Earlier today, Stefan Thomas took to bitcointalk to announce that Bitfinex had passed their Proof of Solvency audit. The audit was conducted from Thomas’s home office in San Francisco and occurred on April 5th and 6th. Bitfinex has hinted that they will be subject themselves to regular audits with different auditors each time in the continuing effort to reassure suspicious customers.
In the aftermath of the Mt. Gox implosion, Bitcoiners have finally started exerting the bottom up pressure necessary to force Bitcoin exchanges to prove they aren’t running a fractional reserve exchange. This isn’t the first time that Stefan Thomas has audited a Bitcoin Exchange and shown Proof of Solvency. Weeks ago, Kraken passed the world’s first ever “crypto-audit” of a Bitcoin Exchange. Of course, as Andreas Antonoupolos was quick to point out on Reddit, the first “crypto-audit” occurred when Antonopoulos verified Coinbase’s multi-sig cold storage procedure. However, as pointed out by Antonoupolos at the Texas Bitcoin Conference, the audit only covered a very specific portion of the entire company’s operation and is in no way, shape, or form a full endorsement of said company.
Stefan Thomas, CTO of Ripple Labs, also included a similar warning:
Happy to publish today the results of an audit I performed for the Bitfinex exchange. This is similar to the Kraken audit, we simply took some of the feedback on board (hash email address into leaf nodes), improved the security in a few places (balances were anonymized even to me) and streamlined the process some more (presenting easy-audit.)
As always, an audit does not constitute an endorsement and it does not address any risks outside of present insolvency. It’s also not infallible, exchanges can borrow money or ask others to sign their audit message. Finally, until we can implement fully zero-knowledge, cryptographically provable audits, you have to trust the auditor, i.e. me, to have done my job correctly.
Also same as last time, I did not receive any compensation for the audit and I did it in my free time.
How Is Proof Of Solvency Established?
The process of establishing a Bitcoin Exchange’s proof of solvency requires two steps to verify two separate claims. The first claim that must be verified is that Bitfinex controls a certain amount of Bitcoins. To verify this claim, Bitfinex provides a JSON file with a list of all their Bitcoin addresses and balances, which is then compared to the blockchain. The comparison is made using the ‘cryptoshi audit’ command in libcoin.
The second claim that must be verified is this: The amount from claim 1 is greater than the amount contained in all of Bitfinex’s user’s balances. For this claim, Bitfinex provided a JSON file containing a set of anonymized user balances. At this point, Stefan Thomas used his own tool ‘easy-audit’ to calculate the reserve ratio using the data from claim 1 and also the root hash. The code for Thomas’s easy-audit can be found at his github.
Through this process, Stefan Thomas was able to establish Bitfinex’s reserve ratio as being 102.82%, meaning Bitfinex is far from insolvent. In addition, Bitfinex customers are able to use open-source tools to verify that their Bitfinex Bitcoins were included in this audit. Audits of Bitcoin services is just beginning to become a normal thing. Mark my words though, in the near future such functions will be completely open sourced an automated. It’s an exciting time that we live in.
For more information on the audit process, Kraken’s post about their audit has lots of relevant information.