Premise: proving that you are solvent using cryptographic means<p>Answer: let's re-invent accounting.<p>Look the problem is this, as an "exchange", to be profitable you either need to charge fees, or do some sort of fractional reserve, using deposited value as capital for your Exchange's investments.<p>If you go for option one, then you will be undercut by someone doing option two. The tradeoff being, number two is more likely to loose all your customer's cash.<p>The value of something is more often than not irrational. This means that there is subjectivity in the value of assets. You can't technology your way out of that. This means that its perfectly possible to prove that you have liquid assets that will cover your present position. However thats expensive to maintain. So you start buying longer term more illiquid assets (think property, commodities, companies, etc) some of these are liquid in a day, others months.<p>Worse still the value of them depends on how and when you sell them.<p>So sure you can have assets that cover all your liabilities one day, then due to a re-valuation, not have enough.<p>Thats not the same as solvent though.<p>But, all of this neatly misses the point of crypto. If its a practical payment system, rather than an investment, you wouldn't hold your crypto at an exchange. You hold it your self and move it when you need to convert/liquidate.
Reading the Vitalik posting made me think of this, also on HN right now:<p><a href="https://annasofia.xyz/2022/11/05/criticizing-computers.html" rel="nofollow">https://annasofia.xyz/2022/11/05/criticizing-computers.html</a><p>Every problem, issue with crypto-tech seems to be solved with yet another layer of crypto-tech. Every criticism of the tech is deflected by pointing at yet another project that is claimed to fix what is being criticized.
I admit, I did not read that in detail. Can someone explain how the "proof of liabilities" is proving that it contains <i>all</i> liabilites of an exchange? for example the electricity bill that is coming to be paid next week or the off-book loan of x billion cryptocoin from your fellow exchange that you need to pay back also next week?<p>Awfully lot of trust you seem to need in this fancy world of trustless money of the future.
"Proof of reserves" including Vitalik's heath robinson crypto schemes, provide minimal assurance to exchange users. Why?<p>It's what one would call a "limited assurance engagement" in audit parlance. In other words, it provides assurance over a small subset of the balance sheet of an exchange - only the customer deposits and the exchange liabilities pertaining to said customers.<p>However, there are a few red flags which no-one seems to raise:<p>1) The customer deposits should be off balance sheet if they actually were held in custody. If deposits are not off balance sheet then customer assets cannot be held in custody. Instead, the customers are a creditor of the exchange.<p>2) From the terms and conditions I've read for various exchanges, customers are typically not treated as a preferential creditor.<p>3) In the event of an insolvency, customers are treated pari passu with other creditors.<p>4) To get sufficient assurance that the exchanges can honour their customer liabilities, we need to see ALL of the liabilities, not just the subset relating only to customer deposits. E.g. Who else is money owned to? Did they issue debt? Did they borrow from a bank? Are there any legal provisions? Etc...<p>5) Given the legal treatment of customers as unsecured creditors, without entire visibility of the balance sheet, the "proof of reserves" report is pretty much useless.
It's easy to be dismissive of everything crypto-related after the FTX crash, but we should remember that the problem of fraudulent business practices isn't specific to crypto at all.<p>It's yet to be seen whether proof-of-holdings is practicable for crypto assets, let alone for real world assets. But it is an interesting use case for zero knowledge protocols that could tackle some very real problems. Yes, we have auditors in the real world, and I'm not thinking of replacing them, but it could improve audits. As one example, not too long ago there was a crash of a German payments provider of a scale not much smaller than FTX (Wirecard) that was audited by one of the major firms (EY), who missed a fake $2bn bank deposit claim.
