What is Proof of Reserves?

At its core, proof of reserve is a public demonstration that a custodian holds assets it purports to hold on behalf of users, typically using cryptographic methods and on-chain transparency.

If every cryptocurrency exchange can publish a Proof of Reserves (PoR) report, why might withdrawals continue to be delayed or withheld during the crisis?

The truth is that proof of reserve is not a guarantee of trust. It shows whether there are verifiable assets on the platform at any given time, but does not confirm that the platform is solvent, liquid or subject to controls to prevent hidden risks.

However, even when done correctly, PoR is often a snapshot of a specific point in time that may be missing what happened before and after the reporting moment.

Without a reliable picture of liabilities, PoR is unable to demonstrate the solvency that users actually need during periods of withdrawal stress.

Did you know? On December 31, 2025, Binance CEO wrote that asset balances of platform users verified publicly through Proof of Reserves achieved $162.8 billion.

What PoR proves and how it is usually done

In practice, PoR involves two controls: assets and, ideally, liabilities.

On the asset side, an exchange shows that it controls specific wallets, usually by publishing addresses or signing messages.

Commitments are more hard. Most exchanges take a snapshot of user balances and put it into a Merkle tree, often a Merkle sum tree. Users can then confirm that their balance has been included using proof of inclusion, without making everyone’s balances public.

If done correctly, PoR shows whether onchain assets cover customer balances at a specific point in time.

Did you know? Binance allows each user to independently verify their inclusion in the PoR snapshot. Through its verification page, Binance generates cryptographic proof based on Merkle’s tree of user balances, allowing users to confirm that their account has been converted without revealing other people’s details or balances.

How can a stock market “pass PoR” and still be risky?

PoR can improve transparency, but it should not be used as the sole measure of a company’s financial health.

Of course, a report of assets without full liabilities does not indicate solvency. Even if onchain wallets appear robust, liabilities may be incomplete or selectively defined and may be missing elements such as loans, derivative exposure, legal claims or off-chain liabilities. This may demonstrate the existence of funds without proving that the company is able to meet all of its obligations.

Not a single certificate shows what the balance looked like last week or what it looks like the day after the report. Theoretically, resources can be temporarily borrowed to improve a snapshot and then transferred back.

Subsequently, loads often do not appear. PoR is typically unable to determine whether assets are pledged as collateral, borrowed or otherwise blocked, which means they may not be available in the event of a spike in withdrawals.

Liquidity and valuation can also be misleading. Owning assets is not the same as being able to liquidate them quickly and extensively during times of stress, especially if reserves are concentrated in poorly traded tokens. PoR does not address this issue; could provide clearer risk and liquidity disclosures.

PoR is not the same as an audit

Many trust issues stem from misaligned expectations.

Many users treat PoR as a security certificate. In fact, many PoRs resemble agreed-upon procedures (AUPs). In such cases, the auditor performs detailed audits and reports findings, rather than providing an audit-style opinion on the overall health of the company.

The purpose of an audit or even review is to present an assurance conclusion within a formal framework. AUP reporting is narrower. It explains what was tested and what was observed, and then leaves the interpretation to the reader. In line with the International Standard for Related Services (ISRS) 4400the AUP service is not an assurance service and does not express an opinion.

Regulators have highlighted this gap. Public Company Accounting Oversight Board warned that PoR reports are inherently restricted and should not be taken as evidence that the exchange has sufficient assets to meet its obligations, especially given the lack of consistency in how PoR work is performed and described.

For this reason, PoR after 2022 has attracted increased interest. Mazars suspended work for crypto clients, citing concerns about how PoR-style reports are presented and how the public might interpret them.

So what is a practical trust stack?

PoR may be a starting point, but true trust comes from combining transparency with proof of solvency, robust governance and crystal clear operational controls.

Start with solvency. The real step forward is to show assets against the full set of liabilities, ensuring that assets are greater than or equal to liabilities. Merkle-based accountability proofs, along with newer zero-knowledge approaches, aim to close this gap without revealing individual balances.

Then add confidence in how the exchange actually works. The snapshot does not reveal whether the platform has disciplined controls such as key management, access permissions, change management, incident response, segregation of duties and care workflows. For this reason, institutional due diligence often relies on system and organizational control (SOC)-style reporting and similar frameworks that measure controls over time rather than just balance at a single point in time.

Make fluidity and strain noticeable. Solvency on paper does not guarantee that the stock market will survive the round. Users need clarity on whether reserves are unencumbered and how quickly shares can be converted into liquid assets on a vast scale.

Anchor this in governance and disclosure. Credible governance depends on a clear custody framework, conflict management and consistent disclosures, particularly for products that introduce additional obligations such as profitability, margin and credit.

PoR helps, but cannot replace responsibility

PoR is better than nothing, but remains a narrow control at a specific point in time (even though it is often touted as a security certificate).

PoR itself does not constitute evidence of solvency, liquidity or quality of control. So before you treat a PoR badge as “safe”, consider the following:

1. Are liabilities included or just assets? Asset-only reports cannot demonstrate solvency.

2. What’s included? Are margin, income products, loans or off-chain liabilities excluded?

3. Does it report a snapshot or is it ongoing? You can dress up one date. Consistency matters.

4. Are the reserves unencumbered? “On hold” is not the same as “available during stress.”

5. What kind of commitment is this? Many PoR reports are restricted in scope and should not be read like an audit opinion.