Kraken Cracks Open Books To Prove Bitcoin, Ethereum, Ripple, Cardano, And Tether Reserves As Crypto Exchanges Draw Scrutiny
Jesse Powell, chief executive officer of Kraken Bitcoin ExchangePhotographer: David Paul Morris/Bloomberg *** Local Caption *** Jesse Powell
© 2014 Bloomberg Finance LP
If there is a crypto exchange that should understand the value of a good audit it is Kraken. The San Francisco-based company launched in 2011 as an antidote to the poor security and treasury management practices at Mt. Gox, a now defunct Japanese-based exchange that controlled 80% of all bitcoin trading in its heyday before losing 850,000 bitcoin. CEO Jesse Powell of Kraken had a front-row seat to Mt. Gox’s struggles, as he flew to Japan to help rescue the exchange amid one of its late periods of turmoil.
He believes that if crypto audits had existed back then, tripwires could have been triggered and the damage lessened. Perhaps the same goes for now bankrupt crypto brokers such as Celsius and Voyager.
“The biggest blow ups have really been these cases, like Mount Gox, or Quadriga, where they were actually insolvent for years. Because nobody was aware, the problem was able to get much worse as the exchange operators felt that they could dig themselves out of the hole, perhaps by trading their way back to full reserves or profitability.” This is not an original story, as followers of Bernie Madoff or any other Ponzi scheme are well aware.
Powell, a true crypto believer, knew that trust would be necessary for any exchange to succeed in the long term. A big step towards earning that trust is through regular audits of reserves. After all, anyone can pull up an account balance on a Kraken, Coinbase, Binance, or even a JPMorgan account. But how can one be sure that the funds are actually there? In the case of traditional banks like JPMorgan, there is comfort that deposits are insured up to $250,000 in the event of insolvency. No such protection exists in crypto.
It is for this reason that Kraken just released its third proof-of-reserves attestation, a snapshot of the reserves in which clients can actually verify that their balances exist on the exchange. The exercise, completed by top 25-global accounting firm Armanino LLP, covered 63% of the total balances held by Kraken. The covered assets were bitcoin, ethereum, tether USDcoin, ripple, cardano and polkadot.
What’s more, the attestation used a cryptographic tool called Merkle Trees, which is a data structure that cryptographically links together all relevant pieces of information, in this case client balances. The benefit to taking this approach is that clients can be sure (assuming they are sophisticated enough to understand how this works), that their accounts are included in the total balance produced by the attestation. In theory, this should prevent the company from just posting a big balance online without verifying that the total figure is equal to the sum of all of the smaller parts.
Now comes the fine print. First, because this is an attestation and not a full audit, the latter of which would cover additional information such as liabilities to see whether any reserves were otherwise encumbered. For instance, Kraken offers what it calls an “off-chain staking product” for tokens such as bitcoin. This is essentially a mechanism for clients to earn additional yield on their holdings by committing them to a margin pool whereby other traders can borrow tokens to leverage their bets. These balances are included in the attestation, but there is always a degree of risk with any kind of lending.
Because this is just a snapshot of the balances on a given day, there is also the chance that a bad operator could manipulate balances to look solvent. It could be the auditing equivalent of hiring a stager to bring furniture into your property prior to an open house. “One of the criticisms of the first audit that we did, back in 2014, was that this was just a point in time. You don’t know if we just borrowed 100,000 bitcoin from some one of our investors or something to do this snapshot. And then, you know, we sent it back five minutes later.”
This weakness remains top of mind for Powell, and he has expressed an interest in performing more regular attestations, which even if they fall short of audits, would make it more difficult for bad actors to “stage” their books. “If you do this [release attestations] more frequently, doing those kinds of things is less likely to happen and more likely to be spotted. Say for instance you see 100,000 coins moving, you know, on the 30th of every month on chain.” Perhaps at some point these could even be done in real time.
Other key questions include why the entire Kraken reserves was not included and its choice of an accounting firm that while it’s among the 25 largest isn’t one of the Big Four or even in the top 10. Powell notes that this was not for a lack of trying “We asked all of the big accounting firms to try to get these audits done.” An additional reason why he chose Armanino is because the firm had the technical sophistication to produce a Merkle Tree attestation. Same for the tokens included, as these were primarily the assets that the firm was able to support.
This is not a problem unique to Kraken. Tether, the company behind the world’s largest dollar pegged stablecoin with a market capitalization of $65 billion has had to rely on a top 12 accounting firm, MHA Holdings to produce its reserve attestations. Just today the firm announced that it will now be using a top five firm, Italy-based BDO.
The question remains whether or when Kraken will produce a full audit. Powell seems open to the idea. “When or if we become a public company, we would have to disclose these types of financials. And, you know, maybe we could do that, even ahead of time.”
Still the question remains whether Kraken will find a partner willing to take on the work. After all, there is always a degree of risk for accounting firms taking on a novel project in an industry with a less-than perfect image. If one signs off on an audit that turns out to be incorrect the repercussions could be grave. “There is a risk that if you screw it up as the auditor and sign off on something that turns out to be bogus, your whole reputation is burnt and nobody is going to trust you again. This is not a direct analogy, but nobody wants to be the next Arthur Andersen (the now defunct Chicago-based accounting firm that had previously audited Enron).”