29.03.2024

How to Stop the Next Quadriga: Make Exchanges Prove Their Reserves

What differentiates bitcoin from its analog cousin, gold? You might respond ‘divisibility’ or ‘portability.’ You would be correct. But what really differentiates it? The answer, of course, is auditability.

CoinDesk columnist Nic Carter is partner at Castle Island Ventures, a public blockchain-focused venture fund based in Cambridge, Mass. He is also the cofounder of Coin Metrics, a blockchain analytics startup.

Consider the set of things you can prove about a lump of gold. If you use it as a settlement medium, with the help of an XRF Spectrometer (available for sale for $13,500), you can prove that this inbound fleck of gold is genuine.

Now what can I prove about your gold? Well, nothing. I have to take your word for it that it is in fact gold. This isn’t an issue, unless you’re holding the gold on my behalf. Now I have a problem: I’ve entrusted you with my gold – perhaps you’ve issued me an IOU that represents a claim on that gold – but I have no ability to determine that you have the gold you claim you have on deposit. I cannot audit your gold from afar.

Perhaps I choose to trust you. But if you don’t go to the effort of re-verifying all the gold you receive, then you need to prove to me, your depositor, that all of your counterparties in the gold supply chain are honest. And they need to prove that their counterparties – miners, refiners, jewelers, recyclers, custodians – are honest, too.

The outcome is a fully permissioned supply chain in which a single body holds each entity to account with a convoluted ruleset. One such walled garden is governed by the London Bullion Market Association, which manages $400 billion worth of gold sitting in vaults in London. Because it’s so costly to administer a gold supply chain, link by link, and ensure that not only is the gold, well, gold, but that it’s gold stamped by the right people, LBMA gold rarely strays outside those confines.

And this is the best case scenario, believe it or not. The other outcome is that the government (or really, a single government) holds everyone’s gold and then refuses to give it back when the time comes.

So costly verification leads to concentration. The more expensive it is to verify the integrity of a monetary good, the more taking delivery of it is difficult for smaller holders, and the more it lends itself towards capture.

“One potential solution is to demand that exchanges issue periodic proofs that they actually have dominion over assets owed to depositors.”

Take bitcoin, on the other hand. How do you verify the validity of some inbound bitcoin you are receiving? For the paranoid: run a full node. Using the beefiest providers, it’ll set you back $150 per month, or you can build your own with a $35 Raspberry Pi. What about verifying the integrity of all the bitcoin ever mined? Your full node does that by default, simply by following consensus rules. For each block, it checks that there was a sufficient cost exerted to create those new bitcoins, and that they were mined according to the predefined schedule (50 BTC per block for four years, then 25, and so on). To obtain a summary, run the gettxoutsetinfo RPC command on your full node.

Now what about you proving to me that you truly own some bitcoin that you claim you own? Thanks to public-key cryptography, this is trivial. The most convenient way in bitcoin is to use the signmessage RPC command present in software like Bitcoin Core or Electrum. I provide you with a string of text, and you pair it with your private key to create a proof that you own some given UTXOs. This is quite powerful: trusting only cryptography, I can know for a fact that you control a specific quantity of bitcoin at a moment in time.

Some bitcoiners believe that bitcoin’s auditability advantages over gold will allow it to escape the dismal fate suffered by the shiny rock. President Nixon had an easy time voiding the gold standard in 1971 because most of the relevant gold was already held in US’s government vaults. Bitcoin is held by millions of people. And I count myself among those who are optimistic that bitcoin’s properties as highly-auditable collateral will yield a monetary base asset which is held mostly by end users, rather than a tiny handful of intermediaries.

