What is Proof of Reserves? A Complete Guide to the Bitcoin Custody Standard
Brian Cubellis | Chief Strategy Officer
May 13, 2026
Proof of Reserves (PoR) is a class of cryptographic and accounting attestations that verify a custodian held specific on-chain assets at a moment in time. Modern PoR typically combines a Merkle-tree of customer liabilities with an on-chain reserve attestation, allowing each customer to verify that their individual balance was included in the audited total. The practice was popularized at Kraken in March 2014 and re-emerged as an industry standard after the November 2022 collapse of FTX. PoR provides meaningful transparency about reserves on a specific date. It does not, on its own, establish how those reserves are secured, segregated, or controlled.
This guide explains what Proof of Reserves is, how it works, the five distinct methodologies that now operate under the label, what PoR proves and does not prove, and why it has become necessary but not sufficient as a Bitcoin custody standard.
What Proof of Reserves is
At its core, Proof of Reserves answers a single question: did the custodian, at the time of attestation, control sufficient on-chain assets to cover customer claims?
A complete PoR program has two components:
- Proof of Liabilities. The custodian publishes a cryptographic commitment (typically a Merkle-tree) summarizing every customer balance. Each customer can independently verify that their balance was included in the tree by checking their leaf node against the published root hash.
- Proof of Reserves. The custodian demonstrates control of on-chain assets sufficient to cover the total liabilities committed to in step 1. This can be done by signing messages from the wallet addresses, by moving a known amount of coins through them, or by relying on a third-party auditor who has independently verified custody.
When both components are present and the reserve assets equal or exceed the committed liabilities, the program is sometimes described as a "proof of solvency", though that label overstates what the snapshot can actually establish about an operating business.
A brief history of Proof of Reserves
June 2011: Mt. Gox and the founding instance
The first public attempt at a reserve attestation in Bitcoin history occurred on June 23, 2011, when Mt. Gox transferred 424,242 BTC between addresses as a public demonstration of solvency. The broadcast was visible to anyone watching the chain. It was also, in retrospect, an attestation made while the exchange was actively being drained: theft from Mt. Gox's hot wallet had been underway since at least 2011, and the exchange ultimately lost approximately 850,000 BTC before its 2014 bankruptcy.
The Mt. Gox broadcast established the founding pattern of point-in-time attestation, and the founding limitation: a snapshot of reserves at one moment says nothing about what is happening between snapshots.
March 2014: Kraken and the Merkle-tree construction
In March 2014, Kraken implemented the first cryptographic Proof of Reserves based on a Merkle-tree construction proposed by Bitcoin Core developer Greg Maxwell. The implementation was independently audited by Stefan Thomas. Kraken's approach allowed individual users to verify their balance was included in the audited liabilities without requiring the exchange to publish the full liability list. This was the architectural breakthrough that made PoR practical: users could verify their own inclusion privately, while the public could verify the aggregate.
Between 2014 and 2022, adoption was slow. Most major centralized exchanges did not implement Proof of Reserves, and customer-side awareness of the practice was limited to a small audience of Bitcoin-native users.
November 2022: FTX and the post-collapse explosion
The collapse of FTX in November 2022 changed the conversation overnight. As customer assets evaporated and the scope of the misappropriation became clear, every major exchange faced immediate pressure to demonstrate solvency. Within weeks, Binance, OKX, Crypto.com, Bitfinex, and others published PoR attestations of varying quality. The practice that had been niche for eight years became the industry-standard response to customer panic.
The quality of these implementations varied considerably. Some were rigorous (Kraken extended its existing Merkle-tree program; Bitwise published auditor-attested PoR for its spot Bitcoin ETF). Others were closer to marketing. Auditor Mazars exited the PoR space within weeks of beginning to issue reports for Binance, citing concerns about the practice. Armanino exited within 24 hours of Mazars, also withdrawing from crypto attestation work. The auditor exits signaled that the professional accounting world saw the same limitations that PoR's underlying mathematics implied: snapshots cannot establish the integrity of an ongoing business.
The Network Firm was founded in early 2023 to fill the gap left by Mazars and Armanino, and remains the most active auditor specializing in crypto reserve attestations as of 2026.
The five methodologies operating under the "Proof of Reserves" label
By 2026, "Proof of Reserves" describes at least five distinct technical approaches with materially different properties:
1. Wallet snapshot ("move-coins") PoR
The earliest and simplest form. The custodian signs a message from each reserve wallet or moves a known amount through it on a published date. Anyone can verify the signatures or the on-chain transactions. What it proves: the wallets exist and are controlled by the custodian. What it doesn't prove: that those wallets fully back customer liabilities, or that the wallets are not used in some other capacity (collateral for borrowing, omnibus accounts shared across customers, etc.).
2. Merkle-tree user-balance attestation
The Kraken model, extended by most modern programs. The custodian publishes a Merkle root of customer liabilities; each customer can verify their balance is in the tree. What it proves: aggregate liabilities are what the custodian says they are, and each customer's specific balance is included. What it doesn't prove: that the reserves on the asset side are not borrowed, encumbered, or shared with other purposes.
