After FTX vanished with billions in customer money, “proof of reserves” became the phrase every exchange started using. This guide explains what it really proves, what it quietly leaves out, and how to tell a meaningful attestation from a marketing badge.
Summary
- Proof of reserves lets crypto exchanges verify on chain holdings against customer liabilities instead of relying only on trust.
- Merkle trees and zero knowledge proofs help exchanges prove customer balances are included without exposing private account data.
- Proof of reserves improves transparency but cannot fully confirm off chain obligations or guarantee long term solvency.
Proof of reserves is a cryptographic method an exchange uses to show that it actually holds the crypto assets its customers have deposited, by publishing verifiable evidence of its on-chain holdings and, in the stronger versions, matching them against what it owes. The first sentence of that definition is the part exchanges love to advertise. The second part, the matching against what it owes, is the part that separates a genuine solvency proof from a reassuring graphic, and it is where most of the difficulty lives.
The idea moved from a niche cryptographic curiosity to an industry standard almost overnight in late 2022, when FTX, one of the largest exchanges in the world, collapsed and revealed an estimated eight-billion-dollar hole between what it claimed to hold and what it actually had. In the panic that followed, every surviving exchange rushed to prove it was not the next FTX, and “proof of reserves” became the phrase they reached for. This guide explains what proof of reserves is, how the cryptography works, what a credible implementation looks like, the serious limitations every user should understand, and how to read an exchange’s attestation without being lulled by a green checkmark.
The reason this matters is simple and uncomfortable. When you deposit crypto on a centralized exchange, you generally do not hold those coins yourself; the exchange holds them and owes them back to you, exactly as a bank holds your deposit. That arrangement works only if the exchange truly has the assets, keeps them separate from money it gambles or lends, and can return them on demand. FTX proved that an exchange can claim all of this while secretly using customer funds to plug losses elsewhere, and that by the time the truth surfaces, the money is gone.
Proof of reserves is the industry’s attempt to make that kind of fraud detectable in advance, by replacing “trust us” with “verify it yourself.” Whether it succeeds depends entirely on how it is done, and the gap between the strong and weak versions is the most important thing this guide will teach you.
The problem proof of reserves is trying to solve
To understand proof of reserves, start with what an exchange actually is from a financial standpoint. A centralized exchange custodies assets on behalf of millions of users, pooling them in wallets it controls. Your balance on the screen is not a coin with your name on it; it is an entry in the exchange’s database, a promise that the platform owes you that amount and will pay it when you withdraw. As long as everyone does not ask for their money at once, and as long as the exchange truly holds what it owes, the system runs smoothly.
The danger appears when an exchange quietly spends, lends, or loses customer assets while still showing full balances on screen. Users see numbers that look real, but the coins behind them are gone, and the shortfall stays hidden until a wave of withdrawals exposes it.
This is precisely the failure FTX embodied. It took customer deposits and funneled them to an affiliated trading firm, which lost them, while customer account balances continued to display as though the money were safe. When users tried to withdraw en masse, the exchange could not pay, and the missing billions came to light only in the collapse. The episode burned a lesson into the industry: an exchange’s own assurances are worthless, because a fraudulent or insolvent platform will keep claiming everything is fine right up until it implodes.
What users needed was a way to check, independently and cryptographically, that an exchange held the assets it claimed, without having to trust the exchange’s word or wait for an auditor’s annual report. Proof of reserves was the answer the industry converged on, a mechanism designed to make solvency, or its absence, visible to anyone willing to verify, ideally before a platform fails rather than after.
The two halves: assets and liabilities
The single most important concept in proof of reserves is that real solvency requires proving two separate things, and that an exchange holds enough assets is only one of them. The first half is proof of assets: showing that the exchange controls a certain quantity of crypto in its wallets. This is the easier half, because blockchains are public. An exchange can point to its wallet addresses and let anyone see the balances on-chain, or it can cryptographically sign a message from those addresses to prove it controls them. Either way, the assets side is relatively straightforward to show, because the blockchain itself is the evidence.
The second half is proof of liabilities: showing the total amount the exchange owes to all of its customers combined. This is the hard half, and it is the half that weak implementations skip. Without knowing the total liabilities, proving assets means nothing, because solvency is a comparison. An exchange holding one billion dollars of crypto looks healthy until you learn it owes customers two billion, at which point it is catastrophically insolvent. Proof of assets alone tells you what is in the vault; only proof of liabilities tells you whether what is in the vault is enough.
A complete proof of reserves therefore pairs the two: it shows that total assets held are greater than or equal to total customer liabilities, which is the actual definition of solvency. When an exchange publishes a glossy page showing its wallet holdings but says nothing rigorous about what it owes, it has proven assets and called it solvency, and that substitution is the most common way the term gets watered down into marketing.
How Merkle-tree proof of reserves works
The clever cryptography in proof of reserves is mostly on the liabilities side, because proving what an exchange owes without exposing every customer’s private balance is the genuinely hard problem. The standard tool is a structure called a Merkle tree. Picture every customer’s balance as a leaf at the bottom of a tree. Each leaf is hashed, meaning run through a one-way cryptographic function that turns it into a fixed string of characters.
Pairs of hashes are then combined and hashed again, level by level, climbing the tree until everything condenses into a single hash at the very top called the Merkle root. That root is a compact fingerprint of every balance in the system at once, and crucially, changing any single balance anywhere in the tree would change the root entirely.
The exchange publishes the Merkle root, which represents its total customer liabilities, along with the total asset figure, ideally verified by a third party. Each individual user can then independently confirm that their own balance was included in the calculation. The exchange gives the user the specific branch of hashes connecting their leaf to the root, and the user can recompute the path and check that it produces the published root. If it does, the user has proven their balance was counted in the total, without the exchange ever revealing anyone else’s balance.
The privacy is the point: the Merkle tree lets the exchange prove a true, complete total of what it owes while keeping each customer’s individual figure hidden from everyone else. If enough users perform this check and find themselves correctly included, the published liability total becomes credible, and it can be compared against the proven assets to assess solvency. The catch, which we will return to, is that this only works well if users actually perform the check and if the asset side is honestly and independently verified.
The zero-knowledge upgrade
The basic Merkle-tree approach has a subtle weakness that more advanced systems have moved to close. To fully trust the liability total, you ideally want assurance that the exchange did not cheat in constructing the tree, for instance by sneaking in fake negative balances to make its total liabilities look smaller than they really are, or by excluding certain accounts. The plain Merkle tree proves your balance is included, but it does not, on its own, prove that every entry in the tree was non-negative and that the math behind the total was honest. A sophisticated exchange could, in principle, manipulate the construction in ways an ordinary user checking a single branch would not catch.
The fix that leading exchanges have adopted is to layer a zero-knowledge proof on top of the Merkle tree, using a cryptographic technique called a zk-SNARK. A zero-knowledge proof lets one party prove a statement is true without revealing the underlying data. Applied to proof of reserves, a zk-SNARK can prove that every user balance in the tree was included, that no balance was negative, and that the total was computed correctly, all without exposing any individual balance or even aggregate patterns.
The exchange proves, in effect, “the sum of all real, non-negative customer balances equals this published number, and here is mathematical proof we did not fake it,” and anyone can verify that proof. The founder of Ethereum publicly proposed exactly this kind of zk-SNARK enhancement as the right way to do proof of reserves, and major exchanges now run zk-SNARK systems atop their Merkle trees. This is the current state of the art on the liabilities side: a privacy-preserving, tamper-evident proof that the total owed is honest and complete.
The limitations every user must understand
Even the most sophisticated proof of reserves has serious limitations, and understanding them is what separates an informed user from someone soothed by a checkmark. The first and most damning is the snapshot problem. Proof of reserves captures a single moment in time. An exchange short on assets could borrow funds, perhaps from another exchange or a lender, hold them just long enough to pass the snapshot, prove healthy reserves, and return the borrowed money the next day. The proof would be technically accurate and completely misleading, because the assets were never really there outside the photographed instant. Frequent or continuous proofs reduce this risk but do not eliminate it, and many exchanges publish only periodically.
The second limitation is that proving assets does not prove they are unencumbered. An exchange can genuinely hold the coins it shows while having secretly borrowed them, pledged them as collateral, or owing them to a third party. The blockchain shows the coins sitting in the wallet; it does not show the hidden loan agreement that means those coins are not really free to cover customer withdrawals. The third limitation is the liabilities honesty problem already noted: a proof of assets with no rigorous, independently verified proof of liabilities is not a solvency proof at all, and many advertised implementations stop at assets.
Fourth, off-chain assets and obligations sit entirely outside the blockchain’s view, so an exchange holding fiat currency, real-world assets, or off-chain debts cannot have those captured by an on-chain proof. The honest summary is that proof of reserves can show an exchange has assets at a moment, but it struggles to prove those assets are sufficient, unencumbered, continuously present, and matched against an honest accounting of everything owed. It is a meaningful check, not a guarantee.
Why auditors and skeptics both have a point
Because the cryptography alone cannot close every gap, third-party auditors have become central to credible proof of reserves, and their role is both valuable and contested. An independent auditor or specialized verification firm can examine an exchange’s wallets, confirm control of the assets, review the liability construction, and attest that, at the time examined, assets exceeded liabilities by some margin. Several firms now perform this work, publishing reserve ratios for exchanges that show assets comfortably above liabilities, figures above one hundred percent meaning the exchange holds more than it owes. Some exchanges go further, combining independent accountant reviews with user verifiable identifiers so individuals can confirm their own inclusion. This blend of cryptographic proof and human attestation is currently the strongest form of assurance an exchange can offer short of full, traditional financial audits.
Yet skeptics raise a point worth taking seriously, and it is best captured by the prominent executive who refused to publish proof of reserves for his own company’s holdings, calling it a bad idea. His argument was not that hiding assets is good, but that proof of reserves as commonly practiced can mislead: it can create a false sense of security by proving assets while saying little verifiable about liabilities, off-chain obligations, or whether the assets are encumbered, and a sophisticated bad actor can satisfy the letter of a proof while remaining insolvent in substance. The skeptics and the auditors are, in a sense, both right. Proof of reserves done well, with honest liabilities, independent attestation, and frequent snapshots, is a real improvement over the pre-FTX world of pure blind trust. Proof of reserves done poorly, as a one-time assets-only graphic, can be worse than nothing if it lulls users into a confidence the proof does not actually earn. The technique is a tool, and like any tool it can be wielded honestly or as theater.
A cautionary tale that proves the point
The limitations are not hypothetical, and a fresh example shows exactly how a proof-of-reserves regime can fail in practice. In early 2026, an investigation by an on-chain forensics firm revealed that a European exchange’s main Bitcoin holding wallet had collapsed from around fifty-six Bitcoin to a fraction of a single coin, a drop of more than ninety-nine percent, even as the platform continued to assure users it was solvent.
Tens of thousands of customers were potentially affected, and observers described it as one of the most significant European exchange failures since FTX itself. The episode landed as a direct reminder that an exchange claiming solvency, and even one gesturing at reserves, can be hollow underneath, and that the gap between a public claim and verifiable on-chain reality is exactly where users lose money.
The lesson is not that proof of reserves is useless; it is that the quality and continuity of verification are everything. Had that exchange’s reserves been continuously proven, independently audited, and matched against honestly constructed liabilities, the draining of its main wallet would have been visible to anyone watching, and users could have withdrawn before the collapse rather than after. Instead, the assurance was a claim rather than a living, verifiable proof, and the on-chain reality diverged catastrophically from the story being told.
This is the practical case for treating proof of reserves as a process to scrutinize instead of a badge to trust. A meaningful proof is recent, frequent, independently attested, and covers both halves of the solvency equation. A claim of solvency with none of that behind it is precisely the kind of reassurance that history keeps showing to be worthless at the worst possible moment.
Proof of reserves versus a real audit
A point of confusion worth clearing up is the difference between proof of reserves and a traditional financial audit, because exchanges sometimes blur the two and they are not the same thing. A full audit, of the kind applied to a public company, examines far more than whether assets exceed liabilities at a moment. It scrutinizes the quality and ownership of those assets, whether they are encumbered or pledged, the accuracy of the books over a period instead of a snapshot, the internal controls that govern how money moves, the company’s other obligations and debts, and the truthfulness of management’s representations, all signed off by an accountable auditing firm that stakes its reputation and faces legal consequences for getting it wrong.
Proof of reserves, even in its strongest cryptographic form, does much less: it shows on-chain assets and, ideally, customer liabilities at a point in time, but it does not examine the off-chain business, the encumbrances, the controls, or the conduct of management.
This gap matters because the marketing around proof of reserves can imply a level of assurance closer to a full audit than the technique actually provides. An exchange can truthfully say it published a proof of reserves while its off-chain finances, its corporate debts, its commingling of funds, or its risky lending remain entirely unexamined. The early scramble after the FTX collapse made this gap vivid: some auditing firms that had begun providing proof-of-reserves attestations stepped back from the work, wary of the reputational risk of appearing to vouch for an exchange’s overall solvency when their procedures covered only a narrow, point-in-time slice.
The lesson is not that proof of reserves is dishonest, but that it occupies a specific and limited place. It is a cryptographic check on a particular question, do the on-chain assets cover the customer liabilities right now, and it is truly useful for that. It is not a substitute for the comprehensive, ongoing, accountable scrutiny that a real audit provides, and an exchange that has only published a proof of reserves has not been audited in the full sense, however much the language might suggest otherwise.
The practical upshot is to hold two ideas at once. Proof of reserves is a meaningful advance over the pre-FTX world, in which users had nothing but blind faith, and a strong, frequent, independently attested, two-sided proof truly lowers the risk of a hidden insolvency. At the same time, it is a narrow instrument that cannot see the off-chain obligations, the encumbrances, or the management conduct that have featured in many exchange failures.
The most informed users treat a credible proof of reserves as one positive signal among several, alongside an exchange’s regulatory standing, its track record, its transparency, and the protections of the jurisdiction it operates in, instead of as a complete verdict on safety. Combining the cryptographic check with these other signals, and keeping meaningful holdings in self-custody, is the realistic way to manage exchange risk, because no single proof, however clever, captures everything that can go wrong.
How to read an exchange’s proof of reserves
Putting it together, here is how to evaluate any exchange’s proof of reserves instead of taking the headline at face value. First, check whether it proves liabilities, not just assets. A page showing only wallet balances is proof of assets, and on its own it tells you nothing about solvency, because you cannot see what the exchange owes. Look for a Merkle-tree liability commitment, ideally strengthened by a zero-knowledge proof, and the ability to verify your own balance’s inclusion. Second, check for independent attestation.
A reserve ratio confirmed by a reputable third party carries far more weight than a self-published graphic, because it means someone with professional accountability examined the wallets and the liability construction instead of the exchange grading its own homework.
Third, check recency and frequency. A proof from many months ago tells you little about today, and a single annual snapshot is easy to game with borrowed funds; frequent or continuous proofs are far harder to fake. Fourth, keep the structural limitations in mind even when all of the above is present: a proof cannot easily show that assets are unencumbered, cannot capture off-chain obligations, and cannot guarantee the assets stay there after the snapshot. The most important practical takeaway sits above all the cryptography.
