On The Brink with Castle Island - Hong Fang (OKX) on Refining Proof of Reserves (EP.467)

Episode Date: November 1, 2023

Hong Fang, President of OKX, joins the show to to announce their twelfth consecutive monthly Proof of Reserve attestation and to discuss how their PoR implementation has changed over time. Covered in ...this episode: OKX's brand refresh Why OKX chose to launch their monthly PoR attestations a year ago The importance of PoR today and who is asking for it Which PoRs they looked at for inspiration How OKX evolved the procedure from inception to now The move from merkle liabilities to ZK PoL The PoR security model and how many users need to check for it to be valid Handling issues like margin, leverage, and negative balances in their attestation The relationship between Proof of Reserve and conventional audits Future directions in PoR and ways to improve Technical PoR versus audit-enhanced PoR and the role of an auditor Attacks on PoR and mitigations Common criticisms of PoR Why numerous exchanges need to do PoR for it to work overall Content mentioned: Nic Carter on Medium, The Status of Proof of Reserve as of Year End 2022 OKX Proof of Reserve Dashboard

Transcript
Discussion (0)
Starting point is 00:00:00 Hello and welcome back to On the Brink. I'm Nick Carter. This is another episode in the Proof Reserve miniseries. Here's a funny story. Some time ago, I developed a rubric to evaluate proofs of reserve along a few different dimensions and scored all of the major exchanges doing it at the time. I gave OKX a sort of average score at first. They called me and asked me how they could improve their score and I gave them some feedback and they actually implemented it. It was amazing. As of right now, OKX is one of the top scores on my rubric. And we're releasing this episode today because they've just completed their 12th consecutive monthly POR, which is pretty impressive. Not only have they done that, but they've also been refining the procedure the hallway, which we'll dig into in this episode. So I'm delighted
Starting point is 00:00:46 to be sitting down with Hong Fang, president of OKX to cover their work in proof of resort. Let's dig it. Hello and welcome back to On the Brink. I'm Nick Carter. This is the POR proof of a result. miniseries. There's always more stuff to talk about with POR. So this will certainly not be the last episode, but this one I've wanted to do for a long time with Hong Feng, president of OKX. Hong, thanks for joining us. Thank you for having me, Nick. So I feel like we've been chit-chatting about POR for a long time. Yes. So I'm really glad we could sit down. And this is an auspicious occasion, this is the 12th consecutive month of OKX's rebooted PR program. So, congrats on that milestone. That's very exciting. Yeah. No, I also want to put myself on
Starting point is 00:01:58 record because, you know, since our first program back in November last year, we have been talking in the background and because our team want to get more feedback from the industry, particularly including yourself as a, you know, basically a POR guru, and want to get feedback in terms of how we actually can continue to iterate and improve the program. So really appreciate all the feedback you've given to us, particularly those constructive ones. So thank you. Yeah, no, pleasure is all mine.
Starting point is 00:02:28 You know, I love it when people actually listen to me. So, you know, that's great. Not everyone does. All good advice. So, you know, before POR, let's talk. about okay x is you're kind of having a brand refresh we were deprecating the okay coin name and we're going okay x am i right about that yeah that's right yeah we have put that in motion already um we have a global platform for okay coin um end of last year early this year we decided to uh bring okay coin and
Starting point is 00:03:02 okay x together and and after a lot of internal work we started to uh to bring the two brands together So for OKCoin, we are starting jurisdiction by jurisdiction where we feel ready from both external and internal product perspective. So one by one, yeah. So Singapore is done. Most of the other jurisdictions and done are next moving to Europe and then U.S. So it's interesting because I know you're a global organization, but where primarily you're focusing your efforts regulatory-wise these days? It's really global. I cannot really tell you which one is the most important one because everyone.
Starting point is 00:03:43 We have quite a few license approval and slash license applications in our pipeline. And for each of them, our key strategy is to really, on top of our global compliance program and legal infrastructure, we also have strong local leadership to really drive local. both from a compliance perspective as well as from a business and product perspective. So we have local compliance officers as well. So there are quite a few important ones, as you can imagine, right, from Europe. We have Europe and UK, Dubai, for MENA. In Asia, we have Singapore and Hong Kong.
Starting point is 00:04:26 Obviously, U.S. is very important for us and we continue to work on U.S. states. We actually have most of the states already. MTFs, yeah. Waiting for more clarity in the place here. We all are. We all are. I feel like OKX has had a really good 2023 in terms of market share. So congrats on that.
Starting point is 00:04:50 And you guys were all over the conference circuit as well. Big presence that took in 2049. So whatever you're doing, it seems to be working. Some of our teams are definitely happy about that. Yeah. But more importantly, I feel like, you know, it's also combined efforts from product perspective and business perspective. Ultimately, it's about what we built for the customers and whether those are things that can fit into local infrastructure, local framework, right? That's, you know, that's more sustainable.
Starting point is 00:05:25 So on the proof reserve front, such an interesting topic because initially it was a very bottom-up thing with, folks asking for it and only a small handful of exchanges doing it. And then every time there was a major collapse like Quadriga, actually it's always a major collapse that catalyzes. At first you had Gawks. There was a spate of PRs. Actually, OK, Coin did one back in 2014. Yeah.
Starting point is 00:05:52 Along with some others, then you had the Quadriga collapse and you had some PRs after that. But of course, after FDX, that's when it really took off. And then subsequent to that, now we see actual pieces of legislation, the reference proof reserve, Texas passed a bill. There is an act introduced in Congress. Senator Dittlis' Act called the Proof Act. I now talk to regulators globally that are trying to do it.
Starting point is 00:06:16 And so this thing that really strikes me is that it's driven by the exchanges themselves without people strictly asking them from the top down to do it. The exchanges themselves made the decision to do it. So tell us a little bit about that decision that you made to introduce a new modernized POR system a year ago. Yeah.
Starting point is 00:06:36 I think you nailed it. It's really driven, unfortunately, by crisis moments in the industry. And the bottom line is about trust, right? When the trust score in the industry is at the lowest point, there's a stronger need to do something about it and increase that. There are different ways of increasing and building trust and increasing trust. One way is to... Regulation is definitely one.
Starting point is 00:07:02 way of approaching it. Having third-party auditor coming in and do audit is another way of doing it. From our perspective, when FTX thing happened, we know that it's important to do a proof of reserve, and we actually try to approach it from both angle, i.e., we do a internal technical or technological program to prove the solvency of the platform, and then enhance it with the technology. auditor reviewing. Unfortunately in that time frame, most of the auditors who have either done it before or potentially will be able to do it, don't want to actually take on your clients. So I think that is also an impetus to push us internally to really double down and focus on doing the technical version of the on-chain POR and really nail it. Like we started in November, I think that was the
Starting point is 00:08:02 first proof of reserve that we delivered covering three assets, PTC, Ethereum, and Tether. Those three assets cover, I think, more than 90% of the total customer assets on the platform. We, I can talk about, you know, a lot of the things that go went into it, but, but we knew back then that that program needs update, right? First, it needs. automation. We want to do it monthly because it's important to not to provide just once in a at a point snapshot to the customer, but to increase the efficiency, the frequency as much as possible and to keep it consistent. So there's less room for maneuvering around the numbers on exchange side. So our product and engineering team focused on automating it. And I think our
Starting point is 00:09:01 think our second program update was automated and then we keep doing it on a monthly basis. And after that, we also, you know, obviously talking to you and a few others in the industry, we know that there are quite a few other things that we want to kind of fix in the program. First of all, you know, there's the liability site. The first one that we did was Merkle Tree. but it's not a full liability exposure, a disclosure, because if we disclose the full liability in our first version, then theoretically people can go and check and figure out for each customer, you know, what their activity is and like there's no privacy.
Starting point is 00:09:51 So we were kind of trying to provide more visibility at the full liability level without sacrificing the privacy for the customer. So for that, we actually looked at Bitmax and we thought that Bitmax approach was a pretty good one, basically randomly separating any individual customer's assets when we take the snapshot, separated it to more than one nodes. And as a result of that, you know, that asset splitting exercise can help preserve privacy while we disclose the full liability. So we actually updated our Proof of Reserves program in March in our fifth POR update to make it a full Merkel tree update. So that was one major gap that we see in our first program. The second one was the second biggest gap was the negative value of a node. For margin accounts?
Starting point is 00:11:00 Yes. Yeah. Yeah. Yeah. When we did our exercise, that was one of the major weaknesses, if you will, that we identify ourselves. And we also, honestly, I think when finance did a audit, the auditor also flagged that as well.
Starting point is 00:11:19 Right. So essentially, from our perspective, from our platform perspective, we are not doing evil. we're not creating a non-negative node out of nowhere to cover up. But from a customer perspective, you know, customers don't know. You or as a third party, you don't know. So it's hard for you to verify. That's where you kind of need an auditor or, you know, some way to prove that the platform is not doing that. And every customer's value is actually non-negative is positive.
Starting point is 00:11:50 So we know back then that we actually need to do a ZK Zero Knowledge Proof upgrade to bridge that gap. So that was the second update, major update that we did in May, which is our sixth Proof Reserve update. We added the ZK Stark update to basically prove, among other things that for each customer, that we have on our platform in our proof reserves update, every customer has a non-negative asset balance with us that is being fully reserved. Obviously, in that process, we also added more assets. We added 18 assets in that process, which operationally is actually a lot to cover. Yeah, I mean, it's impressive because that's a small fraction of client assets,
Starting point is 00:12:48 but there's a fixed cost associated with every distinct asset that you're adding, especially on different blockchains. Yeah, yeah, absolutely. Yeah. And the calculation is also complicated, right? The process is complicated. It takes up a calculation cost and then time and server and all that stuff. Well, when you were designing your procedure,
Starting point is 00:13:12 were there other PORs that you look to for inspiration? I know you mentioned Bitmex. how did you determine what kind of software stack to use and things like that? The team looked at Bitmax looked at Cracken, also checked Italics paper on ZK. I think they started with Merkel Tree because they believed that Merckle Tree is a good starting point. And when they implemented the Merkel Tree for the first proof of reserve, update. They actually intentionally did something different from, I think, what Binance and some of the other platforms did. For example, they used a summation Merkel tree method instead of a plain
Starting point is 00:14:03 macle tree method. So they actually add up all the hash value for each node layer by layer. So it's actually some of every nodes. So there's no room to kind of gain that. To hide big negative balances, right? Yeah. And then our team also decided that we don't want to truncate the myrtle tree leaves and instead we use the full 32 bytes. So again, there's no room for gaming it.
Starting point is 00:14:37 And obviously we make sure that, you know, each customer has a unique ID on other stuff. but they did a lot of analysis to decide on Mercl Tree. And then later when they start to evaluate zero knowledge technology, obviously there are different technologies available. There's ZK. Stark and there's ZK. Snark. I think those is probably, those two are a pretty close choice for our team. And I think we marginally feel like the ZK. Stark is, is better and more transparent and more secure.
Starting point is 00:15:17 And are there existing open source libraries that you can use for these kinds of things? I'm sure they do. I don't have engineer background so I don't think I can speak to that as eloquently as I would like to. But our team actually had quite a few people with that background.
Starting point is 00:15:41 Our program is also open source as well. Our, you know, both the Mercaltree version and the ZK version is both our open source. So they put it out there as well. That's one thing I've appreciated about a lot of these PR initiatives at the exchange level is open sourcing the software for reuse purposes. So not being particularly greedy about it or anything and just hoping that even competitor exchanges end up using the same stack. Exactly. for the benefit of the whole industry. So for those who aren't as familiar with the ZK liability method,
Starting point is 00:16:18 what does that prove to the user? And what's the benefit relative to the Merkel approach? So for our ZK Stark approach, what it basically does is it looks at all the liabilities that we as a platform hold for our customers, So basically all customers' assets that we as a platform mode custody for them. So it includes all the liabilities. It proves through zero knowledge approved technology that the exercise include all customers. It's all inclusive.
Starting point is 00:17:00 It proves that basically the sum that we show is indeed the sum of all the customer's balance. it also proves that for each customers included in the exercise, every customer has a positive asset balance. Because again, customers have different assets, particularly for a platform like ours, where the customers has more complicated product, where they can do margin, where they have leverage, they can borrow BTC or USDT and kind of end up trading outcoins or vice versa. So specific asset, you may see negative value, but combined, you need to make sure that each customer has actually a positive number accounting for, you know, collaterals that they have on the platform. So that is also included in the ZK exercise.
