Grayscale Investments (“Grayscale”), a subsidiary of Digital Currency Group (“DCG”), says that “custody of the digital assets underlying Grayscale’s digital asset products is unaffected,” but it is not willing to disclose wallet addresses or provide on-chain Proof of Reserves (PoR).

Here is how Coin Metrics Co-Founder Nic Carter, who has long been a strong proponent of custodial service providers in the crypto space having a Proof of Reserves program, explains this concept:

Proof of Reserves is the idea that custodial businesses holding cryptocurrency should create public facing attestations as to their reserves, matched up with a proof of user balances (liabilities). The equation is simple (in theory):

Proof of Reserves + Proof of Liability = Proof of Solvency

The idea is to prove to the general public, and in particular your depositors, that your cryptocurrency held on deposit matches up with user balances. Of course, in practice, this isn’t quite so simple. Proving that you control some funds on chain is trivial, but you could always borrow those funds on a short term basis. This is why point-in-time attestations mean relatively little. And additionally, exchanges can have hidden liabilities or have creditors claim seniority to depositors, especially if they don’t legally segregate client assets on the platform. This is why policy like Wyoming’s SPDI law clarifying the legal status of depositors relative to custodial institutions is so important.

Proving liabilities is tricky, and generally requires an auditor to engage in a full assessment. For instance, exchanges can omit certain liabilities to ‘cheat’ a PoR attestation. This is why I recommend both a user-facing PoR protocol, allowing users to obtain ‘herd immunity’ by collectively verifying their individual balances, and an auditor-facing PoR protocol, to prove that the claimed liabilities are faithful to reality.

Another issue is that exchanges could have unaccounted-for liabilities that a mere cash flow analysis might not capture. For instance, given that many exchanges exist under muddy regulatory regimes and legal contexts, it’s not guaranteed that depositors would be senior to creditors in the case of bankruptcy. This means that it’s possible that large debts could consist of a hidden liability that would weaken depositor claims on reserves in a worst case scenario. This is why I recommend including an auditor in a PoR process, so these more complex liabilities (and an assessment of the seniority of depositors) can be understood. More generally, exchanges should adopt a legal policy in which depositors are absolutely privileged and senior to all creditors.

As for those people who say Proof of Reserves is meaningless without Proof of Liabilities, Carter has this to say:

Ideally a PoR would be paired with a full accounting of liabilities, known and hidden, and stronger solvency assurances would be obtained… PoR is a term of art that refers to the attestation whereby both the assets held on deposit and the user liabilities are compared. Under standard PoR, liability holders have the ability to determine that they were included in the liability set (that’s what the merkle tree is for). The “hard part” is the liabilities – proof of assets on chain is normally trivial. So PoR is not “underpowered” or “incomplete”. A proper PoR really does give you assurances that the exchange is solvent at least in the narrow context of on-platform balances.

In the wake of the recent collapse of crypto exchange FTX and a lot of crypto leaving crypto exchanges due to concerns about them getting hacked or going bankrupt, most major centralized exchanges have been racing to provide PoR reports to assure the public that customers’ crypto funds are really there and that no “fractional reserve banking” is going on.

One of the first centralized exchanges to express an interest in providing a PoR report was Binance, whose CEO had this to say on 8 November 2022:

As Cointelegraph reported on 19 November 2022, “a total of five centralized exchanges (CEXs) including Kraken, Bitmex, Coinfloor, Gate.io and HBTC have completed their proof-of-reserve audits while the likes of Binance, OKX, KuCoin, Huobi, Poloniex, Crypto.com, Deribit and Bitfinex have announced their plans to do the same.”

Anyway, on 18 November 2022, Grayscale provided the following affirmations:

The holdings of Grayscale’s digital asset products are safe and secure. Balances are reflected in historical public filings and have been evaluated by our third-party auditors. Each of Grayscale’s digital asset products is set up as a separate legal entity: a statutory trust for single asset products, and limited liability company for diversified products. All digital assets that underlie Grayscale’s digital asset products are held by Coinbase Custody Trust Company, LLC (Coinbase Custody) as custodian for each product.

A letter that verifies the number of digital assets held by Coinbase Custody for each of Grayscale’s digital asset products can be found below. The organizational documents governing each of Grayscale’s digital asset products, as well as the custodian agreement with Coinbase Custody, prohibit the digital assets underlying the products from being lent, borrowed, or otherwise encumbered.

Grayscale went on to say:

Coinbase Custody frequently performs on-chain validation as part of their custodian operations.  Due to security concerns, we do not make such on-chain wallet information and confirmation data publicly available through a cryptographic Proof-of-Reserve, or other advanced cryptographic accounting procedure…

Grayscale and Coinbase Custody are prohibited from borrowing, lending, rehypothecating, or otherwise encumbering the products’ underlying assets pursuant to the terms of the trust agreement or limited liability company agreement governing each digital asset product. No other entity, including DCG, Genesis, nor any other Grayscale affiliate, has any control over the digital assets underlying the Grayscale products.

Carter is not too impressed with Grayscale’s reasons for not providing “on-chain wallet information and confirmation information publicly available through a cryptographic Proof-of-Reserve, or other advanced cryptographic accounting procedure.”

He said on Twitter:

Signing a transaction raises security concerns? PoR isn’t “advanced” either. It’s dead simple and well understood… Unnecessary and inflammatory thread, at the worst time. Both parties need to get their act together.

Image Credit

Featured Image via Pixabay