What Proof of Reserves actually proves
Proof of Reserves is a verification technique that lets a centralized custodian — an exchange, a stablecoin issuer, a lending desk — demonstrate that the assets it controls match what it owes customers. The standard construction has two halves. First, the firm hashes every user balance into a Merkle tree and publishes the single root hash; any user can later check their balance was included without seeing anyone else's. Second, it proves control of the on-chain wallets holding the reserves, typically by signing a message or moving a known amount. Sum the wallets, compare to the Merkle-tree total, and in theory you get a 1:1 (or better) backing ratio.
That phrase in theory is doing a lot of work, and it's why PoR sits in the regulation bucket rather than the cryptography one.
How a modern PoR works
The naive Merkle approach leaks data — competitors can estimate your total book, and balance ranges can deanonymize large accounts. The current direction is to wrap the proof in zero-knowledge. OKX, for example, publishes a zk-STARK-based PoR that proves the sum of all non-negative user balances equals the attested reserve total without revealing individual figures. This matters because the older trees had a known cheat: include a few negative balances in the sum and you can fake a healthy ratio. A zk circuit that enforces non-negativity closes that hole. Several venues now publish monthly — Phemex's April 2026 report claims 131% collateralization across major assets, for instance.
Why it matters
PoR exists because of what it failed to prevent. FTX published reassuring numbers and still vaporized at least $8 billion of customer funds. In the aftermath, exchanges scrambled to publish PoR reports — and weeks later their attestation firm, Mazars, abruptly halted all crypto work, saying the reports weren't reassuring markets. That episode is the whole case for and against PoR in one story: the demand is real, and the tool as commonly deployed doesn't carry the weight people put on it.
The risks and tradeoffs
The central flaw is liabilities. A reserve attestation proves assets at a timestamp; it says nothing about debt. A firm can hold $1B on-chain and owe $3B in off-balance-sheet loans, undisclosed leverage, or rehypothecated collateral, and still pass. It can also borrow assets the day before the snapshot and return them after — PoR is a photograph, not a video. The PCAOB has been blunt about this: PoR engagements "are not audits" and "do not provide any meaningful assurance," and they fall outside PCAOB inspection. In my view the industry oversold a cryptographic primitive as a solvency guarantee, and regulators correctly called the bluff.
The honest version is Proof of Reserves and Proof of Liabilities — proof of solvency. The Merkle/zk machinery can encode liabilities too; the hard part is that genuine liabilities live off-chain in legal agreements, not in wallets, so you still need an attestor or a regulator to vouch that the liability set is complete.
Current state (2026)
There is still no universal mandate to publish PoR. It remains largely voluntary, with each venue choosing its own method, cadence, and assets — which makes cross-exchange comparison nearly meaningless. The regulatory weight is shifting elsewhere: MiCA imposes hard reserve, custody, and segregation rules on stablecoin issuers and CASPs in the EU, and audited financials carry obligations that a self-published Merkle root never will. Expect the center of gravity to keep moving from "prove your reserves" toward "prove your solvency, on a schedule a supervisor accepts." The cryptography was never the bottleneck — the missing piece has always been an enforceable obligation to show the other side of the balance sheet.