Why Proof of Reserves Didn't Prevent Major Bitcoin Exchange Hacks

No. From Mt. Gox in 2011 through Bybit in 2025, every major custodial failure in Bitcoin's history occurred at a firm that either published reserve attestations, used multi-signature wallets, or both. The recurring failure modes, commingled customer assets, unilateral control of key sets, undisclosed counterparty concentration, and the structural gap between snapshots, are invisible to point-in-time reserve attestations. In several cases, Proof of Reserves was published in the weeks preceding the failure. The architecture that enabled each loss was always invisible to the disclosure meant to detect it. Onramp's Multi-Institution Custody is built to eliminate these structural gaps rather than document them.

This article walks through the historical case set, identifies the four failure modes that appear across all of them, and explains what custody assurance has to look like to address the failure modes Proof of Reserves cannot.

The pattern

The single most important finding from a comprehensive review of major Bitcoin custodial failures from 2011 through 2025 is that the controls intended to detect or prevent these losses were in place at the time of every loss. Proof of Reserves, multi-signature wallets, third-party audits, and combinations of all three were already standard practice. None of them stopped the failures.

This is not because the controls are useless. It is because the controls were designed to address a narrower set of risks than the ones that actually caused the losses. Proof of Reserves describes the state of reserves at a snapshot in time. Multi-signature ensures that more than one party signs a transaction. Third-party audits provide an external check on specific scoped procedures. The failure modes that produced the actual losses, assets commingled across customers and platform, undisclosed counterparty exposure, signers all operating from a single compromised interface, gaps between snapshots large enough to move the assets, sit outside what those controls describe.

The pattern is consistent across every major failure. The controls were in place. The failure mode was structural. The loss occurred anyway.

Mt. Gox: the founding failure of point-in-time attestation

On June 23, 2011, Mt. Gox transferred 424,242 BTC between addresses as a public demonstration of solvency, the first widely visible reserve attestation in Bitcoin's history.

By the time of the broadcast, theft from Mt. Gox's hot wallet had been underway for at least months. WizSec's subsequent forensic investigation identified that systematic outflows from Mt. Gox-controlled addresses to attacker-controlled addresses had begun no later than late 2011 and continued without effective detection through 2013. The exchange ultimately lost approximately 850,000 BTC before declaring bankruptcy in February 2014.

The architectural lesson from Mt. Gox is foundational to understanding every subsequent failure: a snapshot of reserves at one moment cannot describe what is happening between snapshots. Mt. Gox was not insolvent on June 23, 2011, in the sense that it controlled the assets it claimed to. It was insolvent in a deeper sense: its hot wallet was being drained, its internal accounting was diverging from the on-chain reality, and the snapshot could not register either.

Every reserve-attestation methodology developed since has inherited this structural limitation. Real-time PoR programs (Coinbase's cbBTC, 21Shares' 21BTC) close the gap between snapshots but cannot detect losses that happen on the chain itself between the moments they describe.

The 2022 cascade: Celsius, Voyager, FTX, BlockFi, Genesis

The 2022 cycle of failures was not driven by exchange hacks. It was driven by counterparty concentration and the failure of the legal structures customers had assumed would protect them.

Celsius Network (July 2022 bankruptcy)

Celsius custodied billions in customer assets under its Earn program. The custody was undisclosed counterparty exposure as much as it was direct custody: customer assets had been deployed across counterparties, decentralized protocols, and proprietary positions. When the chain of liabilities unwound, the reserves were not sufficient.

Most consequentially, on January 4, 2023, Judge Glenn ruled that the customers who had deposited assets into the Celsius Earn program had transferred beneficial ownership to Celsius under the program's terms of service. The assets were therefore the property of the Celsius bankruptcy estate, not the customers. Customers became unsecured creditors of a failed company.

Proof of Reserves, had it been in place, could not have addressed any of this. The reserve side could be verified; the legal ownership of the assets could not be remade after the fact. The Celsius ruling has shaped how customers, regulators, and courts evaluate every subsequent crypto custody arrangement.

Voyager (July 2022 bankruptcy)

Voyager's exposure to Three Arrows Capital was sufficient to render the company insolvent when 3AC failed. Customer balances appeared to be backed by the platform until the counterparty failure was disclosed.

FTX (November 2022 collapse)

The most consequential failure in the historical record. FTX's customer-facing representations of balances bore essentially no relation to its underlying holdings. At the time of bankruptcy, FTX held approximately 0.1% of the BTC customers believed it held and approximately 1.2% of the ETH. The gap had been concealed through commingling with Alameda Research and through internal accounting that contradicted the on-chain reality.

BlockFi (November 2022 bankruptcy)

Counterparty exposure to FTX was sufficient to drive BlockFi into bankruptcy within weeks of FTX's collapse.