3. Auditor-attested PoR (AUP, agreed-upon procedures)
A professional auditor performs specific agreed-upon procedures around the custodian's reserves and liabilities and issues a report. The Network Firm, Hacken, Armanino (before its exit), and Mazars (before its exit) have all operated in this space. What it proves: a third party with attestation responsibility has independently checked specific items. What it doesn't prove: anything outside the explicit scope of the agreed-upon procedures, which typically excludes operational risk, counterparty exposure, and architectural questions about who controls the keys.
4. zk-SNARK PoR
A more recent approach in which the custodian uses zero-knowledge proofs to demonstrate that customer balances sum to a specific total without revealing individual balances. Binance and Bitget have implemented variants. What it proves: stronger privacy properties around individual customer balances. What it doesn't prove: anything additional about the reserves side that wasn't already provable with simpler methods.
5. Real-time / continuous PoR
Programs that use on-chain monitoring (often via Chainlink) to publish reserve data continuously rather than monthly. Coinbase's cbBTC and 21Shares' 21BTC use variants of this approach for their wrapped or tokenized Bitcoin products. What it proves: the snapshot is more recent than monthly attestations. What it doesn't prove: the continuous data still only describes the reserves side and cannot detect liabilities the custodian has not committed to a verifiable tree.
What Proof of Reserves does and does not prove
The most common misunderstanding of PoR is that it functions as a safekeeping standard. It does not. It functions as a snapshot-based reserve attestation. The distinction matters.
What PoR proves:
- The custodian controlled specific on-chain assets at the moment of attestation
- For Merkle-tree programs: each individual customer's claimed balance was included in the audited liability total
- For real-time programs: the snapshot is fresher than monthly
What PoR does not prove:
- That customer assets are segregated from platform assets on-chain (commingling is invisible to most PoR methodologies)
- That the custodian holds legal title to the assets on behalf of the customer (the assets may be the property of the platform's general estate, available to creditors in bankruptcy)
- Who controls the keys, in what configuration, and whether any single party can move the assets unilaterally
- What happens to the assets between snapshots (the typical gap is 30 days; in Bybit's case, the gap between the last PoR and the $1.5B hack was less than 24 hours, but the architecture of the attestation could not detect the loss)
- Whether the custodian is exposed to counterparty risk that is not disclosed in the PoR (Celsius held billions in counterparty exposure that did not appear in its public balance summaries)
- Whether the auditor or the reserves themselves are subject to undisclosed encumbrance (loans against the reserves, collateral pledges, etc.)
This is not a flaw in any individual implementation. It is what the methodology can and cannot do by construction. The strongest current PoR programs (Kraken, Bitwise, OKX) are not pretending otherwise. River published a notable acknowledgment in April 2025: "Proof of Reserves doesn't provide insight into the overall health of the company."
The current generation of credible PoR programs
A handful of programs in 2026 represent the strongest current implementations of Proof of Reserves:
- Kraken continues to publish monthly Merkle-tree PoR with third-party audit, the longest-running program in the industry.
- River publishes quarterly auditor-attested PoR with explicit disclosure of methodology limits.
- Bitwise publishes daily reserve data for its spot Bitcoin ETF (BITB), among the most transparent ETF reserve disclosures.
- OKX publishes monthly Merkle-tree PoR covering more than 20 assets.
- Coinbase Custody does not publish customer-facing PoR for its institutional custody but produces SOC 1 and SOC 2 audited reports that cover related controls.
All of them are doing useful work. None of them, by the nature of what PoR can do, address the architectural questions about who controls the keys, what happens between snapshots, and what would prevent the same failure modes that have repeated across every major custodial failure since 2011.
The Proof of Reserves Illusion: the Proof of Ownership standard
The next-generation custody standard described in Onramp's recent research report addresses exactly the gaps PoR cannot. Proof of Ownership requires four structural conditions:
- Segregation on-chain. Customer assets sit in dedicated on-chain addresses, never commingled with platform balances.
- Legal title. The assets are titled to the customer (or to a bankruptcy-remote entity), not to the platform's general estate.
- Deterministic verification. Anyone can verify the custody status against the chain at any moment, not just at periodic snapshots.
- Distributed control. Keys are held across independent regulated institutions in a quorum structure where no single party can move the assets unilaterally.
PoR is necessary but not sufficient. Proof of Ownership is the next step. Onramp's Multi-Institution Custody is one implementation of the standard; the full report (The Proof of Reserves Illusion) examines the historical case set, the four structural failure modes, and the architectural framework for the next industry standard.
If you're evaluating Bitcoin custody for a position size that warrants institutional-grade safekeeping, schedule a consultation with Onramp to discuss the Proof of Ownership standard and how Multi-Institution Custody addresses the structural limitations of Proof of Reserves. To open an account, sign up here.