When the black swan appeared, major centralized exchanges rushed to publish PoR (Proof of Reserves, PoR for short). PoR is a cryptographic verification mechanism used to prove that the assets held by the exchange on the chain are sufficient to cover the total amount of user assets 1:1, which not only ensures transparency but also protects user privacy. It is mainly to prove that they have not misappropriated user assets and have the ability to accept.
The difference between the exchanges PoR verification method and traditional finance is that PoR generates publicly verifiable proofs based on cryptography and supports user self-verification; while traditional audits rely on third-party sampling and reporting, which users can only passively trust and have relatively limited transparency.
In theory, PoR is to reassure us users, but currently only a few leading exchanges represented by OKX are still releasing PoR on a monthly basis, and many are already in a slack or stagnant state. But even with a PoR report, it cannot guarantee that our assets stored in the exchange are safe. In other words, publishing a PoR report does not mean absolute security. We also need to understand the details of each exchange behind PoR, which reflects the security level of different exchanges.
Blockchain expert Nic Carter once commented that OKX represents the highest level of PoR quality among mainstream exchanges. Next, we will use OKX as a sample to talk about PoR from a deeper perspective: no longer just asking is there?, but to find out how well it is done and what level of security is OKX at?
Start with these three steps
Many friends open the PoR report, and the first thing they see is the rows of tables or data: BTC reserve rate 104%, ETH reserve rate 101%, USDT reserve rate 103%... Seeing that they are all greater than 100%, they subconsciously feel relieved: this platform should be quite reliable. But dont worry, there are actually many hidden tricks in the PoR report, and just looking at the reserve rate is far from enough.
To quickly grasp the key points and risks of PoR, you can follow the following three main steps and ideas.
The first step is to look at the overview: open the report and find the total user assets, total platform liabilities and reserve ratio. Different exchanges may call them differently, such as OKX uses account assets and OKX wallet assets, but in essence they all refer to the assets and liabilities of users and exchanges. Dont just focus on the size of these numbers, but see if the reserve ratio is equal to or greater than 100%. For example, in the PoR released by OKX in April, the BTC reserve ratio is 104%, which not only meets the daily withdrawal needs of users, but also reserves redundancy, indicating a stronger ability to resist risks.
The second step is to check the details of the currency: not all currencies are equally stable. First, check whether the mainstream currencies (BTC, ETH, USDT, USDC, etc.) are included. These currencies usually account for the bulk of user assets and are the core indicators of exchange liquidity, payment ability and risk control level. Secondly, you have to click on the detailed list of each currency to see whether the total assets of the exchange and the total assets of the user match. For example, if there are 10,000 USDT in the wallet and the total user assets are 9,000, then there is no problem. But if it is the other way around, pay attention to whether abnormal withdrawals have occurred or the reserve ratio has dropped.
The third step is to identify common tricks: In order to show off security, a wave of fund allocation is directed and performed through the associated address, and then transferred back after the PoR is announced; a large number of false liability accounts are created to reduce the platforms liabilities, thereby proving the solvency at a certain moment, and then returning to the original form in the next period, etc. OKX uses zk-STARK technology and opens the code globally. On the one hand, it effectively prevents the false liability account routine, and on the other hand, users can verify it themselves to prevent this kind of PoR report P-picture.
If you don’t have time to look at all the data, it is recommended to focus on three indicators:
1. Whether the reserve ratio is continuously and stably > 100%;
2. Whether user self-verification is supported;
3. Whether the report is updated regularly and covers mainstream assets and pledged assets.
We must remember: the good-looking PoR data is not the point; the key is to understand the exchange’s solvency and security capabilities.
Focus on these six data
First, understand the most core security data: whether PoR is more than 100%. This is like when you deposit money in a bank, the most basic requirement is of course that the bank has enough money to pay you back. This logic also applies to crypto exchanges. We need to see whether the on-chain assets of the exchange can cover the users account assets at a ratio of 1:1. This ratio is the so-called reserve ratio (PoR = platform assets/user assets × 100%).