Genesis (January 2023 bankruptcy)

Counterparty exposure to Three Arrows Capital and FTX. Customer balances were available only as claims against the bankruptcy estate.

The common thread across the 2022 cascade is that each failure was caused by something Proof of Reserves does not measure: counterparty exposure, legal classification of customer assets, and the difference between on-chain reserves and the obligations they were notionally supposed to back.

The 2024-2025 multi-signature failures: DMM Bitcoin, WazirX, Phemex, Bybit

The most recent failure pattern is different from the 2022 cascade. The 2024-2025 failures are not about insolvency or counterparty exposure. They are about the failure of multi-signature custody to do what it was designed to do.

DMM Bitcoin (May 2024, ~$305M)

Multi-signature cold storage. Attackers obtained signing access through a vector the exchange has not publicly disclosed in full detail. Approximately $305 million in BTC moved to attacker-controlled addresses despite the multi-signature being structurally intact.

WazirX (July 2024, ~$235M)

Multi-signature custody. Approximately $235 million in customer assets moved to attacker-controlled addresses. Subsequent investigation identified social engineering and access compromise as elements of the attack vector.

Phemex (January 2025, ~$85M)

Multi-signature compromised. Approximately $85 million in customer assets moved.

Bybit (February 2025, ~$1.5B)

Hacken-audited monthly Proof of Reserves with reserve ratios above 100%, the most recent attestation published less than 24 hours before the hack. Lazarus Group compromised a Safe{Wallet} developer machine, injected malicious JavaScript into the signing interface, and the multi-signature signers approved a transaction whose displayed destination differed from the actual destination encoded in the signed payload. Approximately $1.4 to $1.5 billion in ETH and staking derivatives moved to attacker-controlled addresses. For the technical anatomy of the Bybit attack specifically, see How Was Bybit Hacked?.

The 2024-2025 pattern reveals a structural property of multi-signature that had not been broadly understood: multi-signature provides defense against a single individual acting maliciously, but it does not provide defense against a single compromised interface presented identically to all signers. When the interface is the attack surface, the multi-signature is bypassed without breaking the cryptography.

The four failure modes that repeat

Across every major Bitcoin custodial failure since 2011, the recurring failure modes are:

1. Commingling

Customer assets are pooled with platform assets or with other customers' assets in shared wallets. When the platform fails, the on-chain history cannot cleanly distinguish whose coins are whose.

Visible in: Mt. Gox, Celsius, Voyager, FTX, BlockFi, Genesis.

2. Unilateral control

A single party, whether an individual, a small group operating from a single reporting line, or a compromised interface presented to multiple signers, can move the assets without independent verification from an unrelated party. Multi-signature does not prevent this when the multi-sig signers share an interface or organizational dependency.

Visible in: QuadrigaCX, DMM Bitcoin, WazirX, Phemex, Bybit.

3. Counterparty concentration

The custodian's reserves are exposed to a single counterparty or to a small set of counterparties whose failure would render the custodian insolvent. This exposure is not always disclosed in customer-facing reporting and is usually outside the scope of standard Proof of Reserves attestations.

Visible in: Celsius (DeFi protocols, proprietary positions), BlockFi (FTX), Genesis (3AC, FTX).

4. Snapshot blindness

Events that occur between reserve-attestation snapshots, and that may be remediated by the time the next snapshot runs, are invisible to the attestation regime. The longer the gap, the more invisible the events.

Visible in: Mt. Gox (theft underway during 2011 broadcast), Bybit (loss occurred between snapshots).

What would have prevented each

The four pillars of Proof of Ownership map directly to the four failure modes:

None of the four pillars can be retrofitted by publishing more reports. Each is an architectural property of how the custody is structured. A custodian implementing them is doing different work than a custodian publishing additional disclosures. For the full standard and the technical specification, see The Proof of Reserves Illusion and Proof of Reserves vs Proof of Ownership.

The bottom line

Every major Bitcoin custodial failure in the historical record occurred at a custodian with controls in place. The controls were not absent. They were addressing different risks than the ones that caused the losses.

This is the strongest empirical argument for treating Proof of Reserves as necessary but not sufficient, and for evaluating custody arrangements against the architectural properties, segregation, legal title, deterministic verification, distributed control, that the historical failures consistently lacked.

If you're evaluating Bitcoin custody for a position size that warrants institutional-grade safekeeping, schedule a consultation with Onramp to discuss how Multi-Institution Custody implements the Proof of Ownership standard. To open an account, sign up here.

Related Reading

• The Proof of Reserves Illusion: The Full Report
• What is Proof of Reserves?
• Is Proof of Reserves Enough for Bitcoin Custody?
• Proof of Reserves vs Proof of Ownership
• How Was Bybit Hacked?
• What is the Safest Way to Custody Bitcoin?