The difference between crypto exchange Proof of Reserves (PoR) verification and traditional finance is: PoR generates publicly verifiable proofs based on cryptography, supporting user-initiated verification; while traditional audits rely on third-party sampling and reporting, where users can only passively trust with relatively limited transparency.
Theoretically, PoR is meant to reassure users, but currently only a few top exchanges represented by OKX continue to publish monthly PoR reports, while many have entered a "stagnant" or "idle" state. Even with PoR reports, we cannot guarantee absolute safety of assets stored on exchanges. In other words, publishing a PoR report does not equate to absolute security; we must understand the specific implementation behind PoR and how different exchanges perform, which reflects their security levels.
Blockchain expert Nic Carter once commented that OKX represents the highest quality of PoR among mainstream exchanges. Next, we will use OKX as a sample to discuss PoR from a deeper perspective: no longer just asking "is it there," but understanding how well it is done and OKX's security level.
Starting from These Three Steps
Many people open a PoR report and first see rows of tables or data: BTC reserve rate 104%, ETH reserve rate 101%, USDT reserve rate 103%... Seeing all rates above 100%, they instinctively feel reassured: this platform seems quite reliable. But hold on, there are actually many nuances hidden in PoR reports, and looking at the reserve rate alone is far from sufficient.
To quickly grasp the key points and risks of PoR, you can follow these three main steps and approaches.
Step One, first look at the overview: Open the report, find the total user assets, total platform liabilities, and reserve rate. Different exchanges may use different terminology, such as OKX using account assets and OKX wallet assets, but essentially referring to user and exchange assets and liabilities. Don't just focus on the size of these numbers, but see if the reserve rate is equal to or greater than 100%. For example, in the PoR published by OKX in April, the BTC reserve rate is 104%, not only meeting users' daily withdrawal needs but also providing redundancy, indicating stronger risk resistance.
Step Two, check coin details: Not all coins are equally "stable". First, check if mainstream coins are included (BTC, ETH, USDT, USDC, etc.), which usually occupy the majority of user assets and are core indicators of the exchange's liquidity, redemption ability, and risk prevention level. Secondly, you need to open the details table for each coin and see if the exchange's total assets match user total assets. For instance, if there are 10,000 USDT in the wallet and user total assets are 9,000, that's fine. But if it's the opposite, you should pay attention to whether abnormal withdrawals or reserve rate decline have occurred.
Step Three, identify common tricks: To showcase safety, some exchanges might self-stage "fund scheduling" through associated addresses, transferring back after PoR publication; creating numerous fake "liability accounts" to lower platform liabilities and prove solvency at a certain moment, only to revert in the next period. OKX uses zk-STARK technology and globally open-sources its code, effectively preventing fake "liability account" tricks and allowing users to verify themselves to prevent "photoshopped PoR reports".
If you don't have time to examine all data, focus on these three indicators:
1. Whether reserve rate remains consistently stable >100%;
2. Whether user self-verification is supported;
3. Whether reports are regularly updated and cover mainstream and pledged assets.
Remember: attractive PoR data is not the key point; understanding the exchange's solvency and security capability is crucial.
Focus on These Six Data Points
... (rest of the text continues in the same manner)Fifth, Top 10 Mainstream Coins Proportion: Don't Let Obscure Coins Inflate the Overall Picture. The higher the proportion of Top 10 mainstream coins, the healthier the Proof of Reserves (PoR), as these assets have strong liquidity and stability, better supporting the platform's fund safety in extreme situations. According to various PoR reports, the current reserve structure of mainstream exchanges shows that the top 10 coins by market value account for approximately 80% or more, with obscure coins controlled between 10%-20%, indicating a healthy overall asset structure that meets users' expectations of high solvency. For example, as of April 7, 2025, the total value of OKX's Top 10 mainstream coins accounted for about 88.8% of its PoR.
Sixth, the Frequency of PoR Report Publication is Also Important: Is it Just "Occasional Showcasing". PoR reports typically reflect the asset status at a specific point in time. The higher the publication frequency of PoR, the harder it is to conceal short-term liquidity or security risks. Since first launching PoR in late 2022, OKX has consistently published reports monthly, releasing 30 consecutive reports as of April 2025. Additionally, each report is audited and verified by blockchain security institution Hacken. This explains why top platforms like OKX repeatedly emphasize "monthly disclosure" - only high-frequency, reliable audit updates can truly enhance user confidence and maintain platform integrity.
When assessing an exchange's asset safety, we must perform data correlation and not rely solely on the platform's PoR report. We can cross-verify using multiple data sources to form a more comprehensive and objective judgment. For instance, defillama's CEX Transparency module provides an overview of on-chain asset reserves for major centralized exchanges, serving as an important external reference. In Nansen's "CEX Token Flow" section, users can real-time track fund inflows/outflows for exchanges like Coinbase and OKX, capturing on-chain fund dynamics.
Previously, there was an instance of OKX's asset data showing temporary abnormalities on defillama, which was later confirmed to be due to address upgrades causing third-party data collection lag. This event reminds us that while third-party platforms are independent, they are also limited by the timeliness and completeness of on-chain address identification. Moreover, some small and medium exchanges show significant discrepancies between their PoR data and third-party on-chain monitoring platforms. If such differences cannot be reasonably explained, further cautious investigation into the underlying reasons is necessary.
PoR data cannot be interpreted in isolation, and users should not become complacent upon seeing "100%" or similar figures. Only by combining on-chain tracking, third-party platform verification, and the exchange's own public mechanisms can a more scientific assessment of asset safety be made.
Small Tool to Enable User Verification of Exchange Data
While a platform may "showcase" its PoR, this does not guarantee absolute credibility. When facing the ultimate question of "Did you really put my money in?", users need a verification method. Using OKX's verification logic as an example, only two points need to be proven: first, verify the correctness of total user assets (account assets); second, verify the total on-chain asset amount (wallet assets), ultimately determining the "reserve ratio".
For instance, if two users deposit assets into an exchange - one depositing 100 USDT and another 200 USDT, with the platform's total liability being 300 USDT - the exchange's PoR must prove two things: the total deposits of all (two) users are 300 USDT, and the exchange's wallet indeed contains 300 USDT.
Step One, User Total Deposit Verification, OKX uses the "zk-STARK" zero-knowledge proof algorithm to verify and prove all OKX account assets held by the exchange. OKX takes a "snapshot" of all user accounts and applies "zk-STARK" algorithm constraints: first, the "balance sum constraint" requiring total asset quantity to equal the sum of account balance; second, the "non-negative constraint" preventing artificial inflation through negative asset accounts; third, the "inclusivity constraint" ensuring no accounts are omitted.
Step Two, Exchange Wallet Asset Verification. OKX publicly disclosed a set of wallet addresses, signed with a private key message "I am an OKX address", proving address ownership. Anyone can then check these addresses' balances on blockchain explorers. By summing these on-chain balances, the total real assets held by OKX can be determined.
For both the aforementioned three constraints and exchange wallet asset verification, OKX not only provides detailed user self-verification tutorials and allows users to verify at any time but has also open-sourced the PoR code for technical community verification and use.
PoR Solutions Still Have Iteration Space
OKX continues exploring more secure underlying technologies to prevent PoR report data manipulation or forgery. Since introducing a standard Merkle Tree-based PoR in November 2022, OKX upgraded to a comprehensive Merkle Tree V2 in March 2023, and then innovatively introduced a self-developed zk-STARK zero-knowledge proof in April 2023, integrating sum constraints, inclusivity, and non-negative constraints to make the verification process lighter and open-source. Therefore, when evaluating any exchange's PoR report, beyond focusing on reserve ratio and user self-verification, one should comprehensively consider its underlying technical implementation and evolution path to prevent overlooking potential manipulation or audit vulnerabilities by merely examining data indicators.
Why upgrade to zk-STARK technology? Traditional Merkle tree proof schemes have vulnerabilities that enable potential misconduct by centralized exchanges. Merkle tree is a common data structure that, when used for reserve proof, hashes each account's balance and organizes it into a tree structure to verify whether an account's balance is included in the exchange's total liability. However, traditional Merkle trees have a critical flaw: they cannot prevent negative value nodes. If a centralized exchange (CEX) wants to act maliciously, it can create fake accounts and set their balances to negative values, making reserves appear to match liabilities even when they do not.
zk-STARK uses advanced cryptographic techniques to generate mathematically verifiable proofs that anyone can validate. Most importantly, zk-STARK does not require a trusted setup. A trusted setup refers to a special process in some cryptographic systems (like zk-SNARK) where initial secret parameters must be generated and then destroyed after completion. If these initial secret parameters are leaked or manipulated, the entire system's security could be compromised.
However, zk-STARK avoids this risk, being based on transparent cryptographic technology that does not depend on any secret information or external trust, remaining completely decentralized. Users need not worry about platform backdoor operations or potential setup vulnerabilities. zk-STARK provides a truly "trustless" security guarantee, currently the safest solution in PoR.
How does zk-STARK solve this problem? zk-STARK provides powerful mathematical guarantees to verify each account's balance authenticity and legality. With no hidden negative value nodes, zk-STARK ensures all accounts have net balances greater than or equal to zero. Additionally, reserve total cannot be manipulated, preventing CEXs from artificially fabricating reserve matching through data tampering. zk-STARK completely eliminates potential vulnerabilities in traditional reserve proof, genuinely guaranteeing user fund safety and preventing exchange fraud.
OKX's Continuous Leading Credibility and Transparency
Beyond adopting advanced zk-STARK zero-knowledge proof technology, OKX has also introduced third-party independent audit institution HACKEN to provide additional trust assurance. Currently, Hacken's audit team verifies OKX's reserves monthly, ensuring its on-chain assets fully cover user liabilities, maintaining a reserve ratio of 100% or higher, with public audit reports available for user review at any time.
PoR is just one aspect of CEX security and cannot comprehensively prevent potential risks. When choosing a CEX, users should rely on the on-chain asset verification capabilities provided by PoR while also comprehensively considering factors such as governance structure, fund liquidity, and technical capabilities. OKX has built a more trustworthy security line through its consistent and stable PoR release rhythm, industry-leading zk-STARK innovative technology, and third-party independent audit collaboration, truly achieving transparency and user verifiability.
With its continuously leading credibility and transparency, OKX is gaining trust and being chosen by more global users.
Disclaimer
The information provided in this video is for reference only and should not be considered as (i) investment advice, trading advice, or investment recommendation; (ii) an offer or invitation to buy or sell digital assets; or (iii) financial, accounting, legal, or tax advice. We do not guarantee the accuracy, completeness, or usefulness of such information. Digital assets (including stablecoins and Non-Fungible Tokens) involve high risks and may depreciate or become worthless. Digital assets are not insured. Past performance does not guarantee future results. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation, investment objectives, experience level, and risk tolerance. For your specific circumstances, please consult your legal, tax, and investment professionals. You are responsible for understanding and complying with local applicable laws and regulations.
Welcome to join BlockBeats official community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Communication Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
