2022 has been a tumultuous year in crypto to say the least. The impression left behind by the crashing of several high-profile industry players has been a painful one which many of us are working to move past. Here at CoinGecko, we’re taking in lessons from these events to also incrementally improve Trust Score, and today we’re introducing Proof of Reserves (Assets & Liabilities) into our Trust Score algorithm. Here’s a rundown:
- Proof of Reserves = Assets + Liabilities
- Assets = Amount owned (i.e. balances in wallets controlled)
- Liabilities = Amount owed (i.e. user deposits in custody)
Since the introduction of Trust Score in May 2019 to combat the alarming trend of inflated trading volumes & artificial rankings, we have consistently revised our algorithm (Trust Score 2, Cybersecurity, Team Presence & Incidents). Trust Score is a work in progress for us that aggregates publicly available data to help us better rank crypto exchanges and we’re excited to iterate and improve on it.
Let’s dive into things!
Proof of Assets & Liabilities takes time and work from parties within the crypto industry and we’re taking a gradual approach for it’s inclusion into Trust Score. Briefly, our timeline looks like so:
- Jan 2023: Proof of Assets + algorithm update
- Q4 2023: Complete Proof of Reserves with addition of Proof of Liabilities + algorithm update
Jan 2023 – Proof of Assets + Trust Score Weightage change
For our next iteration on Trust Score, we’ll incorporate Proof of Assets into Trust Score with a 1/10 weightage, which covers the following cases:
- Full scoring – Assets published publicly (i.e. Huobi’s disclosure)
- Full scoring – Assets can be verified by users through merkle root method or others (i.e. Kraken)
- Partial scoring – Audited, but wallets not published (i.e. Coinbase)
- Zero score – No disclosure or info available
In short, an exchange that does not have any form of asset disclosure will not have a 10/10 Trust Score on CoinGecko. For exchanges with reserves or audit data available, you will be able to find them under the “Exchange Reserves” tab. (example).
However, note that Proof of Assets on its own is likely insufficient to thwart actors with ill intentions as there exists methods to obfuscate data, as well as catastrophic events such as private keys leaking that can lead to irreversible loss of assets. Regardless, we still think that the first step needs to be taken to raise the bar for transparency and accountability within the crypto industry.
Proof of Reserves Trust Score weightage with Asset data:
Here is a quick rundown on how Trust Score is weighted on scale of 0 – 10 for each criteria.
Liquidity (4 of 10) – Exchanges are one of the liquidity hubs of the crypto ecosystem, moving billions of dollars equivalent in user funds on a daily basis worldwide.
Cybersecurity (2 out of 10) – Tying in with the fact that crypto exchanges have substantial monetary holdings, their ability to maintain a secure operational environment then becomes a very important evaluation criteria.
Scale (1 out of 10) – Scale is a statistical analysis that measures and compares the trading volume and order book depth among exchanges.
Past Incidents (1 out of 10) – Past incidents is used to record if an exchange has had negative past incidents (eg. regulatory troubles, hacking incidents, withdrawal issues, user account disputes & more).[New] Proof of Assets (1 out of 10) – Evaluates the availability of basic asset disclosure, ownership or asset audits by crypto exchanges. [Updated] Team Presence (0.5 out of 10) – Team presence evaluates if an exchange team provides public information on its team on a site they own (minimally top management such as C-suite figures). [Updated] API Coverage (0.5 out of 10) – API measures technical coverage, as well as data availability which are also important factors to consider for transparency purposes throughout the evaluation process.
Future – Proof of Reserves with addition of Liabilities data (WIP)
Proof of Reserves = Proof of Assets (how much is owned) + Proof of Liabilities (how much is owed)
We recognize that the disclosure of assets on-chain or balance audits is only part of the equation, hence the need for Proof of Liabilities as well. Currently, Proof of Liabilities is mainly centered around self-attested method (merkle tree) or audited balances. While it works, it has its shortcomings that may need further work, particularly on these fronts:
- Existing balances can be easily tracked and verified publicly
- Address privacy concerns (user balance leaking, exchange activity) to ensure it fits within an exchange’s security protocols
- Audits – auditing standards, as well as the validity periods. Should it be quarterly? yearly? We’ll need to do more work on this front.
That said, with liabilities data (assets + liabilities) in the mix, Proof of Reserves scoring for Trust Score will likely be updated:
- Full scoring – Assets (wallets/balances shown, audited) + Liabilities (audited + users are able to self-attest through Merkle tree or zk-SNARKs)
- Partial score – Either one of the above
- No score – Neither of the above
However, please note that this section highlights our current thinking/concept for what is to come. The team is still working to research + run simulations that help ensure Trust Score remain as a robust ranking system that provides actionable data for our users. We will update this from time to time as we learn more so stay tuned!
For this section, we’d like to be transparent about the potential shortcomings. Even with Proof of Assets + Proof of Liabilities, there is no guarantee that nothing can ever go wrong. Here are our thoughts:
- In a custodial setup (i.e. centralized exchanges), there will always be the risk of events which voids any proof of asset/liabilities such as hacks, loss of keys or any unforeseen circumstances
- Audits conducted by 3rd parties may not uncover the full picture and the possibility of human error exists at every step of the way, which may slip through cracks despite best efforts.
- To our knowledge, there are no existing standards for operator/firms that provide reserve auditing services for crypto exchanges as of Dec 2022 and more work is likely required to set a globally accepted standard.
- An audit represents conditions at time of audit and conditions can change at any time.
- The full extent of liabilities (eg. off-chain loans, bad debts) may not be known.
- The current approach of self-attested Proof of Liabilities through the Merkle tree method (see Kraken) has its limitations, which includes some degree of privacy/exchange operation activity data.
Many great teams/folks have shared their takes on this subject as well. Our references include Vitalik Buterin, Kraken, Coinbase & BitMEX, all of which we have learned a lot from! Clearly a lot more work is still required for the future, and we’re looking forward to contributing to betterment of the industry.
Disasters are painful events – but the best way for us as an industry player is to move forward and emerge stronger and hopefully a little wiser. We’re confident that this update will provide the industry with a sliver more accountability and transparency that is much needed and will continue to iterate!