As cryptocurrency continues to gain popularity, protecting the safety and security of customer funds is crucial. One way to achieve this is through Proof of Reserves (PoR) audits, which provide transparency and verification of a platform's solvency.
In this educational guide, we explore PoR audits and how they differ from Proof of Solvency (PoS). We also discuss the current reserve ratios of a hypothetical cryptocurrency platform, how they preserve solvency, and how to identify and verify the platform's addresses.
Additionally, we delve into the cleanliness and status of a platform's reserves and how the PoR process works to provide transparency. Finally, we examine measures that cryptocurrency platforms can take to increase transparency and improve customer safety.
By the end of this guide, you should have a comprehensive understanding of PoR audits and the tools to verify a platform's solvency. We hope this knowledge will help you make informed decisions and prioritize your safety when using cryptocurrency platforms.
Is OKX solvent?
Yes, OKX is 100% solvent. But don't just take our word for it. We want you to verify it. That's why we've developed an industry-leading method for our customers to self-verify our solvency:
Our PoR audits include reserve ratios, showing our customers' funds are matched more than 100% with reserves
We publish updated PoR audits monthly
We've developed an open source feature allowing users to self-verify our solvency on chain
After each PoR publication, OKX users will be able to view the most recent update, as well as all historical PoR data
What are OKX's current reserve ratios?
Our reserve ratios are calculated this way:
(Amount of [asset] / Amount of [asset] our users hold) * 100
For Bitcoin, Ethereum, and USDT, OKX's reserve ratios currently are:
Check our current and previous reserve ratios.
What's the difference between Proof of Reserves and Proof of Solvency?
Although they're sometimes confused, PoR is different than PoS. To clarify, here are some definitions:
PoR often refers to proof that a custodian holds the assets it claims to hold.
Proof of Liabilities (PoL) is a proof of the total assets a custodian owes to its customers.
Proof of Solvency is a proof that the custodian holds enough assets to pay back all its customers, which means the total of the assets proven by the PoL needs to be equal or higher to the total of the assets proven by the PoR.
Although we use the term "Proof of Reserves" for convenience, the reserve ratios we mentioned above offer a Proof of Solvency. They show that OKX holds more assets than it owes to its customers. This is because PoR, although important, is insufficient to instill trust. If a platform owns $1 billion but owes $5 billion, it has the potential to become insolvent.
For the PoR to work as a true PoS, it's also crucial for users to be able to check the liabilities themselves against the reserves. In some cases, the PoL is established by an external auditor. While useful, more is needed to re-establish trust in a world where trusted third parties can, all too often, be security holes.
What are OKX's reserves?
How clean are OKX's reserves?
Our reserves are 100% clean. The cleanliness of an exchange's reserves is calculated as the total value locked on the platform minus the share of that value held in the platform's own token. OKX is the only crypto exchange to have 100% clean assets, as reported by DefiLlama and as confirmed by CryptoQuant.
Our reserves are high-quality. A look at the OKX Nansen dashboard shows our additional assets and demonstrates that high-quality assets (BTC, ETH, and USDT) make up over 92% of holdings.
Our reserves are secure. The Nansen dashboard also shows that most of our reserves haven't moved since 2021 because they're held in cold storage for maximum security.
How to identify OKX's addresses
Our reserve ratio calculation is based on our own reserves – the amount of BTC, ETH, and USDT that our wallets hold. But how do customers make sure we truly hold these assets?
We published more than 23,000 addresses and will continue to use these addresses to allow them to be publicly audited.
We've used the private keys of the published addresses to sign "I am an OKX address" messages. This makes us the only major exchange to enable on-chain verification of wallet address ownership.
Here's what the messages look like for Bitcoin and Ethereum addresses:
How to verify OKX's reserves
There are two ways for our customers to verify our holdings:
1. Use our self-audit tool
We published a self-audit feature for our customers to verify their assets are matched 1:1 by our addresses' reserves.
We've published a guide to explain how to self-audit our reserves.
We've open-sourced our PoR protocol for anyone to verify the code.
