Proof-of-reserves (PoR) has become a go-to transparency tool for crypto custodians: it’s a public, cryptographic demonstration that an exchange or custodian controls the onchain assets it says it does. But despite growing adoption, PoR is often misunderstood — and that misunderstanding can matter when users try to withdraw funds during a crisis. What PoR actually proves - At its simplest, PoR shows that verifiable assets existed in specific wallets at a specific moment. Exchanges typically publish wallet addresses or cryptographic signatures to prove control of those addresses. - On the liability side, some platforms take a snapshot of user balances and commit them to a Merkle tree (often a Merkle-sum tree). That lets individual users verify their inclusion via an inclusion proof without revealing everyone’s balances. - Example: On Dec. 31, 2025, Binance’s CEO said the platform’s PoR-verified user asset balances reached $162.8 billion, and Binance provides a verification page where users can independently confirm their inclusion in a Merkle-tree snapshot. Why PoR isn’t a silver bullet - Point-in-time limitation: PoR is typically a snapshot. It proves a state at one moment — not what happened before or after. Assets can be temporarily borrowed or shuffled around to improve a snapshot and then moved again. - No automatic proof of solvency: Without a credible, complete view of liabilities, PoR cannot prove an exchange is solvent. Assets-only reports may omit loans, derivatives exposure, offchain payables, legal claims or other obligations. - Encumbrances and liquidity: PoR often can’t show whether assets are pledged, lent out, or otherwise encumbered. Even if assets exist onchain, they may not be available to meet a sudden wave of withdrawals. And holding illiquid or thinly traded tokens isn’t the same as having liquid reserves you can sell at scale without dramatic price impact. - Scope and interpretation: Many PoR engagements are structured as agreed-upon procedures (AUPs), which report specific checks and findings without delivering an audit-style opinion on the company’s overall financial condition. Under ISRS 4400, an AUP engagement is not an assurance engagement — it doesn’t express an opinion. - Regulatory concern and real-world fallout: Regulators and standard setters have pointed out these limits. The PCAOB has warned PoR reports are inherently limited and inconsistent in execution. In 2022, the accounting firm Mazars paused crypto client work, citing concerns about how PoR-style reports were being presented and perceived. How to make PoR meaningful PoR can be a useful transparency tool — but only when paired with broader disclosure and controls. Practical steps that raise trust include: - Prove solvency, not just assets: Publish assets alongside a complete, credible liabilities set so assets ≥ liabilities. Advances like Merkle-based liability proofs and zero-knowledge techniques aim to provide stronger proofs without exposing private user data. - Show controls over time: Snapshots don’t reveal operational discipline. SOC-style reporting or similar frameworks make controls like key management, access permissions, change management, incident response, segregation of duties and custody workflows visible across a period, not just on a single date. - Disclose encumbrances and liquidity: Make clear which reserves are unencumbered and how quickly holdings can be converted to liquid assets at scale. - Strengthen governance and disclosure: Robust custody frameworks, conflict management and consistent disclosures are essential — especially for products that introduce extra obligations (yield, margin, lending). Quick checklist for readers - Are liabilities included, or is it assets-only? - What is in scope? (Margin, yield, loans, offchain obligations?) - Is this a single snapshot or an ongoing program? - Are reserves unencumbered and liquid at scale? - What type of engagement produced the report? (AUP vs audit/review/SOC) Bottom line PoR is better than nothing — it increases transparency — but it is not a safety certificate. Treat PoR as one piece of the puzzle. Real trust comes from combining onchain proof with full liability disclosure, liquidity and encumbrance transparency, ongoing control assurances, and clear governance. Only then can users and counterparties have a meaningful basis to rely on a platform during stress. Read more AI-generated news on: undefined/news