Equal to 100%: It means that the platform just holds enough assets to cover user assets; higher than 100%: It means that the platform has more sufficient repayment funds and has a certain ability to resist risks. But it should also be noted here that a larger reserve ratio does not mean a safer exchange, and the two cannot be directly equated. For example, a sudden surge in the reserve ratio of a certain currency may be caused by the recent activities of the platform; lower than 100%: This is a red light warning! It means that the assets of the currency held by the platform are not enough to repay all users. Continuously lower than 100% may mean that the platform has a run, or even deliberately conceals liquidity problems. But because of this, many platforms may experience reporting interruptions at this time, which is itself a risk signal.
Second, which coins are covered by PoR: Are all mainstream coins included? After all, our assets are not just in one coin. BTC, ETH, USDT, USDC, these mainstream coins, generally account for 80% or even 90% of the users position. The number of coins covered by PoR is an important indicator for evaluating the transparency and asset management capabilities of the exchange. Take OKX as an example. From the earliest 3 coins to the current public PoR of 22 coins, basically all the main assets of users are put on the table. BTC, ETH, USDT, and USDC alone account for more than 66% of the platforms assets, and the 22 coins announced by PoR account for more than 90% of the platforms assets. In other words, just looking at these four coins, you can basically understand whether the selected platform is safe or not.
Third, the cleanliness of the reserve: that is, the proportion of non-platform currency assets in the total reserve, rather than relying on the platform currency to fill the number. Cleanliness is an important dimension to measure the quality of exchange assets. It directly reflects the true value, liquidity and risk resistance of the reserve - only by maintaining sufficient reserves without relying on its own tokens can it be proved that the exchange has real robustness. But when evaluating the quality of the exchanges reserves, we can divide cleanliness into two categories:
Proof by currency - The exchange publishes a PoR report for each major currency (such as BTC, ETH, USDT, USDC, etc.). As long as the reserve rate of a single currency is greater than 100%, it means that the currency has the ability to accept. Whether to include its own platform currency at this time will not affect the judgment of the solvency of each mainstream currency.
Proof by total assets - the exchange combines all assets (including platform coins) to give a total reserve rate. In this way, if the platform coin accounts for a high proportion, once its price or liquidity is frustrated, it may lead to the risk of non-payment of the overall reserve. Therefore, special attention must be paid to the proportion of non-platform coin assets in the total assets, that is, cleanliness. At present, most exchanges have included platform coins in PoR. Taking OKX as an example, although its PoR for a single mainstream coin remains above 100% and is not affected by OKB price fluctuations; but if calculated according to the latest overall asset method, its non-platform coin cleanliness is about 70%. This means that relying solely on the most liquid mainstream assets such as BTC, ETH, USDT, USDC, etc., more than 70% of the total user liabilities can be supported, truly achieving high transparency and risk resistance.
Fourth, there is another point that is often overlooked: the changing trend of the reserves of mainstream currencies such as BTC and ETH. It is highly likely that users or institutions are optimistic about the platforms security and liquidity. Recently, the reserves of mainstream currencies such as ETH and BTC of OKX have shown an upward trend. For example, as of April 7, 2025, the OKX PoR report shows that the ETH in the account has increased from 1,556,932 on October 8, 2024 to 1,770,686, an increase of about 13.7%; BTC has increased from 126,082 on January 10, 2025 to 133,151, an increase of about 5.6%, which indirectly reflects the users confidence in the security of the platform.
Fifth, the proportion of the top 10 mainstream coins: Dont let unpopular coins hold the overall situation. The higher the proportion of the top 10 mainstream coins, the healthier the PoR is, because such assets have strong liquidity and high stability, and can support the platforms capital security in extreme cases. According to various PoR reports, in the current reserve structure of mainstream exchanges, the top 10 mainstream coins by market value account for more than 80%, and the proportion of unpopular coins is controlled between 10% and 20%. The overall asset structure is healthy and meets users expectations for high solvency. For example, as of April 7, 2025, the total value of OKXs top 10 mainstream coins accounted for approximately 88.8% of PoR.
Sixth, the frequency of PoR report release is also important: is it exposed occasionally? PoR reports usually reflect the status of assets at a specific point in time. The higher the frequency of PoR release, the harder it is to cover up short-term liquidity or security risks in the exchange. Since the first release of PoR at the end of 2022, OKX has always insisted on monthly releases, and has released 30 consecutive issues as of April 2025. At the same time, each report will be audited and verified by the blockchain security agency Hacken. This also explains why leading platforms such as OKX have repeatedly emphasized monthly disclosure - only high-frequency and reliable audit updates can truly enhance user confidence and maintain platform integrity.
When evaluating the asset security of an exchange, we must link data and cannot rely solely on the PoR report released by the platform itself. We can combine multiple data sources for cross-validation to form a more comprehensive and objective judgment. For example, DeFiLlamas CEX Transparency module provides an overview of the on-chain asset reserves of major centralized exchanges, which can serve as an important external reference. In Nansens CEX Token Flow section, you can view the inflow/outflow of funds including Coinbase, OKX and other exchanges in real time to capture the dynamics of on-chain funds.
Previously, there was a short-term abnormality in OKXs asset data on DeFiLlama. It was later found that the third-party data capture was delayed due to the address upgrade. Such incidents remind us that although third-party platforms are independent, they are also limited by the timeliness and completeness of on-chain address identification. In addition, the PoR data of some small and medium-sized exchanges is significantly different from the data of third-party on-chain monitoring platforms. If this difference cannot be reasonably explained, it is necessary to further carefully investigate the reasons behind it.
PoR data cannot be interpreted in isolation, and we should not take it lightly when we see numbers like 100%. Only by combining on-chain tracking, third-party platform verification, and the exchanges own public mechanism can we make a more scientific judgment on asset security.
A small tool that allows users to verify exchange data
The platform itself shows PoR, but it does not mean that it is absolutely credible. When facing the ultimate question of You put the money in, is it really there?, users need to verify it. Taking the verification logic provided by OKX as an example, only two points need to be proved: first, prove that the total amount of user assets (account assets) is correct; second, the total amount of assets on the platform chain (wallet assets) is correct, and finally the reserve rate is obtained.
For example, two users deposit assets into the exchange, one deposits 100 U and the other deposits 200 U, and the total liability of the platform is 300 U. The exchanges PoR needs to prove two things: the total deposit of all (two) users is 300 U, and the exchange wallet does have 300 U.
The first step is to verify the total deposit of users. OKX uses a zero-knowledge proof algorithm called zk-STARK to prove and verify all OKX account assets held by the exchange. OKX will take a snapshot of all user accounts and constrain them according to the zk-STARK algorithm. The first is the balance sum constraint, which requires that the total amount of assets is equal to the sum of the account asset balances; the second is the non-negative constraint, which does not allow the negative asset accounts to inflate the book value; the third is the inclusive constraint, which requires that no account is left out.
The second step is to verify the exchange wallet assets. OKX has made public a set of wallet addresses and signed a message I am an OKX address with a private key, and proved the ownership of these addresses. Then anyone can check the balances of these addresses on the blockchain browser. Adding up these on-chain balances gives the total amount of real assets held by OKX.
Whether it is the above three constraints or the asset verification of the exchange wallet, OKX not only provides a detailed user self-verification tutorial, which users can verify at any time (https://www.okx.com/zh-hans/proof-of-reserves), but also open-sources the PoR code for verification and use by the technical community (https://github.com/okx/proof-of-reserves/releases/tag/v3.1.4).
The PoR solution itself still has room for iteration
OKX has been exploring more secure underlying technical support to prevent PoR report data from being tampered with or forged. Since OKX launched PoR based on the standard Merkle Tree in November 2022, it upgraded to the full-view Merkle Tree V2 in March 2023, and then pioneered the introduction of self-developed zk-STARK zero-knowledge proof in April 2023, integrating sum constraints, inclusion and non-negative constraints to make the verification process lighter and open source. Therefore, when evaluating the PoR report of any exchange, in addition to paying attention to the reserve rate and user self-verification, its underlying technical implementation and evolution path should also be comprehensively considered to prevent ignoring potential tampering or audit vulnerabilities based solely on data indicators.
Why upgrade to zk-STARK technology? The traditional Merkle tree proof scheme has vulnerabilities, which makes it possible for CEX to do evil. The Merkle tree is a common data structure. When it is used for reserve proof, it hashes the balance of each account and organizes it into a tree structure to verify whether a certain account balance is included in the total liabilities of the exchange. However, the traditional Merkle tree has a key flaw: it cannot prevent negative value nodes. If a centralized exchange (CEX) wants to do evil, it can create fake accounts and set the balances of these accounts to negative values, making the reserves appear to match the liabilities, even if they are not actually.
zk-STARK uses advanced cryptographic techniques to generate proofs that are mathematically verifiable and can be verified by anyone. Most importantly, zk-STARK does not require a trusted setup. A trusted setup means that in some cryptographic systems (such as zk-SNARK), a special process is required to generate initial secret parameters, and all initial secret parameters need to be destroyed after the trusted setup is completed. If this initial secret parameter is leaked or manipulated, the security of the entire system may be compromised.
But zk-STARK avoids this risk. It is based on transparent encryption technology. The entire process does not rely on any secret information or external trust and is completely decentralized. Users do not need to worry about the platforms shady operations or potential vulnerabilities during setup. zk-STARK provides a truly trustless security guarantee and is currently the safest solution in PoR.
How does zk-STARK solve this problem? zk-STARK provides a strong mathematical guarantee to verify that the balance of each account is real and legal. There are no hidden negative nodes, and zk-STARK ensures that the net balance of all accounts is greater than or equal to zero. In addition, the total amount of reserves cannot be manipulated, and CEX cannot forge the illusion of reserve matching by artificially tampering with data. zk-STARK completely eliminates the possible loopholes in traditional reserve proofs, truly guarantees the security of user funds, and prevents exchanges from maliciously deceiving users.
OKX continues to lead in credibility and transparency
In addition to using advanced zk-STARK zero-knowledge proof technology, OKX also introduced a third-party independent auditing agency HACKEN for certification to provide users with additional trust protection. Currently, Hackens audit team verifies OKXs reserves every month to ensure that its on-chain assets fully cover user liabilities, that is, the reserve ratio is at 100% or higher, and will publish audit reports for users to review at any time.
PoR is only one aspect of CEX security and cannot fully prevent potential risks. When choosing a CEX, users must rely on the on-chain asset verification capabilities provided by PoR, and also need to consider governance structure, capital liquidity, technical strength and other aspects. It is precisely by relying on the continuous and stable PoR release rhythm, industry-leading zk-STARK innovative technology and third-party independent audit collaboration that OKX has built a more reliable security line of defense, truly making it transparent and visible, and user-verifiable.
OKX is gaining the trust and choice of more and more users around the world with its continued leading credibility and transparency.
Dont Trust, Verify.
Disclaimer
The information provided in this video is for reference only and does not constitute and should not be considered as (i) investment advice, trading advice or investment recommendation; (ii) an offer or solicitation to buy or sell digital assets; or (iii) financial, accounting, legal or tax advice. We do not guarantee the accuracy, completeness or usefulness of such information. Digital assets (including stablecoins and NFTs) involve high risks and may depreciate or become worthless. Digital assets are not insured. Past performance does not guarantee future results. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation, investment objectives, level of experience and risk tolerance. Please consult your legal, tax and investment professionals for your specific situation. Please be responsible for understanding and complying with local applicable laws and regulations.
