Michael Saylor, co-founder and executive chairman of MicroStrategy, stated directly in a recent interview that the “on-chain Proof-of Reserves” advocated in the blockchain industry has serious security risks and called it a “bad idea”. This view contrasts sharply with the trend of transparency advocated by the mainstream of the industry, triggering a re-examination of the reserve proof mechanism in the market.
Core viewpoint: Public reserves on the chain = exposing the attack target
Saylor pointed out that although the original intention of on-chain reserve proof was to enhance user trust through the openness of the blockchain, making information such as the address and balance of asset reserves completely transparent is equivalent to “precisely marking the attack target for hackers”. He explained by taking the Bitcoin wallet as an example:
Address correlation risk: If an institution fully discloses its reserve addresses, hackers can track the flow of funds between addresses through blockchain analysis tools, and even link them to the institution’s cold wallets or escrow accounts.
Smart contract vulnerability risks: Some on-chain proofs rely on the automatic verification of reserves by smart contracts. However, once there is a vulnerability in the smart contract code (such as the reserve proof vulnerability exposed before FTX’s bankruptcy in 2022), it may instead become an attack entry point.
Psychological deterrence fails: “When hackers know that you have a $1 billion reserve at a certain address, they will be more motivated to plan an attack.” Saylor emphasized that traditional financial institutions never disclose the locations of their vaults, and the crypto industry should also follow a similar security logic.
Industry Controversy: The Dilemma of balancing Transparency and Security
On-chain reserve proof has become a hot topic in the industry since the FTX collapse in 2021. Exchanges like Coinbase and Binance have publicly disclosed their asset reserves through methods such as Merkle tree proof and third-party audits. Supporters believe that this is a key means to solve the trust crisis in the crypto industry, but Saylor’s doubts hit the potential flaw of the mechanism:
The “pseudo-transparency” of some projects: Some platforms only disclose certain addresses or adopt “selective disclosure”, resulting in the proof being merely a formality. Some projects even create the illusion of having sufficient reserves by “borrowing money to recharge” (such as being accused of false reserves before Genesis went bankrupt in 2023).
The complexity of technical implementation: True on-chain proof requires the integration of zero-knowledge proof, multi-signature and other technologies, but most projects reduce the security level to simplify the process. For instance, in 2024, a certain DeFi protocol was exploited by hackers to transfer $120 million worth of assets due to the unencrypted reserve proof contract.
Saylor’s alternative solution: Audit + cold storage + insurance
Unlike completely denying the value of reserve proof, Saylor proposed a three-layer security architecture:
Third-party audits are preferred: Quarterly reserve audits will be conducted by institutions such as Pricewaterhousecoopers and Ernst & Young, and key data (such as asset types and custodians) will be disclosed, but specific on-chain addresses will not be made public.
Cold storage isolation: Over 95% of assets are stored in offline cold wallets, and each cold wallet corresponds to multiple addresses. The address rotation mechanism is used to cut off the tracking of fund flow.
Crypto asset insurance: Cooperating with AIG, Lloyd’s and others to purchase reserve insurance, covering risks such as hacker attacks and private key leaks, the market size of such insurance has reached 7.8 billion US dollars by 2025.
Market reaction: Institutional and retail investors’ views diverged
Institutional investors agree: Grayscale’s chief compliance officer stated that its Bitcoin Trust (GBTC) adopts an “audit + cold storage” model and repelled three phishing attacks targeting reserve addresses in 2024.
Retail investors are concerned about insufficient transparency: Members of the crypto community launched a poll on Reddit, with 62% of users believing that “not disclosing on-chain addresses is equivalent to allowing underhanded operations”, and gave an example that they had never disclosed complete reserve proof before FTX’s bankruptcy in 2023.
The regulatory attitude is ambiguous: The US SEC requires exchanges to “disclose the verification method of reserves” in the 2025 “Digital Asset Custody Rules”, but does not mandate on-chain public disclosure. The EU MiCA Act allows exchanges to independently choose on-chain proof or audit reports.
Industry Trend: From “Complete transparency” to “Secure Transparency”
With the doubts raised by industry bigwigs like Saylor, some leading institutions have begun to adjust their strategies:
Coinbase has launched privacy proof: In April 2025, it launched “Zero-Knowledge Reserve Proof”, allowing users to verify the authenticity of assets without exposing their addresses. The testing phase attracted 1.2 million users to participate.
Blackrock’s compromise solution for its crypto fund: Its Bitcoin ETF adopts an “off-chain audit + on-chain partial verification” approach, only allowing compliant investors to query their reserve addresses.
Technology company layout: Chainlink has launched a “proof of reserves oracle”, which automatically verifies asset balances through smart contracts but hides specific addresses. By 2025, it has provided services to 23 exchanges.
The core controversy: Should the trust building in the crypto industry rely on “absolute transparency” or “security mechanisms”? Saylor’s viewpoint might reveal a reality: Before blockchain technology fully resolves the contradiction between privacy and security, blindly pursuing on-chain openness may backfire. How to strike a balance between transparency and security will remain a key issue for the future development of the industry.
Related topic:
