FTX Trading Ltd. collapsed in November 2022 with an estimated $8 billion shortfall in customer funds after approximately 130 affiliated entities filed for bankruptcy, exposing the largest misuse of depositor assets in crypto history. The fallout forced a question every exchange user should ask: Does this platform actually hold my money?
Binance now publishes monthly proof of reserves reports covering 593,000 BTC, 5.337 million ETH, and 28.83 billion USDT as of its June 2025 snapshot. The PCAOB and SEC have both warned that these reports are not equivalent to audits, yet most exchanges market them as such. The sections below cover how reserve verification works, why most implementations leave critical gaps, and how zero-knowledge cryptography is changing the standard.
Key Takeaways
- FTX’s estimated $8 billion customer fund shortfall in November 2022 triggered industry-wide proof of reserves adoption.
- Binance has published 31+ consecutive monthly proof of reserves reports, backing all user assets 1:1.
- Kraken operates the longest-running PoR program among major exchanges, verifying $21.5 billion in client assets since 2014.
- OKX has released 38 consecutive monthly PoR reports, covering over $30 billion in backed assets verified by Hacken.
- The PCAOB warned that proof of reserves reports are not subject to its auditing standards and are not equivalent to financial audits.
- Most PoR programs only prove assets exist on-chain. They do not verify total liabilities owed to users, leaving a critical gap in solvency verification.
- Binance uses zero-knowledge proof technology (zk-SNARKs) to verify reserves without revealing individual user balances.
How Proof of Reserves Works
Proof of reserves is a verification method where a crypto exchange proves it holds enough on-chain assets to cover all customer deposits at a 1:1 ratio, according to Binance’s PoR framework. The process combines traditional accounting checks with blockchain-native transparency to give depositors evidence that their funds exist.
Three components make up a standard proof of reserves process.
- Wallet address disclosure: The exchange publishes its known wallet addresses so anyone can verify on-chain balances independently.
- Balance snapshot: A point-in-time snapshot records the total assets across all disclosed wallets and compares them against total customer deposits.
- Merkle tree verification: Binance’s system uses a Merkle tree where each user’s balance is hashed into a leaf node, and the root hash represents the aggregate of all user balances. Users can check that their specific balance is included without seeing anyone else’s.
The system ensures that a user’s asset balances are included in the calculation of the sum of total net user balances, that the total net balance of the user is greater than or equal to zero, and that the change of the Merkle tree root is valid after updating a user’s information to the leaf node hash.
The process works as a trust-building mechanism, but the scope of what it proves, and what it leaves out, matters more than the technical mechanics.
Why Exchanges Adopted Proof of Reserves After FTX
FTX Trading Ltd. and approximately 130 affiliated entities filed for Chapter 11 bankruptcy protection on November 11, 2022, revealing an estimated $8 billion shortfall in customer funds, according to court filings managed by Kroll. Customer deposits had been improperly transferred to Alameda Research for trading and speculative investments.
The crisis accelerated when Binance announced plans to liquidate over half a billion USD in FTT tokens on November 6, 2022, triggering approximately $5 billion in withdrawal requests within 72 hours and exposing FTX’s estimated $8 billion shortfall.
Surviving exchanges responded within weeks. Binance launched its PoR system and has since published 31 consecutive monthly reports. Kraken, which had first published a reserve verification in 2014, engaged Armanino for semi-annual attestations following AICPA attest standards. OKX began monthly PoR reports verified by Hacken and has now released 38 consecutive reports covering over $30 billion in assets.
The pattern we’ve documented across 18 regulatory events in our compliance coverage holds here too: enforcement and industry standards follow collapse, typically within 12 months. FTX’s bankruptcy triggered the most widespread adoption of exchange transparency measures the crypto industry has seen.
The rush produced transparency measures, but it also created confusion about what these “proofs” actually verify.
Attestation vs Audit: The Gap Most Investors Miss
The PCAOB issued an investor advisory in March 2023 stating that proof of reserves reports are “inherently limited” and that PoR engagements “are not subject to PCAOB auditing standards,” according to the PCAOB’s Office of the Investor Advocate. This distinction between an attestation and a full financial audit is the most misunderstood aspect of PoR.
The SEC’s Office of Investor Education warned that PoR reports “have been portrayed as either equivalent to, or even as more precise than, audited financial statements, when in reality, these reports and the reviews that underlie them are not equivalent to financial statement audits and lack important investor protections.”
PoR procedures “do not address the crypto entity’s liabilities, the rights and obligations of the digital asset holders, or whether the assets have been borrowed,” according to the PCAOB. The reports “concern digital assets at one point in time” and “do not provide any assurance about whether the assets were used, lent, or otherwise became unavailable.”
