Proof of Reserves (PoR) is a critical mechanism for ensuring transparency and trust in the digital asset ecosystem. It allows users to independently verify that an exchange holds sufficient reserves to cover all customer liabilities. OKX, a leading digital asset exchange, has implemented a comprehensive and open-source PoR system, enabling anyone to audit its solvency.
This guide will walk you through the purpose of OKX's Proof of Reserves and provide detailed, step-by-step instructions for verifying both its reserves and liabilities.
What Is Proof of Reserves?
Proof of Reserves is an audit procedure that uses cryptographic techniques to prove an exchange holds the assets it claims to, without compromising user privacy. It consists of two main parts:
- Reserves: The total value of assets held by the exchange in its wallets.
- Liabilities: The total obligations the exchange has to its users (i.e., the sum of all user balances).
The core principle is that an exchange is solvent if its reserves are greater than or equal to its liabilities. OKX's PoR system provides the tools for you to confirm this is true.
How to Verify OKX's Reserves
The reserves verification process involves confirming the ownership of OKX's published wallet addresses and checking that the balances of those addresses match the publicly stated amounts at a specific snapshot time.
Prerequisites and Building the Tool
To begin, you need the verification tool. You can download the pre-compiled latest build for your operating system or build it from source.
Building from Source (Reserves Tool):
This requires the Go programming language (version 1.17 or higher).
- Install the necessary dependencies.
- Compile the source code to create the executable files, which will be located in the
cmddirectory.
Step 1: Download the Proof of Reserves File
First, download OKX's official Proof of Reserves File. This file contains the list of public addresses, their respective balances at the snapshot height, and cryptographic signatures.
Step 2: Verify Address Ownership
OKX's public file includes a message and a signature for each address. You can use the VerifyAddress tool to cryptographically confirm that OKX controls the addresses it has published.
Run the following command in your terminal:
./build/VerifyAddress --por_csv_filename ./example/okx_por_example.csvYou can also use popular third-party blockchain explorers to verify the signatures for BTC, EVM-based (ETH), and TRX addresses manually.
Step 3: Check Wallet Balances
Use the CheckBalance tool to verify that the balances of OKX's wallets on the blockchain match the balances published in the reserves file at the given block height.
To check the sum of all address balances:
./build/CheckBalance --rpc_json_filename="./example/rpc.json" --por_csv_filename ./example/okx_por_example.csvTo query the balance for a single asset (e.g., ETH):
./build/CheckBalance --mode="single_coin" --coin_name="ETH" --rpc_json_filename="./example/rpc.json" --por_csv_filename="./example/okx_por_example.csv"👉 Explore more strategies for on-chain verification
How to Verify OKX's Liabilities
OKX uses advanced cryptographic methods, including Merkle Trees and zk-STARKs, to allow users to verify that their assets are included in the total liabilities while maintaining complete privacy.
zk-STARK Validator V2 (Current Standard)
The latest and most robust method uses zk-STARK technology V2 to verify inclusion, total balance, and non-negative constraints simultaneously.
- Get Your Audit Data: Navigate to the "Audits" section of your OKX account. Click Details and then Copy data. Paste this JSON string into a file named
inclusion_proof.json. - Download the Liability Report: Go to "Audit files" and download the zk-STARK file from the "Liability report" tab. Unzip it to find a
sum_proof_data.jsonfile. - Download and Run the Validator: Download the zk-STARKValidator tool and place it in the same folder as your JSON file. Run the validator; it will automatically process the files and confirm if all constraints are satisfied.
Previous Verification Methods
For historical context, OKX has employed other methods. The zk-STARK V1 was used from April 2023 to August 2024, and a Merkle Tree validator was used from November 2022 to March 2023. The process for these involved similar steps: downloading your proof data from the audit page, obtaining the relevant proof file from OKX, and running the appropriate version of the open-source validator tool to check for inclusion and solvency constraints.
Frequently Asked Questions
What is the main goal of OKX's Proof of Reserves?
The primary goal is to provide undeniable proof that OKX holds all user assets in full. It enhances transparency and security by allowing every user to independently verify the exchange's solvency, ensuring that customer funds are always available for withdrawal.
Do I need technical skills to perform the verification?
While the process involves using command-line tools, OKX provides detailed step-by-step guides and pre-compiled software to make it accessible. For those uncomfortable with technical steps, the mere existence of a verifiable PoR system is a strong trust signal, as experts in the community regularly perform these audits.
How often does OKX publish its Proof of Reserves?
OKX commits to regularly updating its Proof of Reserves data. New snapshots and audit files are published on a monthly basis, providing frequent and up-to-date insights into the exchange's financial health. You can find the latest files on their official PoR page.
What is the difference between reserves and liabilities?
Reserves refer to the actual crypto assets held in OKX's custody wallets. Liabilities represent the total amount owed to all users—the sum of every account balance on the platform. Verification ensures reserves >= liabilities.
Why does OKX use zk-STARKs instead of just a Merkle Tree?
zk-STARKs provide stronger privacy guarantees and more efficient verification of complex constraints. They allow a user to verify that the total liabilities are calculated correctly and are non-negative without revealing any individual user's information, a significant advancement over standard Merkle tree proofs.
Is my privacy protected during the verification process?
Absolutely. The entire verification process is designed with zero-knowledge principles. You can prove your assets are included in the total liabilities without revealing your balance or identity to anyone, and OKX never exposes individual user data. 👉 Get advanced methods for privacy-preserving audits