Is Proof of Reserves Enough for Bitcoin Custody?

No. Proof of Reserves verifies that a custodian held assets at a moment in time, but it does not verify segregation, legal title, or who controls the keys. Every major custodial failure in Bitcoin's history, from Mt. Gox in 2011 through Bybit in 2025, occurred at a firm that had published a reserve attestation, used multi-signature wallets, or both. Proof of Reserves is necessary but not sufficient. The custody question that matters is not whether a platform held coins yesterday; it is whether any single party can move or lose those coins tomorrow. Onramp's Multi-Institution Custody is built around a standard that addresses these structural gaps directly.

This article explains the four structural conditions Proof of Reserves cannot establish, the historical record that demonstrates why those conditions matter, and what an adequate custody standard requires.

The short answer

Proof of Reserves is a useful disclosure. It is not a custody standard.

A disclosure tells you the state of something at a point in time. A custody standard tells you the structure under which something will be safekept across time. Those are different categories.

Every major custodial failure in Bitcoin's history shares two characteristics. First, the failed custodian either published Proof of Reserves, used multi-signature wallets, or both, meaning the controls intended to detect or prevent the loss were in place. Second, the loss was caused by a structural condition the controls were not designed to detect: customer asset commingling with platform funds, undisclosed counterparty concentration, unilateral control by a single insider or compromised interface, or a gap between reserve snapshots large enough to move the assets.

Proof of Reserves is a meaningful step forward from no disclosure at all. It is not a substitute for a custody structure that addresses the architectural conditions under which custodial losses actually occur.

What Proof of Reserves was designed to prove

A complete Proof of Reserves program demonstrates two things at the moment of attestation:

• The custodian holds on-chain assets in known wallets.
• Customer liabilities, committed via a Merkle-tree the customer can verify against, sum to a total that does not exceed the on-chain reserves.

When both are true, the program demonstrates that the custodian had sufficient reserves to cover customer claims on the date of attestation. This is genuinely useful. It is a strong response to the question "is the platform solvent right now, against the claims it has acknowledged?"

It is also a narrowly scoped answer. It does not address what is happening between snapshots. It does not address whether the reserves on the asset side are pledged elsewhere. It does not address whether the customer assets are legally segregated from the platform. It does not address who, in the operational reality of the platform, controls the keys. For a complete definition of what Proof of Reserves is and the five distinct methodologies operating under the label, see What is Proof of Reserves?.

The four things Proof of Reserves cannot tell you

1. What happens after the snapshot

The typical Proof of Reserves cycle is monthly. Some programs publish quarterly. Real-time programs (Coinbase's cbBTC, 21Shares' 21BTC) publish continuously but only describe the reserves side.

The Bybit case study is the cleanest illustration. Bybit had been publishing monthly Hacken-audited Merkle-tree Proof of Reserves since June 2024. The most recent attestation before the February 21, 2025 hack was published less than 24 hours earlier and showed reserve ratios above 100% across all asset categories. The hack, which removed approximately $1.5 billion in customer assets, occurred entirely within the window between the published attestation and the next scheduled attestation.

The next Proof of Reserves after the hack, published February 23, also showed reserve ratios at or above 100%, because Bybit had secured emergency funding to backfill the loss. From a snapshot-based perspective, the reserve attestation never registered the event.

This is not a Bybit-specific problem. Any snapshot-based attestation regime has the same structural property: events that occur between snapshots, and that are remediated by the time the next snapshot runs, are invisible to the regime.

2. Whether your specific coins are segregated

Most Proof of Reserves implementations cover omnibus arrangements: the custodian holds customer assets in shared platform wallets and uses internal accounting to track which customer is owed what. The Merkle-tree of liabilities commits to the customer-level breakdown of those internal records. But on-chain, the assets remain commingled in shared wallets.

The implication: when the platform fails, the on-chain reality cannot distinguish customer X's coins from customer Y's coins from the platform's coins. The bankruptcy court has to allocate based on the internal records, and the internal records may not have survived the failure in usable form.

Mt. Gox's customers spent more than a decade attempting to recover what they were owed, in part because the on-chain history of the exchange's wallets could not be cleanly mapped back to individual customer balances. Celsius and FTX customers faced similar reconstructions in 2022-2023.

Segregation is the property that allows on-chain verification of who owns what. Most Proof of Reserves programs do not require it.

3. Who legally owns the assets

Proof of Reserves describes what assets the custodian controls. It does not describe whether those assets are legally the customer's or the custodian's.

The distinction was settled with finality by Judge Glenn's January 4, 2023 ruling on the Celsius Earn program. Customers who had deposited assets into the Celsius Earn product had, under the legal structure of that product, transferred beneficial ownership to Celsius. When Celsius filed for bankruptcy, those assets were part of the Celsius estate, not the customers' property. The customers were treated as unsecured creditors of a failed company.

The Celsius ruling has applied broadly across crypto bankruptcy proceedings since. The legal-title question is a property of the original custody arrangement, not of the disclosure regime overlaid on it. Proof of Reserves does not, and cannot, change what the bankruptcy court determines about whose property the assets are.