I think the speed and low-fees required in (some types of) financial trading just can't happen fully on chain. So that's another reason for centralization in exchanges<p>Also it's interesting to note that in regular finance, exchanges and brokerage firms are separate entities .. meanwhile eg FTX was both the exchange and the 'broker'<p>Edit: just searched twitter and came across someone asking SBF this exact question about the conflict of interest in being both the exchange and broker (of course he was also trading with client funds on top of that..)<p><a href="https://twitter.com/dwarkesh_sp/status/1593243104114458627" rel="nofollow">https://twitter.com/dwarkesh_sp/status/1593243104114458627</a>
So what I really don't get about the decentralized fans: They repeatedly say, our goal is to replace entities like DEX.<p>But replace with what? With people like Vitalik? He seems to be an influential figure and calling the shots. How is this in any way different than a "normal" company with a CEO and a board.
This is so funny. Self-styled geniuses inventing infinitely iterable levels of complexity to invent infinite levels of why they should have infinite governance around the concept of digital money is probably the best grift in generations.<p>Don’t get me wrong, I think it’s great. In the US, it’s mostly the worst folks actually losing to this game and I’m overall entertained.<p>edit: I should maybe clarify that my crypto holdings are now about $20, entirely from folks losing bets to me.
> If you prove that customers' deposits equal X ("proof of liabilities"), and prove ownership of the private keys of X coins ("proof of assets"), then you have a proof of solvency: you've proven the exchange has the funds to pay back all of its depositors.<p>But what if your private keys are actually owned by Alameda, who lent you them for the purpose of demonstrating solvency but then oops options blew up and they're gone now?<p>But what if most of your deposits were gold- or USD-backed assets and your assets are all shitecoin and a 51% attack happens to shitecoin and everybody wants their gold back?<p>But what if you do all this and you prove solvency, but your assets are all rated by S&P and oh crap just like in 2007 they rated everything triple-A but it's actually junk?<p>I mean the technical ideas in the piece are sound, but there's nothing here to fundamentally rebuild trust in crypto.<p>Also: the title "having a safe CEX" -- cute, but underscores how crypto is such a sausage fest.
The article seems to be more about proving reserves rather than proving "solvency". There's more to assets and liabilities than just customer deposits and coins held. How does a Merkle tree help when customer deposits are used as collateral for some off chain loan and then the value of the exchange's equity drops below the value of these off chain liabilities?
> <i>Rather than relying solely on "fiat" methods like government licenses, auditors and examining the corporate governance and the backgrounds of the individuals running the exchange, exchanges could create cryptographic proofs that show that the funds they hold on-chain are enough to cover their liabilities to their users.</i><p>So... use crypto to prove that you hold enough crypto to cover the losses if crypto crashes and you can't pay people back without crypto.<p>This only works to prove that you hold enough Trashcoin to pay back people's Trashcoin that you're supposed to have - but why have their Trashcoin at all if you need to make it available to them?<p>You can't do anything with it that would make you money while still guaranteeing availability to it's owner, so then you're just providing a free custody service for someone that's worse than them just holding it themselves.<p>Also, if you're able to cryptographically guarantee Trashcoin holdings then you don't need the exchange anymore. Guarantees + DEX + off-chain transactions replaces your exchange for low fees in that case.<p>Leaving all that aside though - It's a suggestion to optimise away protections as a problem to be solved when the solution being proposed has time-and-again proven itself unfit for purpose with catastrophic consequences. Regulating financial systems and making them safe is <i>hard</i>, because it's more complicated than anyone who's approached this in crypto seems willing to acknowledge.<p>Honestly, I think regulators should be approaching this whole space with a view of "we'll get involved to stop criminals that have the potential for non-crypto victims, but we'll not spend time or resources to help anyone that get's ripped off after choosing to put their money in this".<p>(i.e. The state has a duty to protect it's citizens, but I don't see what burden the state has to protect money that was wilfully removed from the protections of the regulated financial system. If anything, the state has a duty to <i>not</i> waste resources pursuing lost funds in those instances as they have no mandate to do so.)<p>I have sympathy for people that lost out with FTX and Celsius - I genuinely do - but there were <i>so many warnings</i> that you would have had to dismiss before ending up in that situation and it's hard to believe that people that put money into these platforms (or tokens in general) didn't realise what they were getting into. There's a massive amount of historical experience to draw on - these aren't new schemes.
