Bitcoin Forum

At Vault of Satoshi we have always tried to embody the mantra of being an open, honest and transparent exchange. We feel it's our duty to do so when you make the decision to place your funds in our hands.

For this reason we have long sought after a way to prove our reserves to the public in a safe and reliable manner, while most exchanges issue a third-party audit, we felt that simply wasn't open enough - so today at Vault of Satoshi we are proud to announce full proof of solvency and the publication of our cold wallet!

Users can self validate both their balance and the overall reserves of the exchange by navigating to our security center and selecting "BTC Proof of Solvency". From there, load the partial tree list, select "online tools" and copy paste in the relevant information to validate the holdings.

Note: While our secured cold wallet is listed and public, we have decided to not publish the hot wallet address for security reasons, and so the total value may have a discrepancy of up to 5-6%.

We at Vault of Satoshi want to thank you for your trust and your continued patronage. We will continue to take steps to be transparent and promote honest, customer oriented practices in the Cryptocurrency market.


All the best,
Adam Cochran
Director of Marketing
Vault of Satoshi

Original: http://www.reddit.com/r/vos/comments/23lxho/vault_of_satoshi_launches_full_proof_of_solvency/

This makes it sound like you have only one cold wallet and one hot wallet.  Surely that is not the case.  I hope?

The amount of addresses they use has very little relevance for security.

Congrats on attempting to provide a better, safer service.
FYI: This thread probably belongs in "Service Discussion".

This is great.  Should be standard protocol for ALL exchanges.

Of course it does.

1 cold wallet = Only takes one security incident, one private key stolen, all funds gone.
10 cold wallets = Needs 10 security incidents to lose everything, otherwise one breach only loses 10%.

Naturally the 10 cold wallets need to be stored separately and in different manners in order to be effective.

Same goes with the hot wallet.  One flaw in the app or servers and the entire thing could be drained.  Multiple hot wallets on separate servers with very different access methods will make it much more difficult for a hacker to take all of the hot balance.  More likely they'd go for the first one they could get and after that Vault would know and shut the rest down.

would you mind elaborating what you mean by "full proof"?
That is, what information you provide and how can one verify its validity.

Can customers audit the exchange in real time?

The thing is - if it truly is an air gapped cold storage system it is extremely difficult for someone to actual get hold of the private keys. Setting up 10 different cold storage systems is a lot of effort and wouldn't really achieve that much as if you had a flaw in one you'd have that same flaw in all of them.

The whole purpose of a hot wallet is not to have all your coins in there so that if it is stolen it isn't such a big deal. Trust me - having many different hot wallets which different access methods is not exactly easy to manage nor is it that cost effective. Honestly, they'd be better off getting lots of pen-testing done and keeping admin accounts away rather than trying to split up their wallets.

You are able to check that we have all the BTC we claim we have, that your BTC are indeed included as a part of that and appropriately assigned to you and that our coldwallet exists on the blockchain and has the appropriate funds.

It's my understanding that the hashes are produced in a daily cron, and you can run an audit at anytime but you will get the values from that days cron!

If you have any further technical questions I can direct them to our software engineer who lead up that project!

Thanks.  Daily is good enough vs traditional audits that can take several months.  Your exchange should gain in market share with the implementation of this new tool.

Proof of solvency is a great step forward. Real world security audits are the flip side of the same coin, so to speak.

Regardless, we feel it is the right thing to do. Our users trust us with their assets and we should put that front and center and be as reliant, secure and transparent as we can afford. Our user's deserve every bit of effort to give them peace of mind!