Crypto Proof of Reserve needs improvement: Michael Saylor at Bitcoin Conference

Speaking at the Bitcoin Conference, MicroStrategy Executive Chairman Michael Saylor delivered a strong critique of current proof of reserves practices in the crypto industry, warning that the conventional method poses more risks than benefits, especially for institutions.

“People think they’re increasing trust by publishing wallet addresses, but they’re actually creating a massive attack surface,” Saylor said. “It’s like posting your kids’ bank details and phone numbers online and thinking your family’s safer.”

Proof of Reserve is a method used in the crypto industry to show that a company, typically an exchange or a custodian, actually holds the cryptocurrency assets it claims to hold on behalf of its users. It’s a transparency measure that allows customers and the public to verify that the company is not operating on a fractional reserve system, where it holds less crypto than it owes to its clients.

To do this, the company publishes cryptographic proof that it controls specific wallets containing a certain amount of crypto. At the same time, it proves the total amount of customer assets it is supposed to hold, often through a process involving a Merkle tree, which securely aggregates customer balances without exposing individual account details. An independent auditor may then verify that the on-chain assets match or exceed the total customer liabilities.

Compromise of privacy and security 

Saylor’s statement challenged the prevailing belief that publicly sharing wallet addresses helps to build and promote transparency. He argued that such actions compromise the privacy and security of custodians, exchanges, and investors alike. “No institutional-grade or enterprise security analyst would recommend that,” he said.

Instead of relying on visible wallet balances, Saylor proposed that the gold standard for proof of reserves, particularly for securities, should come through trusted financial structures: “You need institutional-grade proof of assets and liabilities, verified by a Big Four auditor, signed by CFOs, CEOs, and overseen by boards held accountable under Sarbanes-Oxley.”

The Sarbanes-Oxley Act is a United States federal law passed in 2002 in response to major corporate scandals such as Enron and WorldCom. Its primary purpose is to protect investors from fraudulent financial reporting by corporations.

One of the key aspects of Sarbanes-Oxley is that it requires companies to ensure the accuracy and reliability of their financial statements. Executives like the CEO and CFO must personally certify that financial reports are truthful and complete. If they knowingly submit false reports, they can face criminal penalties.

Another important part of the law is the requirement for stronger internal controls. Companies must create and document systems that can prevent or detect errors or fraud in financial reporting. These systems must also be tested regularly and reviewed by independent auditors.

Read also: Michael Saylor proposes digital assets framework for the Trump administration

No details of liabilities?

Proof of assets alone, which is what most proofs of reserves offer, is incomplete without proof of liabilities, according to Saylor. Holding $63 billion in Bitcoin means little if $100 billion in liabilities exist behind the scenes. “If you’ve pledged your Bitcoin, taken on debt, or entered fiat contracts, you must net it all out and report it transparently,” he said.

Addressing the crypto community’s fascination with transparency tools, the Strategy boss cautioned against viewing on-chain wallet publishing as a foolproof solution. “It’s a crypto parlor trick,” he said. “It won’t protect you from a collapse. FTX and Mt. Gox taught us that.”

He didn’t, however, dismiss the future potential of privacy-protecting innovations like zero-knowledge proofs but insisted that any such method must be vetted by custodians, auditors, and risk officers. “You’re still left with the liability question,” he said. “And you better be sure there are no security holes.”

Reinforcing the standards of public company governance in the U.S. as the true bedrock for trust in financial systems, Saylor stated that “People trust U.S. companies because the CEO, CFO, and directors can go to jail if they lie. That’s stronger than anything blockchain alone can offer.”