Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation
The rapid growth of the crypto asset industry has led to the adoption of proof of reserves (PoR) protocols for transparency in centralized exchanges (CEXs). By providing proofs to users that the exchange’s total reserves equal or exceed its total liabilities, PoR allows these exchanges to...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10979308/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850112948132904960 |
|---|---|
| author | Beomjoong Kim Dongjun Lee Junghee Lee Wonjun Lee |
| author_facet | Beomjoong Kim Dongjun Lee Junghee Lee Wonjun Lee |
| author_sort | Beomjoong Kim |
| collection | DOAJ |
| description | The rapid growth of the crypto asset industry has led to the adoption of proof of reserves (PoR) protocols for transparency in centralized exchanges (CEXs). By providing proofs to users that the exchange’s total reserves equal or exceed its total liabilities, PoR allows these exchanges to demonstrate that they have enough funds. This paper identifies a vulnerability in current PoR methods, where malicious CEXs can manipulate snapshots to understate liabilities, making reserves appear larger. To address this, we propose a framework where users take their own snapshots during a strategic trading pause, allowing the validation of the PoR result. The framework is compatible with existing PoR methods. We also propose a user-driven handshake (UDH) pause model to minimize disruptions. We evaluate the effectiveness of the framework in preventing snapshot cherry-picking as well as its practicality in minimizing trade pauses. |
| format | Article |
| id | doaj-art-96d3e3b867324aab89b83f5e7b920fba |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-96d3e3b867324aab89b83f5e7b920fba2025-08-20T02:37:16ZengIEEEIEEE Access2169-35362025-01-0113774457745510.1109/ACCESS.2025.356499910979308Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its MitigationBeomjoong Kim0https://orcid.org/0000-0002-8033-8559Dongjun Lee1https://orcid.org/0009-0000-0787-7487Junghee Lee2https://orcid.org/0000-0003-0733-0136Wonjun Lee3https://orcid.org/0000-0001-5286-6541School of Cybersecurity, Korea University, Seoul, South KoreaSchool of Cybersecurity, Korea University, Seoul, South KoreaSchool of Cybersecurity, Korea University, Seoul, South KoreaSchool of Cybersecurity, Korea University, Seoul, South KoreaThe rapid growth of the crypto asset industry has led to the adoption of proof of reserves (PoR) protocols for transparency in centralized exchanges (CEXs). By providing proofs to users that the exchange’s total reserves equal or exceed its total liabilities, PoR allows these exchanges to demonstrate that they have enough funds. This paper identifies a vulnerability in current PoR methods, where malicious CEXs can manipulate snapshots to understate liabilities, making reserves appear larger. To address this, we propose a framework where users take their own snapshots during a strategic trading pause, allowing the validation of the PoR result. The framework is compatible with existing PoR methods. We also propose a user-driven handshake (UDH) pause model to minimize disruptions. We evaluate the effectiveness of the framework in preventing snapshot cherry-picking as well as its practicality in minimizing trade pauses.https://ieeexplore.ieee.org/document/10979308/Crypto assetproof of reserves (PoR)proof of solvencysnapshot cherry-pickingcentralized exchange (CEX) |
| spellingShingle | Beomjoong Kim Dongjun Lee Junghee Lee Wonjun Lee Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation IEEE Access Crypto asset proof of reserves (PoR) proof of solvency snapshot cherry-picking centralized exchange (CEX) |
| title | Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation |
| title_full | Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation |
| title_fullStr | Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation |
| title_full_unstemmed | Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation |
| title_short | Snapshot Cherry-Picking Attack in CEX Proof of Reserves and its Mitigation |
| title_sort | snapshot cherry picking attack in cex proof of reserves and its mitigation |
| topic | Crypto asset proof of reserves (PoR) proof of solvency snapshot cherry-picking centralized exchange (CEX) |
| url | https://ieeexplore.ieee.org/document/10979308/ |
| work_keys_str_mv | AT beomjoongkim snapshotcherrypickingattackincexproofofreservesanditsmitigation AT dongjunlee snapshotcherrypickingattackincexproofofreservesanditsmitigation AT jungheelee snapshotcherrypickingattackincexproofofreservesanditsmitigation AT wonjunlee snapshotcherrypickingattackincexproofofreservesanditsmitigation |