Major crypto exchange OKX said it launched a self-audit feature, which currently supports three cryptoassets.
“You can now verify your assets are backed 1:1 on OKX,” said the announcement. The new feature supports bitcoin (BTC), ethereum (ETH), and the USDT stablecoin, with more assets to come, said the company.
The website offers users the option to view their audit, as well as to view OKX reserves. It claimed that its on-chain wallet holdings are public so that users can always verify that their funds are backed by real assets.
It also said that it regularly publishes Proof-of-Reserves (PoR) audits, enabling users to verify that their assets are held in the exchange’s reserves.
Proof of Reserves is a common audit method, said OKX, which is used to ensure that a custodian indeed holds sufficient funds to cover all assets held on their exchange. To verify the audit, three steps come into play:
- a Merkle tree is used, which is a data structure designed to encrypt data, to verify all the user assets held on the exchange;
- the exchange’s ownership of OKX on-chain wallet addresses and the total OKX wallet holdings is verified;
- the exchange’s reserve ratio is verified by comparing total user asset holdings with total exchange assets from OKX on-chain wallet addresses.
Each user is given a unique anonymous user hash ID, and each user’s total asset balance becomes a Merkle leaf in the tree, said OKX, adding that,
“Combining the total sum of all our user’s assets produces a “Merkle root”, a cryptographic signature that represents all user holdings.”
The exchange also said it published a list of wallet addresses with a signed message “I am an OKX address”, where users can check the OKX assets stored on-chain.
The website also provides instructions on how to self-verify PoR: how to verify OKX wallet address ownership and balance, as well as check if one’s assets are included in the OKX Merkle tree.
There are some, however, who argue that certain types of PoR are not enough. Jesse Powell, co-founder and former CEO of crypto exchange Kraken, said he would be “more assertive” when it comes to “calling out problems.”
He tweeted that a PoR audit requires cryptographic proof of client balances and wallet control, and that it must have:
- the sum of client liabilities (auditor must exclude negative balances);
- user-verifiable cryptographic proof that each account was included in the sum;
- signatures proving that the custodian has control of the wallets.