FTX collapse leads exchanges to run audits to reassure investors
3 min read . Updated: 18 Nov 2022, 01:04 AM IST
Premium- Industry experts have welcomed the move, but also warned that a PoR audit is not foolproof
NEW DELHI : The collapse of FTX and the allegation that the crypto exchange misused customer assets worth $10 billion has prompted several exchanges, including some in India, to go ahead with proof-of-reserves (PoR) audits to become more transparent and reassure crypto investors that their assets held by the exchanges have not been misused or misplaced.
PoR is an independent audit conducted by a third party on behalf of a crypto exchange to find out if the customer’s assets are missing from the reserves. The auditor looks into the assets in the book held by the exchange on behalf of its customers and matches them with the actual reserves. For this, they can use techniques like Merkle Tree, a mathematical data structure that encrypts blockchain data securely.
Binance published its PoR last week, which showed that the world’s largest exchange has assets worth more than $69 billion. Indian crypto exchange Giottus said earlier this week that it will publish its PoR after an external audit. Earlier on Thursday, CoinSwitch announced that an independent third-party audit by consulting firm INMACS has confirmed that the total INR and virtual digital assets (VDA) holdings held by the crypto exchange is greater than the VDA and INR it holds on behalf of users of its platform.
“INMACS’ independent report is a testament to our commitment and proactive approach to risk and compliance measures. We will continue to evaluate other ways of establishing trust and transparency as we help India participate meaningfully in the global crypto revolution," said Ashish Singhal, co-founder, and chief executive, CoinSwitch.
Industry experts have welcomed the move, but also warned that a PoR audit is not foolproof.
“Before the PoR audits take place, exchanges can shuffle funds between themselves to show that the audits are fine. There are loopholes because they are the ones who are setting up the audits," warned Sidharth Sogani, founder and chief executive of Crebaco, a crypto rating and intelligence firm.
In fact, Sumit Gupta, co-founder and chief executive of Indian exchange CoinDCX, said that PoR only showcases one side by providing standalone asset value. “There’s no visibility of liabilities. PoR without Proof of Liabilities is only half the picture," he said, adding that the exchange is working on publishing the risk-to-liability ratio periodically, along with audit certificates.
“Though they are using blockchain Merkle Tree for audits, it doesn’t mean that it is foolproof. Certain internal transactions don’t get hashed on the blockchain. Moving from account 1 to account 2 in the same exchange may not be visible on the blockchain," added Sogani.
For instance, earlier this week, Singapore-based crypto exchange Crypto.com accidentally transferred 80% of its ETH token holdings to a whitelisted address that belonged to its corporate account on another exchange Gate.io. Though Crypto.com was able to recover the transferred assets, the incident sparked withdrawals of assets by many customers. Some experts suspect that the transfer of funds can also be done to tamper with PoR audits.
“The same auditors behind FTX also approved the “proof-of-reserve" snapshots that are coming under scrutiny at Gate and Huobi!! These snapshots look to have been fluffed up by wash transactions from https://crypto.com, which claims that this was a mistake. Hard to believe," Mario Nawfal, founder and chief executive of IBC Group, which invests in blockchain projects, said in a Twitter post.
Crebaco’s Sogani said the FTX saga is eye opener and will make people realize the importance of holding their own funds. “It is important that you own your keys in self-custody wallets. The scams and misuse of funds are happening because users are trusting a third party to take care of their funds. As long as users continue to do that, we will see such scams," he said. He expects self-custody wallets to gain more importance going forward.
