Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation

Beomjoong Kim; Dongjun Lee; Junghee Lee; Wonjun Lee

doi:10.1109/access.2025.3564999

IEEE Access (Jan 2025)

Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation

Beomjoong Kim,
Dongjun Lee,
Junghee Lee,
Wonjun Lee

Affiliations

Beomjoong Kim: ORCiD; School of Cybersecurity, Korea University, Seoul, South Korea
Dongjun Lee: ORCiD; School of Cybersecurity, Korea University, Seoul, South Korea
Junghee Lee: ORCiD; School of Cybersecurity, Korea University, Seoul, South Korea
Wonjun Lee: ORCiD; School of Cybersecurity, Korea University, Seoul, South Korea

DOI: https://doi.org/10.1109/access.2025.3564999
Journal volume & issue: Vol. 13
pp. 77445 – 77455

Abstract

Read online

The rapid growth of the crypto asset industry has led to the adoption of proof of reserves (PoR) protocols for transparency in centralized exchanges (CEXs). By providing proofs to users that the exchange’s total reserves equal or exceed its total liabilities, PoR allows these exchanges to demonstrate that they have enough funds. This paper identifies a vulnerability in current PoR methods, where malicious CEXs can manipulate snapshots to understate liabilities, making reserves appear larger. To address this, we propose a framework where users take their own snapshots during a strategic trading pause, allowing the validation of the PoR result. The framework is compatible with existing PoR methods. We also propose a user-driven handshake (UDH) pause model to minimize disruptions. We evaluate the effectiveness of the framework in preventing snapshot cherry-picking as well as its practicality in minimizing trade pauses.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords