After FTX collapsed in 2022, every major exchange rushed to publish a "Proof of Reserves" page. It was the industry's collective answer to a brutal question: how do you trust a custodian with your coins after the largest custodian on the planet stole over $8 billion of customer funds?
The answer was a cryptographic technique that lets an exchange show, in public, that it holds the assets it claims to hold. The technique is good. The way most exchanges implement it leaves a hole big enough to drive a fraud through.
This piece walks through what proof of reserves means in crypto, what it really proves, and the part it leaves out that you should care about.
Proof of reserves is a cryptographic audit. An exchange publishes a snapshot of two things at a moment in time. First, the on-chain wallet addresses that hold customer assets. Anyone can check the balances of those addresses on the public blockchain. Second, a Merkle tree of every customer balance, hashed in a way that lets you verify your own balance is included without revealing anyone else's.
If the exchange claims to hold 50,000 BTC for customers, on-chain inspection should show 50,000 BTC in the wallets it identified. If you log in and check the Merkle proof for your account, you can verify your specific balance was counted in the customer-side total.
That's the elegant part. Public ledger plus cryptographic accounting. No need to trust the auditor.
The hole is liabilities.
An exchange's reserves are the assets it holds. Its liabilities are everything it owes: to customers, to creditors, to lenders. Reserves alone tell you nothing about whether the exchange is solvent. A house with 1 million USD of equity inside it tells you nothing about the size of the mortgage.
A proper attestation has three parts: assets, liabilities, and equity. Most exchange proof-of-reserves pages publish only the first. They show you a giant pile of coins on-chain and ask you to assume the customer balances they hashed are the only thing they owe.
They're not. Exchanges borrow against customer assets, lend them to market makers, post them as collateral for derivatives, and run their own trading desks. Without an audited liability side, the proof of reserves is half a balance sheet. The half that flatters the issuer.
A Merkle tree is a way of summarizing a long list of values into a single short hash. You can publish that one hash as a fingerprint of the whole list, and any individual user can prove their entry was in the list without seeing anyone else's data.
For an exchange, the list is every customer's balance. The fingerprint is the Merkle root, published openly. Each customer can independently verify their balance was counted in the root. Nobody learns anyone else's balance, but the total is verifiable.
This is good cryptography. It just doesn't tell you about the loans the exchange took out against those balances in the past.
The fix isn't difficult to describe. It's difficult to commit to.
A proper proof of solvency includes three things. The on-chain reserves snapshot. A Merkle tree of customer liabilities. And a third-party audit of all other liabilities, including off-chain debt, pending withdrawals, and obligations to counterparties. A proof of reserves without the liability side is a slogan, not a proof.
Some exchanges are trying to do this the right way, but the quality of “proof of reserves” still varies a lot.
Most of the time, an exchange shows:
That is helpful, but it can still miss important stuff, like loans the exchange owes or other debts.
Example: Kraken posts Proof of Reserves reports here: https://www.kraken.com/proof-of-reserves
So if you see a proof of reserves page, treat it like a good sign, not a guarantee.
Proof of reserves, even done well, only tells you the state of an exchange at the moment of the snapshot. The next morning, the exchange can move funds, issue new debt, or change its trading book. The snapshot has no enforcement mechanism. It's a photograph of a moving train.
It also doesn't help you with the most common exchange failure mode: regulatory action that freezes withdrawals overnight. A solvent exchange isn't the same as a withdrawable one. Customers of perfectly reserved exchanges have lost access for weeks while regulators sorted things out.
Your own keys.
When you hold your own private key, you can prove your reserves to yourself with a single command. Your wallet shows the balance. You sign a message. The blockchain confirms. There is no liability side because there is no custodian and no debt. The asset is yours, full stop.
This is the practical case for self-custody. Not ideology. Just the observation that the only proof of reserves that survives every failure mode is the one where you hold the keys.
The standard upgrade from an exchange is a hardware wallet, a small dedicated device that holds your keys offline. The standard backup is a 24-word seed phrase you write on paper, then graduate to a stamped steel plate. Metal is more durable than paper, but your security still hinges on one piece of metal surviving every fire, flood, theft, and house move that happens between now and when you need it.
We built Ryder One to remove that single point of failure. TapSafe Recovery splits the wallet backup across a battery-free Recovery Tag, your phone, and an optional circle of Recovery Contacts. No single component on its own gives anyone access to your coins. The seed phrase remains available on-device as a last resort, so you're never locked into our hardware.
Proof of reserves was a useful response to a catastrophic failure. It is also incomplete. An exchange showing you on-chain assets without an audited liability side is showing you the side of the ledger that flatters them. Treat it as a partial signal, not a guarantee.
The proof that doesn't need anyone else's word is the one where you hold the keys.
Don't outsource the proof. Ryder One puts your keys in your hands and your backup across three independent layers. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: