When Michael Saylor stepped onto a side-stage at the Bitcoin 2025 conference on May 26, the audience expected the usual boosterism from the man who has converted a software company into a de-facto Bitcoin holding vehicle. Instead they received a meticulous, almost scathing deconstruction of the industry’s favorite transparency meme: on-chain proof-of-reserves.
Saylor’s rhetorical opener was vivid. Publishing institutional wallets, he said, resembles “publishing the address and the bank accounts of all your kids and the phone numbers of all your kids and then thinking somehow that makes your family better.” What many retail users praise as radical transparency is, for him, an “attack vector for hackers, nation-state actors, every type of troll imaginable.”
He invited the audience to run a thought experiment with generative AI: “Go to the AI, put it in deep-think mode, and then ask it what are the security problems of publishing your wallet… It will write you a book. It will be fifty pages of security problems.”
The issue is structural, Saylor argued. Once a public entity doxes its cold storage, every subsequent movement of coins becomes visible, allowing adversaries to deduce treasury timing or exploit change-address heuristics. “The current conventional, insecure proof-of-reserves … actually dilutes the security of the issuer, the custodians, the exchanges, and the investors.”
Even assuming an airtight method for proving assets, PoR as currently practiced ignores the creditor side of the balance sheet. “It’s proof of assets that is insecure, and it is not proof of liabilities… So you own $63 billion worth of Bitcoin—do you have a hundred billion dollars of liabilities?” He hammered the point with institutional caricature: “Institutional investors would laugh at me if I said, ‘Here’s a wallet that has $72 billion… Don’t you worry your pretty little head about liabilities.’”
To satisfy the capital-markets audience he courts, Saylor laid out a different standard: “You want an institutional-grade proof of assets and proof of liabilities with them netted out. And the best practice is not to publish the wallet. The best practice… would be to have a Big Four auditor that checks to make sure you actually have the Bitcoin, then checks to make sure the company hasn’t rehypothecated or pledged the Bitcoin… Then you have to wash it through a public company where the CFO signs, then the CEO signs, then the chairman and all the outside directors are civilly and criminally liable for it.”
Why elevate auditor attestation over cryptographic proofs? Because, Saylor said, jail concentrates the mind. “You wonder why people trust US companies? Because of Sarbanes-Oxley, because you go to jail if you lie.” In his view, the threat of prison constitutes a stronger deterrent than any public Merkle tree snapshot.
The corporate cadence he described is familiar to securities lawyers but rarely discussed at Bitcoin meet-ups: quarterly Form 10-Qs, the annual Form 10-K, blackout periods that forbid capital-markets activity until those filings clear. “If a company can’t file a 10-K it means its auditors won’t sign off on its books, which means it maybe isn’t solvent.” By contrast, missing a self-imposed PoR deadline carries no statutory bite.
Where many advocates cite collapsed exchanges as evidence that more on-chain data is required, Saylor flips the lesson. “Don’t do business with shaky offshore exchanges run by juvenile tweakers. And if you’re a crypto person, hold your own crypto.” PoR, in his telling, is a distraction from basic counterparty discipline.
The principle applies equally to corporate treasuries, he continued. Strategy’s own Bitcoin, today distributed across multiple regulated custodians, is inaccessible except through documented, multi-signatory workflows. “It’s okay at a small level, but really [PoR] isn’t God’s gift. And I think people give too much credence to it on X.”
At press time, BTC traded at $108,656.