Despite the ease of taking ownership of one’s bitcoins, the reality is that, by my count, at least 20 percent of outstanding supply is held by intermediaries. Although those in the Rothbardian school would disagree with me, I don’t believe that fractional reserve banking is inherently fraudulent. The fraud occurs when exchanges represent themselves as fully reserved when they are not. In theory, bitcoin’s qualities lend themselves to mitigating this risk. Even in a custodial setting, the auditable nature of bitcoin means that savers can independently verify that the liabilities of depository institutions match their assets. The problem is that some of the most prominent bitcoiners don’t share my enthusiasm for the idea. Problematically, this group includes the CEOs of the bitcoin banks, today referred to as exchanges.

These bitcoin banks are the prime beneficiaries of the existence of bitcoin. They are the largest businesses in the industry. The public has an insatiable demand for intermediated bitcoin, and has paid dearly for the privilege. Exchanges store a wonderfully auditable asset, but for the most part, they simply ask depositors to trust them not to misbehave by establishing covert fractional reserves. And the history of bitcoin banks is full of breaches of that trust. The list is long and painful: Mt. Gox, Quadriga, FCoin, Cryptopia, Bitfinex, Cryptsy and Bitcoinica, among many others, have all suffered major hacks or insolvencies. Exchanges simply have too lousy a track record to get a pass.

Exchanges are meant, in theory, to distinguish operating capital from user deposits, and to hold those deposits equivalent on a 1:1 basis to liabilities. In practice, either through malice or incompetence, some exchanges never develop sufficiently strong controls, fail to mitigate key man risk, or simply lose track of their coins. Since redemptions rarely come all at once, these insolvencies can go undetected for years. Unknown to the unwitting buyer, Mt. Gox was most likely already insolvent when it was sold to Mark Karpeles in 2011.

For sure, depositors can find some assurances in laws and regulation: if an exchange has a Bitlicense or a license to operate Limited Purpose Trust Company in New York, it is likely subject to reasonable scrutiny over its deposit-taking activity. Even better: registering as a Wyoming Special Purpose Depository Institution. The Wyoming law stipulates specific requirements for deposit-taking ‘crypto banks’ designed to give depositors confidence – although no institutions have received the charter just yet. Generally speaking however, exchanges are not forthcoming with the details of the audits they may undergo, when they do exist. And many exchanges are lightly- or entirely un-regulated. Some of the deepest pools of liquidity in the crypto industry – Binance, Bitmex, Derebit, Bitfinex, among others – are not meaningfully regulated in any sense. Now bitcoiners should demand not more regulation, but rather seek to head off future regulatory power grabs by holding exchanges to a higher standard in the first place.

One potential solution is to demand that exchanges issue periodic proofs that they actually have dominion over assets owed to depositors. These ‘Proofs of Reserve,’ if done properly, leverage bitcoin’s neat cryptographic properties and give depositors reasonably sound assurances that the exchange is not misrepresenting their solvency. Such PoR ceremonies purport to prove that deposit-taking institutions have sufficient BTC in reserve to satisfy all liabilities owed to depositors. After a brief period of enthusiasm for the public audits in the wake of Mt. Gox in 2014, today only one exchange routinely carries out these attestations – the London-based Coinfloor.

I envision a robust, periodic PoR program not as a panacea, but as a complement to regulation in onshore exchanges, and an (inferior) substitute offshore. If some operations, formerly reliant on contracts and trust, can be formalized and expressed as code, we should embrace them. Now the set of engagements in which software and cryptography outperform the standard trust-manufacturing processes is rather small. But proving custody of a digital asset is one case where signmessage is more convenient, and perhaps cheaper, than an auditor’s report. While implementations vary, the process as it is currently carried out entails posting an anonymized list of user deposits as well as an attestation to BTC held in the vault.

Proof of Reserve and other solvency attestations are not without their drawbacks, and exchanges have managed to trick assessors implementing the process in the past, but we shouldn’t forget the broader objective here. If we are unable to take advantage of the innate cryptographic verifiability of bitcoin, then we have scarcely innovated relative to gold. One wonders – what are we doing here, again?

Leave a Reply

Your email address will not be published. Required fields are marked *