2. Use third-party tools
Verify the signatures on the Bitcoin blockchain
Verify the signatures on the Ethereum blockchain
Verify the signatures on the Tron blockchain
Here's what the signature verification process should look like for Bitcoin and Ethereum:
How does OKX's PoR work?
How our PoR works for users
OKX uses summation Merkle trees to prove its reserves. A Merkle tree is a cryptographic tree in which every "leaf" (node) is labeled with the hash of a block of data. Every node that isn't a leaf is called a branch and is labeled with the hash of the labels of its child nodes. Merkle trees allow large data structures to be pieced together in an efficient, secure, and externally verifiable way. That makes Merkel trees ideal for our purpose of offering a quick way for our millions of users to verify our reserves for themselves.
For our customers, the process is simple:
They can find their balance in the tree and verify that their assets are held in the total OKX balance.
They can then compare the total OKX balance with OKX's public on-chain wallet balance.
How our PoR works technically
From a technical standpoint, things are more complicated. First, a snapshot is taken of all eligible users' Trading, Funding, and Grow accounts, and each user is given a unique anonymous user hash ID. Each user's total asset balance becomes a "Merkle leaf" in the tree. Combining the total sum of all our users' assets produces a "Merkle root," a cryptographic signature representing all user holdings.
The Merkle tree is a binary hash tree designed to uncover any manipulation or data tampering. If there are changes to user assets, they'll be reflected in the Merkle root. This mechanism ensures the complete accountability of data.
Using the summation Merkle tree approach instead of a simple Merkle tree makes sure the user balance for each user account is part of the hash generation input. It also guarantees the user balance is added from the bottom up to the Merkle tree root to record total assets for all users. We don't truncate the Merkle leaves. Instead, we use the full 32 bytes and make sure of one unique ID for every customer (which we compute based on each unique user ID on OKX). Read our explainer for more technical details.
Why did we choose this PoR method?
Each protocol comes with its trade-offs. For us, preserving our customers' financial privacy was essential, and we also wanted to make it easy for them to self-verify. The summation approach allows this since it exposes less data than if we disclosed the whole data tree publicly.
Note: Some of our customer balances appear negative. This is because our platform offers powerful crypto trading tools, including leveraged trading. The ratio of these negative balance nodes currently sits at 0.25% of the total and their value represents 1.3% for BTC, 1.8% for ETH, and 6.7% for USDT. Our team is exploring zero-knowledge proof-of-liabilities solutions to address this point.
What else is OKX doing to increase transparency?
We have published both PoR and PoL and will keep doing so monthly. Our open-source self-audit feature should also help increase transparency and hopefully set a new standard for the crypto industry.
However, not everyone will self-audit our reserves, and transparency doesn't end with proof of solvency. That's why, on top of the efforts mentioned above, we're committing to pursue traditional transparency methods by:
Conducting third-party audits
Continuing to enhance our global compliance program
Continuing to pursue licenses where applicable
And, we'll continue to exercise financial discipline by:
Maintaining a strong balance sheet with zero external debt
Never using customer funds without their explicit mandate
Maintaining robust risk-management systems with minimal counterparty risk
How to self-verify OKX's solvency
There are two steps to self-verify we hold your assets 1:1:
Verify your assets are included in the OKX Merkle tree
Verify our total customer liabilities match our holdings
How to verify if your assets are included in our Merkle tree
Step 1
Log in to your OKX account, click Audits, then click Details to view your audit data.
Step 2
Self-verify if your assets are in the Merkle tree by checking the data. To obtain the data, click Copy data.
Step 3
Paste and save the data as a JSON file, then run the Merkle Validator open-source OKX verification tool. If the data passes verification, the "Merkle tree path validation passed" result will be displayed (as shown below). It means your assets are included in our Merkle tree snapshot. If the data fails verification, the "Merkle tree path validation failed" result will be displayed.
© 2024 OKX. This article may be reproduced or distributed in its entirety, or excerpts of 100 words or less of this article may be used, provided such use is non-commercial. Any reproduction or distribution of the entire article must also prominently state: “This article is © 2024 OKX and is used with permission.” Permitted excerpts must cite to the name of the article and include attribution, for example “Article Name, [author name if applicable], © 2024 OKX.” No derivative works or other uses of this article are permitted.