> But it's worth getting to the fundamental issue with the right half of this design space: dealing with user errors. By far the most important type of error is: what if a user forgets their password, loses their devices, gets hacked, or otherwise loses access to their account?<p>> Exchanges can solve this problem: first e-mail recovery, and if even that fails, more complicated forms of recovery through KYC. But to be able to solve such problems, the exchange needs to actually have control over the coins. In order to have the ability to recover user accounts' funds for good reasons, exchanges need to have power that could also be used to steal user accounts' funds for bad reasons. This is an unavoidable tradeoff.<p>> The ideal long-term solution is to rely on self-custody, in a future where users have easy access to technologies such as multisig and social recovery wallets to help deal with emergency situations.<p>Not to dismiss this out of hand, but isn’t that the central problem? Users want to use Coinbase for convenience as much as for any other reason.<p>Saying “we’ll make it easier to host your own coins” is a bit like saying “we’ll solve the #1 problem with mass crypto adoption”.
Well maybe we should accept crypto isn’t for the masses. Maybe banks are good enough for that use-case (users who want convenience because they can’t be bothered to learn how to manage their own coins).<p>Maybe vitalik should focus on preserving decentralization instead. As far as I can see it the biggest flaw in cryptocurrencies — including Bitcoin - is when you look hard enough you realize the decentralization is a facade.
From my understanding, this only solves one issue - exchanges holding crypto assets.<p>I would expect an exchange to also hold traditional liquid money, which currently couldn't be captured by this. If you could get the US financial system onboard, maybe you could get them to maintain a 1:1 representation of a digital coin, but I don't see why they would be motivated to do so.<p>The next problem then is that you can't diversify your holdings beyond that of crypto, so you are completely trapped by the relatively unstable nature of crypto. One day you hold a billion meme coins worth one billion dollars, the next day it is worth zero.
None of this addresses the consumer issue. You need to display this information to users and they need to both understand it and trust it. That is what the current system has.
IMO a universal and easier to reason about solution is you have a threshold signing wallet created across a series of remotely attestable cloud enclaves like Google/Azure Confidential VMs, AWS Nitro Enclaves, and even TPM2.0 enabled baremetal.<p>Deploy an open source, deterministically buildable, stateless, and immutable, unikernel OS to all platforms that enforces strict signing policies on a multisig wallet address signed and owned by whoever requested that wallet to be created.<p>End users will not need to trust the custodian as they will have access the remote attestation interface to prove systems they pay for are running expected binaries and thus obey the rules. A user then asks those systems to generate a wallet with a policy that grants the custodian the ability to transact only specific maximum amounts per day, with an automatic dead-mans-switch that always signs/exports an updated escape-hatch transaction sweeping all funds that a user can publish at any time.<p>It is possible, per the above, to create custodians with no raw access to key material that are provably bound to the terms a user agreed to on deposit.<p>This accountable computing setup ends up looking a lot like off-chain smart contracts. It could be used to ensure any type of user owned cryptographic key material can only be used by a SaaS according to user defined policies.<p>I am working with several custodians on implementing this type of accountability right now.<p>Anyone that fails to have a good proof-of-funds solution is going to become irrelevant in the medium term and hopefully illegal in the long term.
... and how does this prove that the "solvent" exchange doesn't have liabilities (I believe FTX was on the hook for real-world mortgages for private homes of their management)<p>It doesn't.
I am just so exhausted with all of this nonsense. Why can't we go back to talking about how to get rich slowly over like 10-20 years with real money? Yeah you are not going to become a millionaire over night, but maybe you'll have enough to buy a house before retirement. You'd have better luck trusting a casino with getting a return on your money than crypto at this point.
Well, it's the first time I see crypto trying to tackle real-world financial issues such as counterparty risk.<p>Crypto's real future is in machine-readable accounting imo
It feels like there would be a way to construct the tree in a manner that would drop the likelihood a negative balance was detected to an acceptably small number.
I feel bad for Vitalik because I think that he's a well-meaning 200IQ guy whose talents are being used to help scammers fleece ordinary people of their life's savings.