 |
| By Jurica Dujmovic |
In recent weeks, centralized crypto exchangess have been facing increased scrutiny due to the potential for counterparty risk.
As a result, many CEXes have attempted to regain public trust by publishing proof-of-reserves —unbiased audit reports that certify a company has sufficient funds to back all its user deposits.
However, these reports have been met with criticism because of the lack of information regarding the liabilities of these exchanges.
This raises questions regarding whether CEXs can manipulate PoR data … and what other unpleasantries could be lurking under the hood.
So today, I'll be exploring the implications of counterparty risk, as well as potential solutions to generate greater transparency and trust in crypto markets.
Bringing their insights and expertise to the table are Omer Sadika, cofounder of Odsy Network; Brendon Sedo, initial contributor at Core DAO; and Dr. Changhao Jiang, CTO and cofounder of Cobo, Asia Pacific's largest crypto custody and asset management platform.
Jurica Dujmovic: What, in your opinion, is the core issue with the FTX situation?
Omer Sadika: This FTX situation, among other events, shines a light on the critical role of access control in web3. For years, the access control problem of the decentralized world has been solved by centralized players. This goes against the basic premise of crypto: You can't trust centralized entities to control your assets.
And recent events prove that basic premise is fundamentally true.
From Three Arrows Capital through Celsius (CEL, Tech/Adoption Grade "C-") and now FTX, mighty players are eviscerated overnight after they broke the trust that was put in them. Crypto needs to be decentralized, and until we stop letting centralized players hold our assets, web3 will never reach its full potential.
Centralized solutions give us flexible and robust access control that makes us sacrifice decentralization. The only way to make web3 decentralized again is by decentralizing access control. If we don't do that, we'll keep seeing these things happening over and over again.
Jurica: You make a valid point. So, if I understand correctly, PoR can never be a solution. In fact, the solution is moving away from CEXes back to decentralized finance, essentially going back to the roots of crypto. Mr. Sedo, do you agree with Mr. Sadika?
Brendon Sedo: Not necessarily. I appreciate CEXes, as they're a key piece of getting people into crypto. Decentralized exchanges, on the other hand, are inherently great for earning public trust.
Given the recent FTX collapse, I believe many asset holders will use DEXes while CEXes figure out their auditing mechanics. From there, CEXes will be used as on/off ramps rather than for holding funds. With good reason, since users are now skeptical about holding funds on exchanges. CEXes will always have a place for traders and speculators to do their business, while DEXes can satisfy swaps and basic trades.
The two forms of exchanges live in symbiosis, and they're two truly different products. First and foremost, they have different standards for transparency, and there's nothing wrong with that.
Jurica: Let's go back to the nature of a PoR audit itself. How viable and authentic are they?
Dr. Changhao Jiang: Crypto exchanges are currently scrambling to compile PoR audits by issuing statements that they would publish their Merkle Tree reserve certificates to increase transparency.
A Merkle Tree is a cryptographic tool that assures users by enabling the verification of large amounts of data in a single hash that compiles all input data. This improves the transparency of exchanges by allowing anyone to view their transacted data.
However, this method has flaws, as I've stated in my earlier article. The Merkle Tree only solves the problem of proving the existence of the account balance. Another problem is verifying the balance with the address on-chain. Because of the information asymmetry between the exchange and the user, it's difficult to show the evidence it produces is not forged.
The PoR method simply allows the exchange to provide a signature with the private key of the address to prove ownership of the address. So, people can compare the account balance with the address balance. But this on-chain signature does not necessarily show the user's assets are in the exchange.
Jurica: In one of my earlier articles, I mentioned how overregulation isn't a solution to growing uncertainty when it comes to the transparency and operation of CEXes. What's your take on this, Dr. Jiang?
Changhao: Instead of focusing solely on regulations, there's another proof point many others have overlooked. Through the logic of technological solutions such as multiparty computing wallets and Ethereum (ETH, Tech/Adoption Grade "B") cofounder Vitalik Buterin's proof of solvency, users and platforms can both operate in a trustless environment.
By using foolproof smart contracts and data logic, this ensures rules are set in place and there's transparency in the process, which provides further credibility on top of existing compliance to regulations.
Jurica: I agree with you, Dr. Jiang. Technology is key here.
Mr. Sadika, what other ways are there to keep CEXs in check, that don't necessarily include government oversight and the traditional regulatory approach?
Omer Sadika: We all seem to be in agreement about technology — trustless technology, to be precise. An ideal solution would be a DEX. In the real world, however, intermediaries are a necessity … at least for now. With regard to CEXes, this means access to assets must be managed in a decentralized fashion.
The next generation of CEXes must operate using a Bring Your Own Wallet model, in which users self-custody their assets using their own dWallets — decentralized wallets that live on a dedicated blockchain utilizing MPC technology. The exchange will never hold assets, only manage trading.
Decentralized access control solutions that utilize dWallets will allow users to place strict permissions on the actions centralized entities can perform on their behalf, while maintaining self-custody over their digital assets.
Through dWallets, users' assets will remain in their possession in a completely decentralized environment, so exchanges can't do anything they aren't authorized to do, such as perform trades without direct user approval.
Jurica: Thank you for mentioning secure MPC tech, Mr. Sadika. MPC technology seems like it's a topic important enough to warrant coverage of its own. It seems to be a lifesaving shot of decentralization that centralized entities desperately need to remain relevant in the crypto space.
But now we need to wrap it up, so let's talk about what happens next.
Brendon: I think CEXes are just maturing, and Kraken is leading with solid, progressive steps. These exchanges will have different standards than DeFi because they're centralized entities. I also expect them to bear the brunt of incoming regulation, as they should. Still, it's all moving in the right direction. It helps the broader crypto ecosystem to have users on-ramp via trusted exchanges.
So, again, CEXes and DEXes are just different standards for each type of product and will likely attract different users to some extent. Both will play important roles in the years to come and will profoundly impact the trajectory of crypto and its mass adoption.
Omer: Traders will look for more solutions that give them full control of their assets. Many crypto users have sacrificed decentralization for functionality and ease of use by using CEXes such as Celsius and FTX.
In the coming months and years, the growing disappointment toward centralized entities that have failed traders and the advancement of wallet technology will push traders to abandon centralized solutions in favor of self-custody, dWallets and decentralized access control.
Only in this way can traders enjoy robust functionality without losing control of their assets.
Jurica: Thank you, gentlemen, for your valuable input.
To sum it up, CEXes are still a valuable entry point into crypto. But the future of the industry is in DeFi and self-custody.
CEXes should take steps toward increased transparency and decentralized access control. By doing so, they ensure traders and investors can use their services with minimal counterparty risk.
Additionally, technological solutions such as MPC and Vitalik's proof of solvency can help bring further trust and transparency to the sector.
Best,
Jurica
