Table of Contents
1. Liquidity Put to the Test Since FTX Fiasco
2. Emergence of Proof of Reserve (PoR)
3. Should We Fret about Binance?
4. Relatively Safer South Korean Exchanges
5. Two Polarizing Choices: DeFi or Institutionalized Exchanges
1. Liquidity Put to the Test Since FTX Fiasco
Centralized exchanges’ (CEXs) liquidity has been faced with a growing mistrust since FTX halted customer withdrawals. As the aftermath of the FTX collapse continues, investors have staged bank runs for fear of losing access to their deposits locked in the exchanges. While Crypto.com, widely known for its native token and sports event sponsorship, saw a massive outflow of funds last month, some have voiced their concerns this week about the state of liquidity of the world’s largest crypto exchange, Binance. It is the exchange whose announcement of a selloff of FTT tokens sent FTX tumbling into the downfall (Link to Xangle Research: FTX News Recap) and has since led the industry towards Proof of Reserve, under which exchanges voluntarily verify the value of their reserves. Still, Binance has recently failed to stay immune to a record customer outflow, causing some to question the efficacy of Proof of Reserve.
2. Emergence of Proof of Reserve (PoR)
Proof of Reserve (PoR) is a process of providing proof that attests to the amount of reserves held by an exchange. Traditionally, accounting firms have audited financial companies, such as banks and brokerage firms, as a third-party auditor. Most crypto exchanges also have their assets verified by accounting firms, but the difference is that their assets are recorded and disclosed on the chain and therefore can be verified through a Merkle tree PoR mechanism.
Primarily, PoR focuses on (a) the amount of customer deposits locked in the exchange and sees if (b) the exchange as a custodian can access the funds and (c) customer deposits are included in the assets of the exchange. While the most straightforward way to do this would be to disclose the names and deposits of all customers alongside the entire assets of an exchange, the risk of privacy infringement remains the hurdle. This is the area where the Merkle tree mechanism can be deployed to do the reconciliation between customer deposits and assets of an exchange, while hash encryption keeps customers’ personal information indecipherable.
Here’s how Merkle trees work: The auditor 1) takes a snapshot of all balances held by the exchange and customers and 2) creates a Merkle tree. Then, customers will 3) check the ownership and 4) receive part of the data required for verification from the Merkle tree. The verification process is completed after 5) the data is compared to the hash values of the reserve and 6) proves to match the values.
3. Should We Fret about Binance?
Binance announced the release of its Proof of Reserve (PoR) system on Nov 25, 2022, and shortly after the announcement, accounting firm Mazars published a report, stating that BTC holdings of the world’s largest crypto exchange covered 101% of its customer assets. Apparently, the attempt was geared towards greater transparency to resolve uncertainties about its solvency in the wake of the FTX implosion. Nonetheless, the media did not seem to have fully bought into the PoR audit process, and customers alarmed by the tone scrambled to withdraw their money. Most notable controversies surrounding the PoR report were: 1) Binance’s BTC holdings that fell 3% short of customer liabilities, 2) legitimacy of the audit and the report, and 3) its little known ownership structure.
1) BTC Reserves Falling 3% Short of Customer Liabilities
Mazars’ report found a 3% gap between Binance’s BTC holdings and customer liabilities. The cause of the discrepancy noted by the report was the BTC lending service, which allowed customers to borrow Bitcoin using other cryptocurrencies like stablecoins as collateral. The report mentioned that the gap does not amount to an issue with customer assets as the collateralization ratio reflective of the value of the collateral was 101%. In a sense, Binance’s claim of its customer assets being kept intact seems a valid argument. Surely, the 3% gap in BTC reserves worth $300M is significantly dwarfed by its estimated 2021 revenue of $20B and stellar operating margin hovering above its competitors.
2) Questions Over the Legitimacy of the Audit and Report
The real issue lies with the credibility of the PoR process, not with a simple numerical value, 3%. Mazars, the independent third party that carried out a Merkle tree PoR and authored the official report called the report an AUP (Agreed-Upon Procedure) instead of an audit. An AUP is limited to factual findings within what has already been defined by the client (Binance in this case) and does not provide additional due diligence, formal opinion, or assurance conclusion. It was like adding a stamp to the rules set by Binance. The CEO of the Kraken exchange raised an issue, saying that some of the stated criteria of Binance’s PoR were not considered appropriate standards.
