On April 5, 2018, ICONOMI’s $133.6M of liabilities and $210.2M of reserves, distributed across 80 digital assets, were blockchain audited and verified by Deloitte.

Our goal for the blockchain audit was to prove our solvency and our digital asset holdings using best practices from the traditional financial industry merged with the transparency of the blockchain world. This is why we decided to work with Deloitte and to utilize the Merkle tree approach.

Transparency vs. Anonymity

A Merkle tree is a structure that allows for efficient and secure verification of content in a large body of data. Using Merkle trees, each individual user can verify his or her account balance and calculate all liabilities without disclosing any personal information.

Measuring Solvency

Solvency is defined as the ability of a company to meet its long-term financial commitments. Solvency is proved once the total reserve balance acquired using proof of reserves is shown to be sufficient to cover the total liabilities acquired using proof of liabilities. Using these two different methodologies, Deloitte proved that ICONOMI’s reserves are greater than its liabilities. As such, all of ICONOMI’s digital assets have now been verified.

Proof of solvency is built from two parts:

Proof of liabilities: We have established a procedure for putting all our user and DAA holdings into Merkle trees. Using Merkle trees enables each user to check that they were included in our liabilities without revealing any personal information. The more users who check that their balances were included in the tree, the more certainty the proof achieves, so we encourage as many people as possible to check their balances once the tools are made available.

Proof of liabilities has been split into two parts:

Assets held by users (such as ETH, BTC, and ICN held on the platform, as well as any DAA holdings)

Assets held by DAAs

Proof of reserves: Total reserves is defined as the sum of all ICONOMI’s digital assets and fiat holdings in bank accounts. Deloitte has received all our blockchain addresses, bank account information, and exchange account information. Along with our blockchain addresses, we prove ownership either by signing messages with private keys or by creating predefined transactions from those accounts.

All eighty assets currently held by ICONOMI have been blockchain audited.

Proof of Liabilities

The Merkle Tree Approach

By using the Merkle tree approach, we enable users to check that our liability/obligation toward them was included in Deloitte’s report.

Let’s say we have four users on our platform with the following balances. For each user, we generate a unique random identificator (salt) called the audit ID.

We take each user’s data and put it through a hash function. Hash functions are one-way functions that take input data and return a fixed-size result (a hash). Since they are one-way functions, you cannot get the original data used for the hash just by knowing the result. By using hash functions, we are able to provide transparency and make data publicly available for verification while still keeping user data private (i.e., nobody can see anyone else’s email addresses or balances).

Note: We used SHA256 for our hashing function. Data is separated by using the pipe character as a delimiter: SHA256(user email | balance of asset | audit id). Values are fixed formatted with trailing zeros stripped.

All user hashes with their balances are then inserted as leaves into a tree: