Proof of reserves: your exchange’s solvency after FTX
After FTX collapsed in November 2022 and left billions in customer money missing, “proof of reserves” became one of crypto’s favorite phrases. Fair enough. People wanted a way to check whether an exchange actually held the coins it claimed to hold. My take: that instinct was right, but the label got inflated almost immediately. A reserve proof can help investors judge whether a centralized exchange is solvent, but only if it shows the whole picture. Otherwise, it is just another badge on a website.
FTX exposed an estimated eight-billion-dollar gap between claimed and actual reserves. That number changed the conversation fast. Exchange balances had always been strange if you paused for even ten seconds: your account showed a number, but the exchange controlled the keys. Proof of reserves is supposed to answer the basic question. Does the exchange still hold the crypto customers deposited? Yes or no. The catch is that assets are only half the story. An exchange can point to on-chain wallets and say, “Look, coins.” That proves very little unless those coins are matched against what the exchange owes customers. Assets without liabilities are theater. I’ll be honest: this is where crypto’s “verify, don’t trust” promise still falls apart more often than people like to admit.
The problem is simple. Centralized exchanges hold user funds, a bit like banks, but usually without the safeguards people are used to. Your balance on the screen is a database entry. A promise. FTX showed how ugly that can get when customer deposits are moved to an affiliated trading firm, lost, and still displayed as healthy account balances. When customers rushed to withdraw, the promise broke. Most post-FTX guides say the answer is “check the reserves.” That’s only half right. The real lesson was sharper: an exchange’s own assurances mean very little once it is already in trouble. Proof of reserves tries to make trouble visible before the doors shut, not after everyone is reading bankruptcy filings.
The usual way to prove liabilities without exposing every customer’s balance is a Merkle tree. Each customer balance gets hashed, then those hashes are combined until they produce one Merkle root, a cryptographic fingerprint of the exchange’s customer liabilities. A user can check whether their own balance was included. Some larger exchanges have gone further and use zero-knowledge proofs, including zk-SNARKs. These let the exchange prove that balances were included, added correctly, and not hidden as negative entries, without publishing individual account data. That is genuinely useful. Ethereum founder Vitalik Buterin publicly argued for this kind of approach after FTX, and he was right to focus on liabilities. Still, I would be careful about treating zk proofs as a market signal. They improve the plumbing. They do not magically make an exchange honest.
Even a technically strong reserve proof has holes. The snapshot problem is the big one. An exchange could borrow funds long enough to pass a check, then send them back. A proof from six months ago says almost nothing about today. Why does this matter? Because solvency can change faster than a polished dashboard gets updated. More frequent proofs help, but they do not fix everything. There is also the encumbrance problem. The blockchain can show coins sitting in a wallet, but it will not show whether those coins were pledged as collateral in a private loan. So yes, a strong proof is better than a vague promise. But it is not a guarantee. Regulators, including the SEC, are likely to keep pushing exchanges toward deeper audits and tougher disclosures, and compliance will probably get more expensive.
A case from early 2026 shows why the details matter. An on-chain forensics firm reported that a European exchange’s main Bitcoin wallet had fallen from about fifty-six Bitcoin to less than one coin, a drop of more than ninety-nine percent, while the platform was still telling users it was solvent. Tens of thousands of customers were affected. We tried to reduce this to a neat lesson. It does not reduce neatly. That is the nightmare version of this story: the public claim says one thing, the wallet says another. With continuous reserve reporting, independent checks, and honest liability matching, the drain would have been visible sooner. Maybe users could have withdrawn in time. Maybe not. But at least they would not have been left staring at a green checkmark while the coins disappeared.
Proof of reserves is not the same thing as a financial audit. This distinction matters. A full audit looks at asset ownership, asset quality, debts, collateral, internal controls, management behavior over time, and the legal risk attached to false statements. A proof of reserves usually does much less. At best, it shows on-chain assets and customer liabilities at a specific moment. It usually does not cover off-chain debts, corporate obligations, related-party deals, or whether funds were mixed across entities. Counter to the usual advice, asking “was it audited?” is not enough. After FTX, some audit firms backed away from proof of reserves work because they did not want a narrow attestation to be mistaken for a clean bill of health. I do not blame them. The public tends to read “audited” as “safe,” and those are not the same thing.
What this means
Better proof of reserves is a good sign, but only if people stop treating it like a magic shield. A frequent, independent, two-sided proof can reduce the risk of hidden insolvency. It can make lies harder to maintain. That matters. But crypto has a bad habit of turning useful tools into slogans, and proof of reserves is already halfway there. The useful version is boring: regular updates, real liability proofs, outside verification, plain language about what the proof does not show, and no pretending that a cryptographic snapshot replaces institutional trust.
For investors and traders, the practical takeaway is blunt: inspect the proof, not the badge. Look for proof of liabilities, ideally using zero-knowledge methods. Check whether an independent firm attested it. Check the date. Treat assets-only graphics with suspicion. Is this overkill? For anyone keeping meaningful assets on a centralized platform, no. A wallet screenshot or dashboard can look comforting while leaving out the part that matters most: what the exchange owes. Regulatory status and track record still matter too. Yes, this slightly contradicts the “verify, don’t trust” slogan. Bear with me. Self-custody is the only way to remove exchange custody risk completely, but if you keep assets on a platform, choose one that publishes frequent, two-sided, independently checked reserve data. Watch how major exchanges, including Coinbase (COIN), handle future quarterly disclosures. The market will be watching those numbers closely, and for once, it should.