By the numbers: According to the PCAOB, proof of reserves engagements are not subject to PCAOB auditing standards and are not subject to PCAOB inspection. There is “a lack of uniformity regarding service providers that perform PoR engagements, with some performed by accountants and others by non-accountant providers.”
Unlike financial statement audits, which can only be performed by registered accounting firms, PoR reports “may be provided by either registered or unregistered accounting firms, or by another third party, and often provide no assurance as to the reliability of the information provided,” per the SEC.
| Feature | PoR Attestation | Full Financial Audit |
| Scope | Assets at one point in time | Entire financial ecosystem |
| Liabilities covered | Typically no | Yes |
| Internal controls reviewed | No | Yes |
| PCAOB oversight | No | Yes |
| Provider requirements | Any third party | PCAOB-registered firm only |
| Frequency | Point-in-time snapshot | Annual (with quarterly reviews) |
Investors who treat a PoR attestation as a clean bill of health are missing the structural limitations that both the PCAOB and SEC have flagged. Understanding what crypto exchange market data actually reveals requires looking past the headline “reserves verified” claim.
The Liabilities-Side Gap in Proof of Reserves
Nic Carter established a foundational framework: Proof of Reserves plus Proof of Liability equals Proof of Solvency. Most PoR programs satisfy only the first half of this equation.
Carter warned that “proving liabilities is tricky and generally requires an auditor to engage in a full assessment, as exchanges can omit certain liabilities to cheat a PoR attestation.” He noted that “exchanges could have unaccounted-for liabilities that a mere cash flow analysis might not capture.”
An exchange passing a PoR check might still be insolvent. It could owe money to lenders, have contingent legal liabilities, or have pledged customer assets as collateral, and none of these would show up in a standard PoR report.
Kraken stands out by including total client liabilities in every PoR report, with reserve ratios verified at BTC 100.3%, ETH 101.3%, SOL 101.1%, USDC over 105%, USDT over 105%, XRP 100.6%, and ADA 102.2% as of December 31, 2025.
Coinbase takes a different approach entirely. As a publicly traded company (NASDAQ: COIN), Coinbase’s financials are subject to quarterly external auditor review and annual audited financial statements filed with the SEC, with external auditors randomly sampling addresses to verify ownership. With the effectiveness of SAB 121, Coinbase was required to account for crypto assets held for customers as liabilities and assets explicitly on its balance sheet.
Key finding: According to Nic Carter’s framework, Proof of Reserves plus Proof of Liability equals Proof of Solvency. Zero-knowledge liability proofs “could potentially grant third parties strong assurances while maintaining privacy regarding the distribution of client balances.”
The distinction matters for users evaluating where to hold funds. Exchanges that verify only assets leave the hardest question unanswered: what do they owe? Users considering self-custody wallet data may factor this gap into their storage decisions. Our wallet and exchange coverage documents a clear directional shift: after each major exchange failure, the rate of assets leaving exchanges for self-custody wallets accelerates.
How zk-SNARK and zk-STARK Verification Works
Binance upgraded its proof of reserves system to include zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) verification, according to the exchange’s technical documentation. The technology solves a fundamental tension in reserve verification: how to prove you hold customer funds without revealing individual account balances.
By using a zk-SNARK, a crypto exchange can prove that all Merkle tree leaf nodes’ balance sets (user account balances) contribute to the exchange’s claimed total user asset balance, without revealing the individual balances themselves. Binance open-sourced the code for the system “to provide enhanced transparency with the community and create a seamless process for other industry players to adopt the technology.”
OKX uses a different zero-knowledge technology called zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge), verified by blockchain security firm Hacken. OKX’s November 2025 report confirms that user assets are overcollateralized, with BTC and USDT at 105%, ETH at 102%, and USDC at 100%.
The key difference between zk-SNARKs and zk-STARKs is the trust setup. zk-SNARKs require a trusted initial setup ceremony, while zk-STARKs use transparent randomness, eliminating that trust assumption. Both achieve the same goal: mathematically proving that reserves equal or exceed liabilities without leaking private data.
This technology represents the most meaningful technical advancement in exchange transparency since the first Merkle tree proof. It shifts verification from “trust the auditor” to “verify the math.”
Which Major Exchanges Publish Proof of Reserves
Binance’s 31st monthly PoR report (June 2025 snapshot) disclosed 593,000 BTC, 5.337 million ETH, and 28.83 billion USDT in reserves, all backed at a 1:1 ratio, according to the exchange’s public disclosure.
Kraken verified $21.5 billion in client assets in its December 2025 report, continuing quarterly attestations that trace back to 2014, per Kraken’s blog. Kraken covers seven major assets (BTC, ETH, SOL, USDC, USDT, XRP, ADA) and provides an open-source Merkle verification tool for individual users.
OKX has published 38 consecutive monthly reports covering over $30 billion in assets, verified by Hacken using zk-STARK technology.
Coinbase, as a NASDAQ-listed company, uses SEC-filed audited financial statements instead of crypto-native PoR, with external auditors randomly sampling addresses to verify ownership. Coinbase announced a $500,000 developer grant program to encourage broader PoR tool development across the industry.
| Exchange | Method | Frequency | Assets Covered | Liabilities Included | Verification Tech | Third-Party Verifier |
| Binance | Merkle tree + zk-SNARK | Monthly | 13+ tokens | No | zk-SNARK | Self-verified |
| Kraken | Merkle tree + attestation | Quarterly | 7 tokens | Yes | Merkle proof | Independent auditor |
| OKX | Merkle tree + zk-STARK | Monthly | Major tokens | No | zk-STARK | Hacken |
| Coinbase | SEC-audited financials | Quarterly (10-Q) / Annual (10-K) | All custodied assets | Yes (SAB 121) | Traditional audit | PCAOB-registered firm |
| Bitfinex | GitHub wallet disclosure | Periodic | BTC, ETH | No | None (address list) | None |
The comparison shows that no single approach covers every dimension. Kraken and Coinbase include liability verification, while Binance and OKX lead on zero-knowledge privacy technology. The current DeFi market statistics show why this matters: as billions flow between centralized and decentralized platforms, reserve verification standards directly affect where capital settles.
What Happened to the Auditing Firms
Mazars Group, which had performed PoR assessments for Binance, Crypto.com, and KuCoin, paused all crypto PoR work in December 2022, citing “concerns regarding the way these reports are understood by the public.” Mazars’ reports on Binance and KuCoin were removed from its website.
Armanino, the firm that had spearheaded proof of reserves attestations for eight years, exited the crypto industry in December 2022. Chief operating officer Chris Carlberg said “market conditions” had changed, and the firm would stop providing both financial statement audits and proof of reserves reports for crypto companies. Armanino, along with Prager Metis, is facing a class action lawsuit from FTX customers.
The exit of both major PoR auditors within weeks of each other left a gap in third-party verification. The response came from two directions:
- Blockchain-native firms: Hacken, a blockchain security company, took over PoR verification for OKX and other exchanges, applying on-chain analysis rather than traditional accounting procedures.
- Spin-off firm: Former members of Armanino’s crypto team formed The Network Firm, a new practice focused specifically on digital asset attestation and advisory services.
The auditor exodus mirrors a pattern across crypto adoption rates by country: institutional infrastructure rebuilds on crypto-native foundations after each major shake-up, often stronger than what came before.
Exchanges that previously relied on traditional accounting firms now face a choice between blockchain-native verification providers and building in-house cryptographic proof systems. Users tracking MetaMask wallet data and other self-custody trends can see the market’s implicit verdict: when exchange transparency falters, self-custody adoption spikes.
Frequently Asked Questions (FAQs)
No. The PCAOB stated in March 2023 that proof of reserves reports are not subject to PCAOB auditing standards and are not equivalent to financial audits. A PoR attestation typically covers only assets at a single point in time, while a full audit examines liabilities, internal controls, and the entire financial position under PCAOB oversight.
An exchange can manipulate a PoR by omitting certain liabilities. Nic Carter’s framework highlights that without verified liabilities, asset-only proof remains incomplete. Zero-knowledge proofs and third-party verification reduce these risks but do not eliminate them entirely.
Kraken publishes PoR reports that include total client liabilities, with reserve ratios above 100% across all seven covered assets. Coinbase offers the strongest overall financial transparency as a publicly traded company with SEC-audited statements. The best approach depends on whether you prioritize crypto-native verification or traditional regulatory oversight.
Coinbase does not use a crypto-native proof of reserves system. As a publicly traded company, its financials are subject to quarterly external auditor review and annual audited financial statements filed with the SEC. SAB 121 requires Coinbase to report custodied crypto as both an asset and a liability on its balance sheet, providing the liability coverage that most PoR systems lack.
Conclusion
FTX’s estimated $8 billion customer fund shortfall, involving approximately 130 affiliated entities, proved that trust without verification is a liability. Proof of reserves emerged as the industry’s primary response, with major exchanges now publishing monthly or quarterly reports covering tens of billions in customer assets.
The verification standard continues to evolve. Binance has moved to zk-SNARK zero-knowledge proof technology that allows mathematical verification without exposing individual user data. Kraken includes liabilities alongside assets, closing the gap that Nic Carter’s framework identifies as the weakest point in most PoR implementations.
Proof of reserves is necessary but not sufficient. The attestation-vs-audit distinction, the liabilities-side gap, and the auditor exodus all point to the same conclusion: cryptographic verification must eventually meet regulatory-grade accounting standards. Until then, informed users should evaluate both what an exchange proves and what it leaves out.
