Deribit holds a 1:1 reserve of all customer assets and the company is happy to provide full transparency into our holdings. A cryptographic proof of liabilities, verifiable by any party without relying on a trusted auditor, was first proposed by Greg Maxwell in 2013, and is known as the Maxwell protocol. This initial proposal disclosed information about the number and size of customer accounts, which is why Deribit is using a slightly modified version that protects client privacy and offers full transparency, preventing balances from being hidden.
Deribit constructed a binary Merkle hash overview with the leaves being the steganographed (cut in-pieces) balances of our individual users, broken up by asset. Clients can see exactly which leaves in the tree refer to their funds by using the unique hash built from their account information. With the individual liabilities established, it can be easily verified whether the aggregate of these liabilities is held by Deribit on-chain.
The daily snapshot file can be found here.
Below please find an overview of the key wallet addresses and verification process used by Deribit. Please note, the list below does not include addresses of assets held in third-party custodians, like Copper Clearloop.
-
Every day Deribit takes a snapshot of the on-chain assets for all eligible account. Assets held by third party custodians cannot be included in the reporting as they are not in Deribit’s direct control. The data file that is fully accessible for all interested parties therefore only contains the accounts that hold assets on Deribit.
-
In contrast to Maxwell’s approach, Deribit’s modified proof of assets includes steganography (rearranging balance data) of our user balances to protect client privacy and prevent disclosure of actual balances and their links to blockchain addresses or identities. This is important as we disclose a full list of accounts. Only the client can recognise their assets in the list.
-
In the Deribit frontend (here) clients will find a hash allowing them to verify that their assets are included in the asset file at both the main and sub-account level.
-
All code used to create Deribit’s modified Merkle Tree is available below so clients can verify the accuracy of the frontend data. To prevent the same nonces being assigned to different users with comparable asset levels, thus reducing the size of liabilities, we give each account a unique Proof ID. Using the instructions below client can convert the Proof ID into the identifiers found in the daily Snapshot file and shown in the verification section of the Proof of Reserves page.
-
The aggregate of the assets included in the Asset File should always be less than the aggregate of assets available on-chain. The difference is the Deribit reserve ratio, which includes the insurance funds, Deribit revenues, and accounts used for payments and general administration. If the total on chain balance is higher than the Asset File balance (visible in frontend and in file itself), then Deribit has Proof of Reserves.
-
User can find his or her Proof ID from the frontend. The user can verify their Proof ID is unique by performing the following steps:
A. Verify Proof Signature
– Get the User ID and Proof ID Signature from the Proof Of Reserves page
– Download the latest Proof Of Reserves snapshot and copy the Public Key (public_key field in json file)
– Use the Ed25519 signature algorithm to verify that the Proof ID Signature was used to sign the User ID
tool: https://ed25519.altr.dev/ (Base64)
– Message = User ID
– Signature = Proof ID Signature
B. Verify Proof ID
– Base64url decode the Proof ID and Proof ID Signature
tool: https://cryptii.com/pipes/base64-to-hex (Variant = Base64url, Format: Hexadecimal Group By = None)
– Verify if sha1(Proof ID Signature Base64url Decoded) = Proof ID Base64url Decoded
tool: https://emn178.github.io/online-tools/sha1.html (Input Type = Hex)
-
By calculating hashes a user can fetch all his entries from the “liability” field of the JSON file (to increase PartNumber until no more fetches). The sum of the entries is the sum included into the liability.
A. Join Table Seed and Proof ID:
format: TableSeed ++ “|” ++ Proof ID
output: 2022-12-02 12:37:32|accountProofId
B. SHA256 hash:
tool: https://emn178.github.io/online-tools/sha256.html (Input Type = Text)
input: 2022-12-02 12:37:32|accountProofId
output (dummy): cc9810645a0119723eb25f3afaab84ae6c219ec492bd04409b91da710c61d264
C. Join hash with Part Number (in Hex):
format: HashFromStep2 ++ “|” ++ PartNumber
input:
– HashFromStep2:
cc9810645a0119723eb25f3afaab84ae6c219ec492bd04409b91da710c61d264
– | in hex: 7c
– 1 in hex: 31
output: cc9810645a0119723eb25f3afaab84ae6c219ec492bd04409b91da710c61d2647c31
D. SHA256 hash:
tool: https://emn178.github.io/online-tools/sha256.html (Input Type = Hex)
input: cc9810645a0119723eb25f3afaab84ae6c219ec492bd04409b91da710c61d2647c31
output (dummy): 30d5635e4cc4fd315d38a4415801d5b3078f421263c9eb1f5e36b6d8c8e49bca
E. Base64 encode
tool: https://emn178.github.io/online-tools/base64_encode.html (Input Type = Hex)
input: 30d5635e4cc4fd315d38a4415801d5b3078f421263c9eb1f5e36b6d8c8e49bca
output: MNVjXkzE/TFdOKRBWAHVswePQhJjyesfXja22Mjkm8o=
F. Replace some characters:
‘=’ => ” ‘+’ => ‘-‘ ‘/’ => ‘_’
input: MNVjXkzE/TFdOKRBWAHVswePQhJjyesfXja22Mjkm8o=
output: MNVjXkzE_TFdOKRBWAHVswePQhJjyesfXja22Mjkm8o
-
Everyone can check that our total liability (sum of all liability entries) is less than disclosed on-chain reserves (addresses see below).
-
When total liability is less than or equal to the wallet reserves, it confirms that Deribit has provided Proof-of-Reserves as it is holding sufficient reserves. As the snapshots are taken daily, market volatility and the corresponding impact on customer portfolios may cause a temporary difference between snapshots.
Finally, Deribit publishes an endpoint that shows cumulative margin locked (MM and IM per currency) for the entire user base. This endpoint shows in real-time how many assets are held on Deribit as margins for outstanding positions. The above sections provides specifics on the exact assets Deribit holds on behalf of clients and how users can verify the assets exist, hence this endpoint is an additional layer of transparency.
Please see the following real-time endpoint here.
Don’t Trust Us. Verify Us. We always offer full transparency of our Reserves.
All Deribit’s wallet holdings are public and easy to verify. Users funds are always backed 1:1 by real assets. The wallet addresses are listed below.
For a graphical overview please visit Nansen, CoinMarketCap, or DeFiLlama.
bc1qtq5zfllw9fs9w6stnfgalf9v59fgrcxxyawuvm – Link
14HeA1YRUiJGb95HVpVTBuavMUBYGk6y7R – Link
bc1qa3phj5uhnuauk6r62cku6r6fl9rawqx4n6d690 – Link
bc1qf6lm99tp5p27hsmyskve236nsv32lnfwt4h8wk – Link
bc1qzwhw94uldd3c8736lsxrda6t6x56030f8zk8nr – Link
bc1q78c4tk53hx28ladm3j7cn8x7yw6gnh38ur8j47 – Link
bc1q2qkuk5hr6yjw2jshtrfqw29tyy3x62rqk3ep6x – Link
bc1qws342rlkhszh58rtn35zrw7w076puz83gkcufy – Link
bc1qnecufhyxp2dlymcs63asygydjs9x2k55scuc5s - Link
0x58F56615180A8eeA4c462235D9e215F72484B4A3 – Link
0x5f397B62502e255f68382791947D54C4B2d37F09 – Link
0x77021d475E36b3ab1921a0e3A8380f069d3263de – Link
0x1baE874af9f81B8F93315b27F080260Da4702D3a – Link
0x866c9a77d8Ab71d2874703e80cb7aD809b301e8e – Link
0xc7125DA07a7110049eCC68F43BF10DE4d45CA84e – Link
0x1b995f9d96951f4a04c30d2e114819949e971bc8 – Link
0xb61a16BDa6D61D9b8AD493BF05962c5b98D1712F – Link
0x98F980a6f4800b53db7DF568B5e1F6f230d661e5 – Link
0x8F5F8ada4D19BF4ffBE580e4ce92af424e60C720 – Link
0x369F8406A13729c168526018697F0da667656cde – Link
0x3d09D2354530466D32Ed37C6Ad19eA58504A0C37 – Link
0x4e67722883AD992182e83b79Bf06A93972963caC - Link
A5ANHizfayJUDBSwV5Cm7CNXCj6E6AAda49wzzdYPons – Link
H8z2yZcrKo7ngiMz3Vsuw823nYo11qdCqs3sJDDjeTdD – Link
DL165xn6SrdupXGA2MW6woz35B3ssVqpYfwS1xAKdyx – Link
7wx23rZmR4tikqW9avcby5Pf8QEuBTo7HKUtpCt9r9nz – Link
FbchixvxTEW24Mnzh8AxW31YEZ3J8bq5G5YthxttRgST – Link
BeTzsKSyvUhYiSrRDrDkZDN69LU4T7Ho3qKmrK8DvxYN – Link
BNqPhvyoyRz4zj4Mmrc3cdqZaqXjro3RZ82dkvGec38n - Link
0x5f397B62502e255f68382791947D54C4B2d37F09 – Link
0x1baE874af9f81B8F93315b27F080260Da4702D3a – Link
0x866c9a77d8Ab71d2874703e80cb7aD809b301e8e – Link
0x77021d475E36b3ab1921a0e3A8380f069d3263de – Link
0xc7125DA07a7110049eCC68F43BF10DE4d45CA84e – Link
0x4e67722883AD992182e83b79Bf06A93972963caC - Link