaries, and is forced to first pay taxes and salaries out of the custodial assets based on local laws? These are all related to the exchange’s Articles of Incorporation, local laws, and various contracts.