Proof-of-Reserves

CheckSig is the only custodian to provide monthly blockchain Proof-of-Reserves. Since October 2020, unmatched transparency has been verifying that all funds are safely under control.

Transparent custody

At CheckSig, we believe in a provably-honest transparent custody. At least monthly, CheckSig provides a public blockchain proof that all assets in custody are safely under control, i.e., a proof-of-reserves transaction. This might seem so obvious to be redundant but, as a matter of fact, no other custodian service proves its reserves; woefully, they might be concealing losses to be discovered later on!

Blockchain transaction

The Proof-of-Reserves (PoR) is provided as a bitcoin transaction, publicly available on the blockchain for everybody’s inspection. Such a transaction:

  • includes (i.e., in tech jargon, spends as TxIn) the amount under custody consolidated in the previous proof-of-reserves;
  • collects (i.e., spends as TxIn) all deposits CheckSig has received since then;
  • pays the transaction fee;
  • withdraws (i.e., creates a TxOut for) the amount required to satisfy our clients’ requests;
  • merges all remaining Bitcoins as a single new consolidated amount (i.e., creates one change TxOut) at the consolidation address.

This new consolidated amount represents the assets under custody at the transaction date.

Additionally, spending the previous consolidated amount reveals the (pre-image of the P2WSH) locking script that protects the Bitcoins under custody, making CheckSig custody really transparent.

Spend-to-self transaction

At the beginning, the control of the consolidated amount was proved by the act of spending it at the next transaction date. To make the proof-of-reserves self-contained, since July 2021 each transaction spends from and to the consolidation address at the same time. As a result, this spend-to-self transaction immediately proves the control of the consolidated amount at the transaction date.

While address reuse is bad for privacy, it is fine in our case because the proof-of-reserves must be public. Moreover, residual security concerns (e.g., nonce exfiltration) are solved by our custody protocol. In fact, we rely on a multi-level multi-signature scheme using hardware wallets (Hardware Security Modules) from different vendors. To learn more about our security, read about CheckSig custody protocol.

Proof-of-solvency

Anyway, proving our reserves does not prove them to be enough to cover the obligations we have towards our clients. To achieve a proof-of-solvency, the proof-of-reserves should be combined with a proof-of-liabilities. Unfortunately, a reliable cryptographic proof-of-liabilities is impractical. All known privacy preserving approaches do not provide easy independent verification for non-technical clients (see here).

Off-chain external auditors

Therefore, we believe that proof-of-liabilities is better delegated to external auditors. Indeed, our (internal controllers and) external auditors independently verify that the proved reserves exceed our liabilities. This verification is part of the SOC attestations we receive from Deloitte.

Furthermore, even the on-chain proof-of-reserves could be manipulated. For example, bitcoins could be borrowed from a third party to temporarily cover losses. Only an off-chain external auditor can detect this kind of shenanigans.

Proof-of-Reserves transactions

Finally, check out below our proof-of-reserves transactions and explore them on-chain.
The current consolidation address is bc1qqst9un5sz8576fy2nnqkpm4rpfh0weveqwtt8zxgjp02g2mx5q7s2vresu.

TransactionBlockDeposits (₿)Transaction Fees (₿)Withdrawals (₿)Asset Under Custody (₿)
May 17, 202273679313.920101230.000060180.00000000403.86261513
May 3, 202273473714.262506040.000065520.00000000389.94257408
Apr 1, 202272990328.107782680.000092130.00000000375.68013356
Mar 4, 20227258738.327759210.000131040.00000000347.57244301
Feb 2, 202272147114.294109660.000144700.00000000339.24481484
Jan 5, 202271721413.847093310.000060180.00000000324.95084988
Dec 22, 202171523221.327974710.0001307110.09516878311.10381675
Nov 29, 202171179426.518690640.000146678.12112682299.87114153
Oct 29, 202170729690.435683460.000183966.65512106281.47372438
Sep 30, 202170288411.651545830.000164606.80705070197.69334594
Sep 1, 202169852713.903893410.000073700.00000000192.84901541
Aug 2, 20216938094.974804500.000162140.00000000178.94519570
Jul 2, 202168935132.067482520.000511810.00000000173.97055334
Jun 2, 20216858578.951644890.000272160.00000000141.90358263
May 1, 20216813727.248228100.000309540.00000000132.95220990
Apr 1, 202167727521.215985240.000579391.00000000125.70429134
Mar 1, 202167266622.788259010.000511810.00000000105.48888549
Feb 2, 20216687070.000000000.000048510.0000000082.70113829
Jan 31, 202166840232.073150510.000312480.0000000082.70118680
Jan 1, 202166397218.035426880.000511810.0000000050.62834877
Dec 2, 202065960112.713670430.000737000.0000000032.59343370
Nov 3, 20206552230.000000000.000069300.0000000019.88050027
Oct 12, 202065236319.881277870.000708300.0000000019.88056957
LinkedIn logo YouTube logo Instagram logo Buzzsprout logo Email logo Info logo
© 2022 CheckSig S.r.l. - P.IVA 11028330964
Privacy policy Cookie policy Cookie preferences