Crypto.com (CDC) is currently facing mass withdrawals after numerous ‘influencers’ said people should withdraw.
The catalyst was an ‘accidental’ transfer of 320,000 eth from CDC to Gate.io on October 21st.
CDC claims they accidentally sent it to a whitelisted corporate address, instead of a cold wallet, but the rumor mill had already argued this was to cover a proof of reserves with Changpeng Zhao, Binance’s CEO, stating on Sunday:
“If an exchange have to move large amounts of crypto before or after they demonstrate their wallet addresses, it is a clear sign of problems. Stay away.”
Gate.io however says this 320,000 eth was not part of an audit. The audit was on the 19th of October, two days before the transfer, carried by Armanino, which they describe as “a well-known US auditing company.”
Gate.io has been around for long. They’ve gone through numerous crisis in the crypto space, numerous Proof of Reserves episodes, and they still stand now eight years on since people learned of this exchange.
CDC is much newer, part of the 2017 ICO wave. It was funded and rose in the same way as Binance. Both of these are two of the very few and rare projects to come up with an actual business out of that mass fundings from ICOs.
CDC has not gone through any full scrutiny, until now, with speculations that they sent $1 billion to FTX over a prolonged period turning out to be an actual exposure of just $10 million.
“We have minimal exposure to FTX (under US10m) and only used it as a trading venue to hedge customers’ trades. We never deployed capital for yield with FTX or any 3rd party,” says Kris Marszalek, the CEO of CDC, adding:
“To simplify for people who don’t understand how hedging works in this scenario: we deposit USDC, use it to buy other coins on the exchange and withdraw back to our wallets.”
He says some of what are called Sam’s coins, like SRM and RAY, had low liquidity except on FTX, therefore they used that exchange.
“Probably also worth adding that Coinbase has US$15m stuck at FTX for exactly the same reason. Some of tokens related to FTX (SRM, RAY, or as Crypto Twitter called them Sam’s coins) only had decent orderbook liquidity on FTX,” Marszalek says.
Just how much that matters to hold off the tide is unclear but CDC has also published a Nansen board to show their reserves.
This is apparently “only a portion of our reserves,” Marszalek says while the “Proof of Reserves audit preparation is underway.”
Currently they’re clearly going through a withdrawals ‘audit’ with some complaining of delays.
In a situation where there’s an unusual spike, such delays can be normal as the exchange has to adapt for extra capacity, including moving funds from cold storage.
An incredible 90,000 ethereum transactions were carried out on the blockchain this Sunday on CDC’s hot wallet, way up from the usual 6,000 transactions a day.
Some delays in that situation may be expected, but if this exchange is solvent then they have an urgent task of proving it in a credible manner.
Prior episodes of frenzies have shown that exchanges can withstand such tests. Gate.io is an example, an exchange that is never noticed during bull but somehow always shows up during crisis.
The difficult question therefore of ‘you want Proof of Keys, but also exchanges need customers’ can be answered by a full on audit that needs to include liabilities as well as on-chain reserves.
Unlike private companies that do not have to provide such audits, crypto exchanges are not afforded such luxury even if they are not publicly traded because presumably they do not want to gain confidence by losing customers through asset withdrawals.
Making this keys based Proof of Reserves a contradictory affair from an exchange’s point of view as presumably no one wants to see customers leave, but if they pass the test then the market knows they’re sound at least at this point in time.
Yet sound without customers does depend on whether those customers return, which is why exchanges have to get ahead and routinely prove those reserves without the market forcing them to it.
Cryptos in addition have crypto-graphic methods both to prove the exchange has your specific assets, and if wanted to also force the exchange to ask for your permission to move those assets.
There used to be and maybe there still is an exchange or custody provider, though we can’t recall which but maybe Bitcoin Suisse, that would or does use a two of two multi-sig where you and the exchange both have custody of the crypto and therefore both have to agree for it to be moved.
You can have three of two as well, some third party custodian, the exchange and you, with that having the advantage of protecting from hacks as well.
Security however has not quite been the headline focus for some time, but this episode is a clear reminder that crypto exchanges do need to routinely utilize methods that provide the market with sufficient confidence regarding their asset holdings.