At least monthly, CheckSig provides a public proof that all assets in custody are safe, i.e., still under control. This might seem so obvious to be redundant and, as a matter of fact, no other custodian proves its reserves: woefully, they could be concealing losses that will be only discovered later on.
At CheckSig, we strongly believe in a provably honest transparent custody: check out below our proof-of-reserve transactions and explore them on-chain.
In each transaction we include the amount under custody consolidated in the previous proof-of-reserve, collect all deposits received since then, pay the transaction fee, withdraw according to our clients’ requests, and consolidate the rest as a single amount of Bitcoins. This amount represents the assets under custody at the transaction date; independently, our internal controls and external auditors attest that those assets exceed the obligations we have towards our clients.
Since July 2021, we started to reuse the same consolidation address to make the proof-of-reserve self-contained: CheckSig spends from and, at the same time, to the consolidation address in the same transaction. This spend-to-self transaction proves the ability of spending from the same address that is used to consolidate all assets under custody. The consolidation address might occasionally change in the future; nonetheless, even in that case, the proof-of-reserve will be spending from and to the new address in a spend-to-self transaction. While address reuse is very bad for privacy, it is fine in our case because the proof-of-reserve must be public. Moreover, residual security concerns (e.g., nonce exfiltration) are solved by our multi-level multi-signature scheme using Hardware Security Modules from different vendors (to learn more about our security, read about CheckSig custody protocol).
The current consolidation address is bc1qqst9un5sz8576fy2nnqkpm4rpfh0weveqwtt8zxgjp02g2mx5q7s2vresu.