Proof of Reserves: Show Me the Money, Or It Didn’t Happen

30 September 2024

If we claim to be an improvement on traditional finance, we had better start playing the part. It’s clear how Bitcoin fixes rampant monetary discretion. It’s clear, too, how Bitcoin changes your relationship with money—both financially because you’re more inclined to save an appreciating asset—as well as physically because you can do novel things like hold the GDP of a small island nation on a USB. There is one thing, however, that is slowly gaining acceptance and needs to be accepted if we are to truly improve on the mistakes of the past, and that’s Proof of Reserves.

Bitcoin has unique audit properties baked into the system itself. Bitcoin allows any third party to audit the entire money supply down to the smallest unit. A third party can do this for free, without any special privileges or permissions. It’s difficult to overestimate how novel and consequential this property of the Bitcoin protocol is and the implications of the guarantees it provides. For context, the total global supply of dollars is an estimate and not an exact number by any stretch of the imagination due to a variety of factors including the existence of physical and digital cash, as well as currency circulation abroad. The total number of gold in existence is also an estimate due to entirely different reasons mainly the lack of certainty when it comes to the volume of mined gold from different mines around the world, gold existing in private hands, gold hoards and stashes, new mining, recycling, and unreported sources. There is no global, trustless, source of truth for any money or commodity other than Bitcoin. And this should be Bitcoin’s driving force moving forward.

Proof of Reserves (PoR) has been an important part of the industry since near-inception. The infamous Mt. Gox collapse of 2014 set the stage for much needed transparency. The exchange was hacked, 850,000 BTC (~47,617,204,000 USD at the time of this article) were stolen and their customers were unaware. The funds were drained over the course of a few years before the actual collapse happened. A PoR system would have mitigated further loss of funds as their customers would have seen the exchange’s reserves depleting at an alarming rate. If this sounds more like recent memory than an ancient piece of Bitcoin history it’s because the same argument applies to FTX, and the same basic thing happened to FTX. If customers, and the wider market at-large, would have seen the exchanges BTC reserves depleting in real-time (or the fact that FTX had zero Bitcoin), systemic-risk would have been dramatically mitigated.

So, what do you think would happen if the single custodian holding 90% of the spot Bitcoin backing these ETF’s were hacked or and/or acted maliciously? Unless the public is notified by the exchange, millions of people would be holding billions of paper Bitcoin. The more we connect ourselves to traditional finance the more cross-risk there is between traditional financial markets and the crypto markets. There are two choices at this point as we continue to mature as an asset class- apply old security and risk management tools to this new technology, or apply new, more performant, standards that are risk-adjusted to ensure we don’t see a systemic collapse if a certain class of financial products experiences a shock.

The claim can be made that having auditors is sufficient, that we already have these tools in place and as regulated financial products, this is essentially already “taken care of.” This claim, itself, is valid as imposing audit controls to mitigate risk is, in fact, the best we’ve been able to do thus far as it relates to financial products. But any meaningful investigation into the function of auditors yields alarming results: PwC vs. BDO in the Colonial Bank Case (2017), Grant Thornton vs. PwC (Parmalat Scandal, 2003), BDO vs. Ernst & Young (Banco Espírito Santo, 2014), KPMG vs. Deloitte (Steinhoff Scandal, 2017), and this is only looking back 20 years. FTX and Enron both had auditors. We use auditors because we don’t trust the individuals running the organization and the best we’ve been able to do to date is defer trust over to a different set of people, outside the organization. But the inherent risk of trusting people and organizations has never been remediated until now. Enron’s biblical collapse was due to clear conflict of interests between them and their auditor—namely that Arthur Andersen was also providing lucrative consulting services to Enron in addition to their audit function and by extension helped them cook their books.

Bitcoin is different, it behaves and lives differently. It behaves differently because the cryptographic guarantees it exhibits is something incomparable to traditional assets. Just as anyone can audit the entire money supply in the system with trustless guarantees, so too can anyone audit the personal holdings of an individual, or corporation, or ETF, holding Bitcoin in a completely risk-less way. It’s an important note, that it is not risk-mitigated, but risk-less. Someone cryptographically proving to any other counterparty that they own Bitcoin for, say, a loan can do so with no question as to whether the person is the actual owner of the BTC. This can happen repeatedly, with little overhead, and can be monitored continuously in real-time. There is no titling, there is no external auditor, there is no reviewing of any books that needs to take place. That data can be ingested without question.

So, what does this mean for ETF products? It should be clear at this point that because ETF products are such a critical pillar of our modern financial system and because Bitcoin introduces unique risk paradigms that old audit standards are inadequately servicing, that new risk infrastructure needs to be applied to these products. The solution is simple and it is the same solution that has been crackling its way up through the ice we’re all standing on in an attempt to get some air. Require spot Bitcoin ETF products to implement and comply with Proof of Reserves regimes. They should be giving their investors the peace of mind that the underlying asset backing these ETF’s exists, that they are sitting in robust custody setups and are not being rehypothecated. A failure to do so, or an unwillingness to do so on the part of the ETF issuer speaks to the priorities of the issuer—namely that they either don’t understand the nature of this particular financial product or that they are more comfortable operating with opacity than transparency. A failure to implement this as a standard industry-wide is simply a ticking time-bomb.

Hoseki was created for this very purpose, to build the plumbing that makes financializing Bitcoin a reality starting with PoR. Hoseki helps individuals prove their reserves to counterparties through Hoseki Connect and through Hoseki Verified provides services to private and public corporates, and ETF issuers so they can publicly verify their Bitcoin holdings building better brands, redefining trust, and mitigating risk for a healthier and more robust financial ecosystem. Contact us at [email protected] to get your organization onboarded to Hoseki.

This is a guest post by Sam Abbassi. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Need help?

Please use the contact form to get support.