4. Whether anyone can move the assets unilaterally

This is the question most directly relevant to the recent failure pattern. Multi-signature wallets were intended to prevent unilateral control. In practice, multi-signature on its own has not prevented the failures it was meant to prevent.

DMM Bitcoin (May 2024, ~$305 million lost), WazirX (July 2024, ~$235 million lost), Phemex (January 2025, ~$85 million lost), and Bybit (February 2025, ~$1.5 billion lost) all used multi-signature custody. In each case, the multi-signature was real, the cryptographic protocol functioned correctly. The failure was that all the signers operated within a single organizational reporting line and viewed the same compromised interface. When the interface was compromised, the multi-signature provided no defense, because every signer saw the same misleading display.

Proof of Reserves cannot detect this failure mode. It describes the state of the reserves, not the architectural separation between the parties who can move them.

The historical record

The pattern of every major Bitcoin custodial failure is consistent across more than a decade:

• Mt. Gox (2011-2014): Published "proof of solvency" via wallet broadcast in 2011 while theft was already underway. Ultimately lost approximately 850,000 BTC.
• Bitfinex (2016): Multi-signature setup (BitGo as one signer). Approximately 119,756 BTC lost to attackers.
• QuadrigaCX (2019): Single-key custody by the founder. Approximately $190M CAD in customer assets lost upon his death.
• Celsius (2022): Multi-billion liabilities, no on-chain segregation, undisclosed counterparty exposure. Customer assets ruled property of the bankruptcy estate.
• FTX (2022): Customer balance representations bore no relation to underlying holdings. Held approximately 0.1% of customer BTC balances and 1.2% of customer ETH balances at the time of bankruptcy.
• BlockFi (2022): Counterparty exposure to FTX brought down the platform.
• Genesis (2023): Counterparty exposure to Three Arrows Capital and FTX.
• DMM Bitcoin (2024): Multi-signature compromised. ~$305M lost.
• WazirX (2024): Multi-signature compromised. ~$235M lost.
• Phemex (2025): Multi-signature compromised. ~$85M lost.
• Bybit (2025): Multi-signature compromised, monthly Hacken-audited PoR less than 24 hours before the loss. ~$1.5B lost.

Every one of these failures occurred at a custodian that had implemented either Proof of Reserves, multi-signature, or both. None of those controls prevented the loss. In each case, the failure mode was structural, commingling, unilateral control, counterparty concentration, or snapshot blindness, and the controls in place were not designed to address it. For a fuller examination of the case set with the architectural details of each failure, see Why Proof of Reserves Didn't Prevent Major Bitcoin Exchange Hacks.

What adequate custody assurance looks like

The standard that addresses what Proof of Reserves cannot, Proof of Ownership, requires four structural conditions, each corresponding to one of the failure modes above:

• Segregation on-chain, addressing commingling
• Legal title held by the customer or a bankruptcy-remote entity, addressing the Celsius-style legal classification problem
• Deterministic verification against the chain at any moment, addressing snapshot blindness
• Distributed control across independent regulated institutions in a quorum structure, addressing unilateral control by any single party or compromised interface

These conditions are not additional disclosure requirements. They are architectural properties the custody arrangement itself must satisfy. A custodian cannot satisfy them by publishing more reports; the custodian has to change how the custody is structured.

Multi-Institution Custody is one implementation. The default configuration uses a 2-of-3 multi-signature quorum across Onramp, BitGo Trust, and CoinCover, three independent regulated institutions, each operating its own infrastructure. Onramp Finance, the brokerage and banking product, uses single-custodian custody with BitGo Trust and offers an upgrade path to full Multi-Institution Custody.

For the full case for the standard and the technical specification, see The Proof of Reserves Illusion.

The bottom line

Proof of Reserves answers the question "did the custodian have the assets on the day of attestation?" That is a useful question with a useful answer.

It is not the only question that matters, and it is not the most important question for a holder evaluating where to safekeep significant value over time. The questions that matter, whether the assets are segregated, whether the holder owns them legally, whether the custody can be verified continuously, whether any single party can move them unilaterally, are not what Proof of Reserves was designed to answer.

A custodian that publishes Proof of Reserves is doing more than a custodian that does not. A custodian that implements Proof of Ownership is doing something different: changing the structure of the custody itself so that the conditions Proof of Reserves cannot detect no longer exist.

If you're evaluating Bitcoin custody for a position size that warrants institutional-grade safekeeping, schedule a consultation with Onramp to discuss the Proof of Ownership standard and how Multi-Institution Custody addresses the structural limitations of Proof of Reserves. To open an account, sign up here.

Related Reading

• The Proof of Reserves Illusion: The Full Report
• What is Proof of Reserves?
• Proof of Reserves vs Proof of Ownership
• Why Proof of Reserves Didn't Prevent Major Bitcoin Exchange Hacks
• How Was Bybit Hacked?
• What is the Safest Way to Custody Bitcoin?