On centeralised exchange risks and how to fix them

The recent collapse of digital assets/currency exchange FTX again highlights the risks associated with centeralised digital assets exchanges.   This risk, however, mostly relates to operational and business aspects of how these exchanges operate – as opposed to the blockchain technology itself – but also highlights the need for us to continue to evolve new models of decentralised finance that will mitigate some of these risks.   If you can remove the need for trust, then you also remove the risk of bad actors abusing that trust.  In short, as Nick Szabo famously wrote, trusted third parties are security holes; and as with most things, it is with these custodial exchanges.  

The fundamental issue is that, in the world of digital assets and currencies, if an individual or insitutition doesn't control their private keys, then they do not really control their digital tokens.  "Not your keys, not your coins", as the axiom goes.  In the context of a custodial exchange, the exchange actually controls their currency holdings and can, theoretically, do anything with it whilst still, through the platform, presenting a different view to the actual investor.   Investors who might not be proficient with the underlying technical elements of how blockchains work and how these exchanges work, might be lulled into a false sense of security.  

Whilst long term, decenteralised finance (DeFI) will evolve to solve many of the risks of centeralisation, the fact is that, for most investors, it is much simpler and easier to engage with the world of digital assets/currencies through one of the centeralised exchanges.  This is primarily because of user experience which includes, for example, the ease of accessing fiat onramps/offramps, customer support, anciliary services, and so forth.  For the average user, this is more convenient and user friendly than dealing with private keys, cold storage, and the other elements needed to securely and effectively self-manage one's assets.

So what can be done now?

Firstly, it should be remembered that, in many ways, the issues that are manifesting have been solved in other parts of the financial industry and there is a need for regulators to provide more clarity on the applicability of existing laws to these types of centralised exchanges.  Wyoming's SPDI provides one example of how a jurisdiction can address some of the challenges.  Mostly, by clarifying the applicability of existing rules to preventing custodial digital exchanges from making loans using customer deposits and ensuring appropriate segregation.  Just as, if you deposited some valuable jewelry with a bank for custody, you would not expect the bank to pawn the jewelry to address a liquidity crunch with their employee salaries; you should not expect a custodial exchange to do the same.  In the event that something does go wrong, custodial exchanges should consider deposits to be "senior" to other liabilities when it comes to the repayment of debts.

At the same time, these same regulators should recognise that this is a temporary solution to a risk introduced by a temporary form of digital asset asset and that decenteralised exchanges and finance has the possibility of addressing many of these issues.  They should not make the mistake of conflating decenteralised approaches that mitigate the risks that led to the recent debacle with centeralised approaches that are exemplified by FTX et al.  

Secondly, there is also a need for more information to be provided to investors so that they can better assess the risks.  With respect to banks, there is a concept of deposits insurance that provides some assurance alongside regulations; but, given many of these exchanges operate in different jurisdictions, the leve of protection offered is often very different to banks.  Investors should therefore be able to assess the solvency of a particularly exchange to better understand their practices but also to understand the risk associated with using it.  This notion of solvency can, in simple terms, be viewed as their total reserves minus their total liabilities.  

There is now extensive discussion around how Proof of Reserves (PoR) can be provided – leveraging the immutable characteristics of Merkle Tree-based blockchains – to provide investors with a high degree of transparency into the current state of exchange reserves.  This article provides an excellent summary of the method based on work that was done by Greg Maxwell and Peter Todd in 2014 on this topic.  In essence, a Merkle tree is generated with all the user balances for a given exchange.   The Merkle root hash, the user counts and total asset accounts are published and individual users can query the Merkle tree using their hashed ID and/or asset balances to confirm the presence of their funds.  This Github repo provides a more technical explanation of one implementation.  The Proof of Reserves would need to be real time as there would be mechanisms to game the system, such as borrowing prior to a reserves audit and then returning after the measurements were captured.  

The challenge with the solvency equation, however, is with understanding the true liabilities of an exchange: proof of liabilities.  Deposits are, of course, the most obvious liability and, at a minimum, exchanges should demonstrate that there is a 1:1 match between deposits and the reserves and this should be at an account-level.   This audit could be initiated by users, similar to what Bitmex is doing, wherein a user requests an electronic audit of their deposits against the actual tokens (proof of reserves) represented in the Merkle Tree of all Bitmex holdings.  

A further risk is that other liabilities will be hidden or not reported so whilst an investor might be assured that their assets are backed by reserves via the aforementioned method, there is still a risk that the exchange is insolvent for other reasons.  Aside from ensuring that deposits are considered senior to other forms of debt, in the case of insolvency legal cases, third party auditors could conduct more comprehensive audits of liabilities (outside of deposits) and incorporate these such that an investor can also have a view of the total liability risk versus reserves.  There are already firms specialising in this area and they are likely to be continue to expand their services and technology portfolio in response to the flaws that this latest collapse highlights.

As can be seen, much of the risks and challenges come from centralisation: the manager of a centralised exchange can make arbitrary decisions on the use of funds, as we have seen, without the users having full transparency; and the ability to accrue liabilities far beyond deposits is, again, a function of centeralisation and the corporate structure(s) underpinning contemporary exchanges.  

Decenteralised Finance (DeFi) is likely to hold the long term answer to much of this: decenteralised exchanges will use blockchain technologies to remove the need for trust.  They will provide permissionless, transparent, exchange services where users will have self-sovereign custody of their digital assets without the need to transfer control to a centeralised authority to manage on their behalf – thus introducing the risk of bad actors.   The below interview between Shapeshift's Erik Vorrhees and Laura Shin makes a succint and eloquent case for the future and how Decentralised Exchanges can mitigate many of the risks we have seen manifest in recent days.