3) Binance’s Governance Structure Is Still Unknown
Above all, though, the shrinking confidence in Binance primarily stems from its corporate structure that has never been disclosed to the public. The entity that the Mazars report covered was Binance Capital Management Co. Ltd domiciled in the British Virgin Islands. Questions left unaddressed include whether the entity is in charge of Binance’s global service, which entity is the parent company, and what the ownership structure looks like. The downfall of FTX, which had similarly set up an entity in the Bahamas and other tax havens, laid bare the risk of an opaque governance structure. Binance is also known to have moved its headquarters from China, Japan, Malta, and Bermuda. So, while the coverage of the PoR performed this time is limited to its entity in the British Virgin Islands, the de facto controller of its global service also remains undisclosed. As Binance CSO Patrick Hillmann was unable to provide the name of Binance’s parent company in a recent interview, questions will continue to arise over its corporate structure.
4. Relatively Safe South Korean Exchanges
Unlike crypto exchanges overseas, South Korean exchanges are subject to the Act on Reporting and Using Specified Financial Transaction Information, which took effect in 2021. The act requires them to separate customer deposits from their own assets while dual oversight of compliance by the Commissioner of the Korea Financial Intelligence Unit and a third-party financial institution is in place. Few exchanges would jeopardize their business by appropriating customer deposits when the violation of the law could result in a full or partial suspension of operations for up to 6 months.
Legislator Changehyun Yun once proposed a bill that seeks to go further than segregating customer deposits from exchanges’ own assets and keep them under the management of trustworthy custodians. Once the bill takes effect, customer deposits will be safeguarded with zero risk of misappropriation. The measure will amount to the current requirements brokerage firms and asset managers have long been subject to.
Since South Korean exchanges are required to handle customer deposits and their own assets separately, top 5 largest exchanges in the country, namely Upbit, Bithumb, Korbit, Coinone, and Gopax, classify customer deposits as other current liabilities (or deposit liabilities), deposits, or deposits due to customers in their financial statements.
They also make their quarterly and annual independent audit reports publicly available, providing amounts and other details about their own crypto assets and customers’ crypto deposits separately.
Subject to government regulations and credible third-party audit, South Korean exchanges are deemed relatively safer and may not be exposed to the stringent liquidity tests beleaguering some of the centralized exchanges with opaque ownership structure.
5. Investors’ Choice Polarized into DeFi and Regulated Exchanges
The fallout of the downfall of the world’s second largest crypto exchange, FTX, seemed to have subsided with the arrest of the CEO of the scandal-ridden exchange, SBF. But such hiatus was short-lived when Binance, the world’s largest exchange with a market share of over 50%, began suffering cracks in its credibility. Bearing the brunt of the consequent damage are the investors (customers). As jitters grow, investors are forced to go on an “unwanted” journey, moving their assets from one exchange to another, including FTX, Crypto.com, and Binance.
In the end, investors are expected to split into DeFi and regulated exchanges. In the crypto space, there is a saying that goes: “Not your keys, not your crypto.” It means that owning cryptocurrencies requires owning private keys to the wallets. Despite the hacking risks and inconvenience associated with individual crypto wallets, complete ownership of digital assets without the need to depend on a custodian will continue to position them as the safest haven. Users who prefer this notion will stick to DeFi services for trades and swaps.
On the other side of the spectrum, we will see users resort to regulated exchanges. Although not as sure a way as directly owning the assets and not exactly in line with the essence of blockchain technology given the necessary involvement of a third party and custodian, users not familiar with DeFi would prefer exchanges overseen under long-established regulatory framework. The direction of regulations will likely reflect the dynamics—and indeed, Binance has set up local entities, i.e., Binance.US and Binance UK, and complies with regulatory requirements of each jurisdiction. With rumors constantly swirling about Binance’s possible acquisition of a South Korean exchange, the growing trend of crypto exchanges coming under the regulatory umbrella may not be bucked.
Investor and customer protection has been a top priority and central to the evolution of financial services. The Sarbanes-Oxley Act of 2002 was enacted in the aftermath of the Enron accounting scandal, and Basel III: International Regulatory Framework for Banks came into being in response to the financial crisis of 2007-2009. All in all, the crypto market looks poised to go a similar path. On the on-chain front, formulation and implementation of PoR standards and procedure seem a priority, and customers will likely turn their back on exchanges that refuse to comply. Apart from PoR, centralized exchanges will likely be subject to regulatory requirements of each jurisdiction—because innocent investors should never fall prey to unethical and inexperienced crypto exchanges.
Other Related Xangle Research Reports