Stefan Thomas, CTO of Ripple Labs, founder of WeUseCoins.com, BitcoinJS, and a Bitcointalk administrator announced today on the forum that he has conducted an audit on the Bitcoin exchange Bitfinex.
This makes Bitfinex the third exchange to release an audit report in the last two months. In early March the UK-based Bitcoin exchange, Bitstamp was the first to announce it has gone through an audit process to assure clients that their funds are secured as the venue is solvent. In late March Kraken, become the second exchange to announce it has gone through an audit, with the same auditor, Stefan Thomas, as Bitfinex. The rush by exchanges to undergo audits is primarily explained by the loss of confidence in the segment created by the collapse of Mt. Gox and the embarrassing revelations following it.
Stefan Thomas wrote this latest audit was similar in nature to the Kraken one, but he took some of the feedback on board from it (hash email address into leaf nodes), improved the security in a few places (balances were anonymized even to the auditor) and streamlined the process more. He than presented a tool designed to simplify the job of crypto-currency auditors based on his team's work called Easy-Audit. The tool is open sourced and he claims not to have received any payment the audit saying: "my personal goal with this is to help improve the stability of and confidence in the math-based currency industry overall."
The actual holdings were found to be slightly above the required holdings, meaning Bitfinex had greater than 100% (102.82%) reserves at the audit block height.
Proof of Solvency
This type of audit process is designed to allow the auditor to verify that the total amount of bitcoins held by Bitfinex matches the amount required to cover an anonymized set of customer balances. The auditor is attesting to is the root hash of a merkle tree containing all balances that were considered in the audit. If you are a customer of Bitfinex, you'll be able to verify using open-source tools that your balance at the time of the audit is part of this root hash. If it is and if you believe the auditor is trustworthy, then you can be confident that your balance was covered by 100% reserves at the time of the audit.
Compared to audits performed by other exchanges, this approach is said to be very strict while still maintaining absolute privacy for customers. The most difficult part of an audit is normally to verify that the exchange is not under-reporting the number and balances of account holders. With this approach each account holder can verify that they were considered in the audit.
Trust in this type of audit still requires trust in the auditor. Stefan Thomas is considered credible by many in the community, but Bitfinex have also expressed interest in doing regular audits with different auditors each time. This serves to renew the audit and also to increase the confidence in the audit process and the validity of the result.