Starting point is 00:18:08 And then also the process, basically the process of comparing the liabilities that we have calculated for the customer. And when you compare that to the assets that the platform holds. So what we also do as part of the proof of reserve program is that we make public our, public addresses, the on-chain addresses. We started with 23,000 plus addresses when we started with the three assets. Now we cover 22 assets actually and have like 450,000 addresses that we already put out there. So in that calculation, the program would basically add up the assets value in those public-sized addresses and then compare liability and assets.
Starting point is 00:19:04 So that ZK program would affirm that the two actually is comparable. And the process of calculation and comparison has integrity. So basically that's what it does. It's almost functioning as a auditor. Basically, in math, we trust. We want to self-regulate. We don't want to rely on the availability or trustworthiness of a auditor. We want to make sure that we can automate as much as we can.
Starting point is 00:19:35 We can put as much as we can into the code and encourage our customers to verify for themselves. The asset side of the attestation, you sign the addresses on chain, right? Am I right about that? Yeah, yeah. We use private key to sign for the addresses. It's an LKX address, something like that. Do you broadcast that on chain or no? It's on chain.
Starting point is 00:20:03 It is broadcasted on chain. So for 400,000 addresses. I'm not sure if we sign everyone, but we do post all those addresses. I need to confirm if we, at least initially with the 23,000, I think we signed them. Hopefully you can see an Ethereum. I'm not sure as we add all the alt coins, we sign all the other addresses too. Yeah, one, you know, I have my little proof reserve. evaluation rubric, which I think you're familiar with. And one of my criteria is attesting to
Starting point is 00:20:39 the addresses. And not everyone does that, actually. You know, not everyone actually proves that they have the addresses that they claim to control. Yeah. And so some exchanges ask you to take their word for it. Yeah. Which is not good enough in my opinion. Let me, I will confirm if we have everyone. No, I mean, they don't have to be signed on chain. You don't have to sign a message on chain. I mean, you can prove ownership of an address by publishing signature, you know. So in terms of the security model now that you've moved to ZK, do you need a sort of critical
Starting point is 00:21:17 threshold of users to do the procedure? Or is the ZK proof that's created itself kind of sufficient at that point? So that is actually a question that I ask our product and engineering team as well, because I'm curious to know whether the program itself is sufficient enough. Right. The answer I got, a technical answer I got is, yes, it is sufficient. As in if just one user runs the ZK proof, they can have assurances that the whole system works. No, yeah, let me explain.
Starting point is 00:21:58 So I think what our product and engineering team working on this, what they believe is that number one, because our program is open-sourced. So that program can, the integrity of the setup can be challenged, openly challenged and verified by any way. who has either the intention and or the capability of doing it. So theoretically, it is there. But putting on my regular customer hat, I would say, you know, I don't know, right,
Starting point is 00:22:44 particularly a customer who have seen this come and go and people end up just trusting and just take the words. And don't really, like, we would always say, verify, don't trust, but most people probably just trust. It's very fine. So we have seen a lot of traffic coming to our Proof Reserve, basically, lending page. About 600,000 unique users have come in, and quite a lot of them actually have downloaded the code and actually do the exercise.
Starting point is 00:23:21 But internally, we haven't really mapped how many of those. numbers of users where people who downloaded actually completed the process of verification because it is pretty complicated, right? It's not for everyone, let's be honest. So when I ask them, like, how many do we actually need to prove without inviting an auditor to say this process and program is what it is and it has integrity? they looking around and they saw I think Misson Labs used to publish something and talk about the security of a program. It seems that between 2 and 5 percent, if 2 and 5 percent of customers who come in and individually check their assets against the programs and confirm that it's accurate, then there's a pretty good.
Starting point is 00:24:26 high probability to say the program is what it is. Yeah. But I'm curious to hear your thoughts on this, you know, how, where it actually stands. And this is actually one area that I think we would like to continue to push. Yeah. Yeah. How to make the program more friendly to normal users for them to verify and increase. Yeah.
Starting point is 00:24:54 What I expect is that ultimately. POR moves to more real time even, you know, moving away from even monthly or even frequency based, but basically based on your login as a user. And so technically I still have to kind of figure out how this would be done, but that's kind of what I envision as part of your login process. there is a kind of instantaneous proof generation. Not entirely sure how technically feasible it is right now, but that's one interesting place to go. I mean, can you imagine that trust model whereby,
Starting point is 00:25:37 merely by logging into the platform, you have the proof that your assets correspond to the liabilities. But yeah, I know this was a debate back in kind of the Merkle tree days. But for what you described, sorry to interrupt, what you describe, it's also, it's still trust and not verify, right? So it's still like, as a customer, I would take the platform's words as at the face value. If I see in my app, it shows my, you know, it matches what I have. I would have to take it at face value that it is what it is instead of me actually go and verify.
Starting point is 00:26:14 Like how do you actually make it easy for customers to verify in the program? Yeah, I mean, I think basically the. real trust model is that there's power users that are technical and are willing to do this. And if they were to detect something, then they would say something. And, you know, so I think that's the real immune system here is the existence of a small number of power users that are highly motivated to do this. Like, let's say maybe other funds that have like a fiduciary obligation maybe to evaluate the solvency of the platform. So maybe we even do some of the bounty hunter.
Starting point is 00:26:50 you know, bounty stuff that you are doing these days for the analysis. Yeah, no, I think that could be interesting, user bounties to do the POR. I remember when it was the Merkel Treatise, one of the attacks that people would talk about with POR was the exchange tries to guess who's going to do the verification, who's not. And then if they guess that your account is dormant and you're not going to,
Starting point is 00:27:16 then they give you as kind of a zero, liability entry, even if you have large liabilities. And so you can hide liabilities strategically by doing that. So that was one of the attacks. Yeah, that's a potential gap. Yeah, I would agree. I would need to look and see if the ZK liability method mitigates that. That's kind of an open question.
Starting point is 00:27:43 Yeah. But yeah, I mean, like, PR is still developing. We're still all coming to grips with the assurances. what it tells you what it doesn't. And I think people often with PR, they let the perfect be the enemy of the good. They think, okay, here's an edge case, here's a way that they could maybe fail,
Starting point is 00:28:02 and they kind of throw the whole procedure out as a consequence. Yeah. Which is, you know, and I also hear the same, like, hey, what about just a full financial statement audit? You know, that's better than a POR, so to speak. But obviously that's, like, incredibly expensive and often difficult to get. and you can't get it with high frequency
Starting point is 00:28:22 and it doesn't prove the same set of things. So it is, it kind of is baffling to me sometimes that critics of POR will, you know, use the fact that it's not 100% ironclad and perfect as an excuse to throw away the procedure. Yeah.
Starting point is 00:28:40 When it's still providing a lot of value. Yeah, I think I'm in the same camp with you. I think the current technical POR solutions that we have as an industry, and obviously on our platform is a big step forward from an even audit perspective because it has higher frequency. It is on chain.
Starting point is 00:29:00 It has more transparency in the code. You know, for the question that you were talking about whether a platform is actually including all customer liabilities or actually having some game theory, guessing which customers are checking or not, right? That, I think, is not only an issue for our technical POR program, it's the same challenge for auditor, too, in traditional finance or other traditional audit exercise. How many times have we seen fraud? Yeah.
Starting point is 00:29:39 That either auditor is not capable or, you know, somehow they didn't discover everything that's actually in place. So I don't think that is something that can be actually addressed by a traditional audit piece. However, what the POR program does not cover is the Fiat side of the situation for a platform like ours. That part cannot be addressed on chain because it's not on chain, it's Fiat. So that part can only be addressed by a traditional audit exercise. unless you chose to have your Fiat reserves in stable coin format or something like that. Right. Yeah.
Starting point is 00:30:21 Yeah. Yeah. The other element there is, of course, the more legal and contractual things. Like, where is the exchange registered? What is the regulatory context there? Yeah. What is the treatment of client assets in bankruptcy? Yeah.
Starting point is 00:30:37 And, you know, I often find myself repeating that a POR isn't complete, so to speak. without information or assurances on those points? Yeah, I would agree. And also, okay, are there other hidden liabilities, big debts owed that obviously aren't captured by the technical procedure? Yeah. So it's kind of a pattern of evidence, but the technical procedure itself is essential.
Starting point is 00:31:03 I would agree. I think my expectation is that the industry will continue to evolve and we continue to do better as part of the self-referral. regulation and then have a combination of the technical solution for on-chain plus the you know the financial audit that you were talking about licenses would also help right particularly licenses with strong jurisdictions in those jurisdictions that the bar is pretty high there and you know the onsite check from the regulators are also quite often so a combination of those I think would would help but I do think that the technical part of this is is not replaceable by traditional means. And it's actually a big advance forward. And it does bother me when people say, well,
Starting point is 00:31:53 just do a financial statement audit or something. Because it's a completely different concept. An audit is very broad. I'd say it's like broad and shallow in some ways. Like it covers like, you know, key man risk and insurance. and it may not even cover strictly all the assets on the platform. Like people don't know this about audits,
Starting point is 00:32:18 but sometimes they use a sampling methodology where they investigate a subset of the assets on the platform, right? It's not always the case, but the point is, like, the financial statement audit, it doesn't, it's not designed to do what a PR does. Of course, it gives you assurances, yes. But it's not designed to do what a PR does. PR is narrow and deep, you know. It covers the client liabilities and the client assets,
Starting point is 00:32:50 and it reconciles them. At a high frequency, it's obviously cheaper than a full audit. And it gives you very precise assurances that the funds that you are owed by the platform are there. Yes. That's a totally distinct concept from a, you know, big, conventional, slow-moving, infrequent. audit. And I think people don't understand that they're more complementary than they are substitutes for each other. Absolutely. Yeah. And also when the addresses, more addresses are made public, theoretically, you can just monitor the inflow and outflow into those addresses.
Starting point is 00:33:30 And sometime you can identify patents, right? If the PRR program has been more of a standard a year earlier or two year earlier, probably would be able to identify the, the influence outflow on the FTX and Alameda relationship earlier. Do you remember after the Alameda balance sheet was leaked, people started looking carefully at the FTCS Alameda wallets and they're really like, hey, there's too much churn here, there's too much movement, this isn't makes sense,
Starting point is 00:33:59 like, why are the funds going from FDX go right to Alameda? And you're exactly right. If everyone had been doing a PR at that point, FDX would have not been able to do a PR because they didn't have the assets, right? Yeah. And let's say they had done a PR. We'd know what addresses they had for sure,
Starting point is 00:34:17 and we'd be able to evaluate the flows and see that something was amiss. Yeah. So PR is most functional when most of the firms in the industry do it. And then by via negativa, you can identify the firms that are, there's something wrong with them because they're not doing a PR, basically. And we need a power users who can actually verify for the industry. Yeah, we need more. More people like me that actually are psychotic enough to actually...
Starting point is 00:34:46 Not on the bounty, but actually do it. So in terms of your regulatory conversation, so I'm excited by the fact that policymakers worldwide that I talk to are now excited by POR. And so Texas passed a bill, there's been two bills of the federal level here in the U.S. that mentioned POR. There's other regulators that are now thinking about it. Does this come up in any of those conversations or is this not an issue that is on the radar for you in your regulatory conversations yet?
Starting point is 00:35:25 For our current licensing conversations with the key regulators, this one hasn't come into the center arena yet. not in its own, but the focus on customer assets has always been there. They just haven't specifically asked and make POR a mandatory piece, but they all care about customer assets being fully accounted for. They all care about the local entities, customers are there, and it's separate, and it's easy to track, and, you know, those type of,
Starting point is 00:36:07 thing. They care about the lack of the confirmatory move that there is no Alameda situation. Yeah. So those are definitely a focus area of the conversations, but to my knowledge, we haven't specifically encountered a specific ask of making POR program a mandatory part of our fabric. But I wouldn't be surprised if that's coming up more in the future. I think there's probably a trend that is building up there. Was part of your analysis that if you engage in the self-regulatory measure, that when regulation eventually does manifest, it's ultimately lighter touch and more accommodating
Starting point is 00:36:52 because you've proven that you can self-regulate? I would hope so. I would hope that not only for our platform, but most of the platforms in the industry does that and do it diligently and real and had enough conversations with our regulators to basically educate them what we are doing so that ultimately when there is a regulatory framework for it, it actually goes in the right direction, right? The worst case you want is to have regular coming and say you have to do a monthly third-party audit and take everything off-chain and do actually off-chain stuff because that
Starting point is 00:37:40 wouldn't be heading the right direction. Hopefully it's whatever framework that comes up with is supporting the direction of using technology, using a trustless program and trustless system, and then enhance where it needs to be enhanced. When you talk to your clients, especially larger ones, is this something they care about in terms of diligence in the exchange? That's the case today? Yes, I think all the partners, institutional partners, brand partners, customers, institutional or retail. I do think that they care. That's great. I mean, that definitely was not the case a few years ago. You know, people didn't know what PR was. They didn't understand the need for it. I think FTCS changed everything. Yeah, for good enough for bad.
Starting point is 00:38:37 Yeah. I think that's good for us. Short term, it's painful, but it raises the awareness. It's interesting you even mentioned brand partners because now post-FTX, they had so much branding activity and their partners were kind of disgraced by virtue of their affiliation with them. Yeah. So now even your brand partners are considering the proofers or out of station
Starting point is 00:38:59 in their decision to partner with you. I think so. I don't know if it actually plays a critical role, but I do think that having this in place and having a consistent program where we actually keep making improvements, it speaks to our commitment to the transparency and also, you know, if we put everything out there, you cannot really game, right? You don't know out of all the customers who will check and we cannot check. Yeah, the consistency is key in the relatively high frequency, which is why in my framework, I ask for monthly or better. And I think the number one objection I hear about POR, here's so many, the number one is that you can borrow funds on a short-term basis and true up your reserves if you're short, and then you return them at the beginning of the next quarter or whatever. Yeah.
Starting point is 00:39:59 This isn't really a real critique if you're doing it on a high frequency basis. Absolutely. And if you're publishing your addresses, so people can monitor the flow, it's like they would see, oh, there's huge month-end flows every month. They would see that. Yeah. It put a lot of check and balance on the system, right? Because if you regularly borrow, people will see when you get to that point and just
Starting point is 00:40:24 like in-flow and then out-flow. And that pattern will become very obvious. time. Yeah, and that's the job of an auditor normally to, I call it, it's called cash wind addressing in traditional audit land. Now what's interesting in crypto world is anyone can do that analysis. Yeah. So it's just democratizing the audit work.
Starting point is 00:40:44 Exactly. Anything else you want to share in terms of how you feel about where you're at with PR, future plans there? I think we've made solid progress on this, right? We have added assets. We started with three. Now we are 22. We have increased the number of addresses we put out there from I think 30,000 to 400,000,
Starting point is 00:41:16 350, I think. 23,000 to 350,000. It's consistent on the monthly basis. I think the next pieces for us internally is really one to continue to improve our internal efficiency because again the way we calculate the liability side within the, you know, in the ZK program. Because of the nature of the business model, it's quite complicated. It takes a lot of calculation space and resources. So, you know, we need to continue to figure out there's any room for further efficiency. That way later we can increase the frequency from monthly to even higher frequency.
Starting point is 00:42:04 And then the second piece is what we talk about, right, how we can actually increase the trust model without relying on the third party auditor. And it really relies in how we can get more people to actually go and verify for themselves. From our perspective, it's about whether there is anything. thing we can do to increase the easiness and friendliness of the checking process. That's one piece that we are kind of thinking about how to iterate and welcome any feedback there. And then secondly, obviously, you know, people like you who continue to advocate in the space, hopefully can increase the awareness and push people to do the verification more often
Starting point is 00:42:55 for themselves. And then outside the proof of reserves program, obviously on the FISA, we need to continue to do audit. We do have audit already in place, but hopefully we're able to upgrade to a big four audit at some point for the group level. So that's one thing that internally we're kind of trying to pursue. Obviously, there are additional upgrade that we want to do on the wallet system, make it entity separate and all that stuff going forward. So there's some optimization that we are trying to do internally. Yeah, that's a long list of things. Good luck.
Starting point is 00:43:34 Hong, I'm grateful for the leadership that you've shown here and your willingness to engage with folks like me. And I think you're really setting a standard here in terms of the right way to pursue PR. So congrats again on 12 consecutive ones. And I can't wait to see what you do from here. Thank you. And I very much appreciate our team also very much appreciate
Starting point is 00:43:55 your guidance and feedback. Without people like you, it's going to be so much harder to raise the awareness of the industry and continue to push this forward. So thank you. Appreciate that.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.