Proof of reserves reduces the trust you must place in an exchange, but it does not eliminate it, and the only way to remove custody risk entirely is to hold your own keys in self-custody, where no exchange stands between you and your coins. For assets you do keep on an exchange, favor platforms with frequent, independently audited, two-sided proofs, treat assets-only graphics with skepticism, and remember the lesson FTX taught at great cost: an exchange will keep telling you everything is fine right up until it is not, so verification, not reassurance, is what protects you.
Frequently Asked Questions
What is proof of reserves in simple terms?
Proof of reserves is a way for a crypto exchange to show, with verifiable evidence instead of just its word, that it actually holds the assets customers have deposited. In its strong form it proves two things: that the exchange controls a certain amount of crypto in its wallets (proof of assets), and that this amount is greater than or equal to everything it owes customers (proof of liabilities). Together those show solvency. It became an industry standard after the FTX collapse in late 2022 revealed an estimated eight-billion-dollar gap between claimed and actual reserves.
How does proof of reserves actually work?
The asset side is shown using the blockchain itself, since an exchange can reveal its wallet holdings or cryptographically sign messages proving it controls them. The liability side uses a Merkle tree: every customer balance is hashed and combined upward into a single fingerprint called a Merkle root, which represents the total owed. Each user can verify their own balance was included without seeing anyone else’s. Leading exchanges add a zero-knowledge proof (a zk-SNARK) on top to prove no balances were negative or omitted and the total is honest, all without exposing individual figures.
What are the main weaknesses of proof of reserves?
Several. It is a snapshot, so an exchange could borrow assets briefly to pass the check and return them afterward. It does not prove the assets are unencumbered, meaning they could be secretly borrowed or pledged as collateral. Many implementations prove only assets and skip a rigorous, independently verified proof of liabilities, which means they do not actually prove solvency. And it cannot capture off-chain assets or obligations. So proof of reserves is a meaningful check but not a guarantee that an exchange is truly solvent and safe.
Why did some people refuse to publish proof of reserves?
A prominent executive declined to publish proof of reserves for his company’s holdings, arguing it is a bad idea because it can mislead. The concern is that an assets-only proof creates false confidence: it can show coins in a wallet while saying nothing verifiable about liabilities, off-chain debts, or whether the assets are encumbered, and a sophisticated bad actor can satisfy the surface of a proof while remaining insolvent underneath. The point is not that hiding assets is good, but that a weak proof of reserves can be worse than none if it lulls users into unearned trust.
Does proof of reserves mean my money is safe on an exchange?
Not by itself. A strong, frequent, independently audited, two-sided proof of reserves meaningfully reduces the risk that an exchange is secretly insolvent, which is real protection. But no proof can guarantee the assets stay there after the snapshot, that they are unencumbered, or that off-chain obligations are covered. The only way to remove exchange custody risk entirely is self-custody, holding your own private keys so no platform stands between you and your coins. For assets kept on an exchange, prefer platforms with credible, recent, two-sided proofs, but do not treat any proof as an absolute guarantee.
How can I tell a credible proof of reserves from marketing?
Check four things. Does it prove liabilities, not just assets, with a Merkle-tree commitment and ideally a zero-knowledge proof, plus the ability to verify your own balance? Is it independently attested by a reputable third party instead of self-published? Is it recent and frequent instead of a stale annual snapshot? And does the explanation acknowledge the limitations instead of implying total safety? A two-sided, independently audited, frequently updated proof is credible. An assets-only graphic with no liability proof, no third party, and an old date is closer to a marketing badge than a solvency proof.
This article is educational information, not financial or investment advice. Exchange practices, reserve ratios, and verification methods change, and figures reflect reporting available as of June 25, 2026. Always confirm an exchange’s current proof-of-reserves details from primary sources, and remember that self-custody is the only way to fully remove exchange custody risk.
