Proof-of-Reserves explained — what it is and why it matters

After the FTX collapse in November 2022, it became clear: exchanges can say "we have reserves" while actually holding a hole in the balance sheet. Proof-of-Reserves (PoR) is an attempt to provide cryptographic proof that the exchange actually owns what it owes users.

How PoR works

1. The exchange publishes a Merkle tree of all user balances (privately — each user sees only their own hash).
2. The exchange proves ownership of specific addresses on-chain (signing a transaction or providing a ZK proof).
3. A third party (Mazars, Armanino — formerly Big Four) verifies: on-chain holdings ≥ user liabilities.

A user can verify themselves: they pull their hash leaf from the exchange app and look for themselves in the Merkle tree. If they're there — their balance is included. If not — the exchange is lying.

What PoR does NOT prove

• Doesn't prove absence of debt. The exchange could have borrowed against assets.
• Doesn't prove no fractionalization. Assets might be used elsewhere too.
• Doesn't cover every asset. Often only BTC/ETH/USDT.

So PoR is necessary but not sufficient for safety. Best practice: PoR + public Big Four audit + Insurance Fund.

Who does PoR well

• Bitget — monthly Merkle-tree PoR since October 2022
• OKX — monthly PoR on 22+ assets since November 2022
• Binance — monthly PoR on BTC/ETH/USDT/BNB
• Kraken — semi-annual independently audited PoR
• Ledn — monthly PoR by Armanino since 2021

Exchanges that don't do PoR or only do an annual audit should be treated as higher risk.

Compare exchanges on PoR and 4 other risk criteria — on YieldScope.