Michael Saylor, executive chairman of Strategy, has stirred up the Bitcoin community with his recent comments on proof-of-reserves, calling it a “bad idea” that puts institutional security at risk.
Speaking at a side event at the Bitcoin 2025 conference in Las Vegas, Saylor expressed strong concerns about the security implications of on-chain proof of reserves (PoR), a method used by many bitcoin companies to show they actually hold the assets they claim.
“The conventional way of issuing proof of reserves today is actually insecure,” Saylor said.
“It actually dilutes the security of the issuer, the custodians, the exchanges and the investors. It’s not a good idea, it’s a bad idea.”
Proof-of-reserves is a process where companies with bitcoin reserves share public wallet addresses or use cryptographic methods to prove how much bitcoin they hold.
This practice gained popularity after the collapse of major exchanges like FTX and Mt. Gox to build trust through transparency.
Many big players in the digital asset space, including Binance, Kraken, OKX and asset manager Bitwise, have adopted PoR to reassure users and stakeholders.
Related: Bitwise Announces On-Chain Address, Donations Go to Shareholders
Saylor’s objections boil down to two main points.
First, he believes publishing wallet addresses creates serious security risks. By exposing institutional wallet structures, companies may open themselves up to attacks from hackers, hostile governments or malicious actors.
“[It’s like] publishing the address and the bank accounts of all your kids and the phone numbers of all your kids and then thinking somehow that makes your family better,” Saylor said.
“(It becomes) an attack vector for hackers, nation-state actors, every type of troll imaginable.”
He even asked the audience to try a thought experiment:
“Go to AI, put it in deep think mode and then ask it ‘what are the security problems of publishing your wallet addresses?’ and ‘how might it undermine the security of your company over time’ … It will write you a book. It will be fifty pages of security problems.”
Second, Saylor pointed out that proof of reserves only shows what a company owns, not what it owes. In his view, that’s incomplete.
“It’s proof of assets that is insecure, and it is not proof of liabilities… So you own $63 billion worth of bitcoin—do you have a hundred billion dollars of liabilities?” he asked rhetorically.
For large institutions and investors, this view of financial health is not enough.
Instead of publishing wallet addresses, Saylor thinks the better approach is to use institutional-grade audits by trusted firms.
“The best practice… would be to have a Big Four auditor that checks to make sure you actually have the bitcoin, then checks to make sure the company hasn’t rehypothecated or pledged the bitcoin,” he said.
“Then you have to wash it through a public company where the CFO signs, then the CEO signs, then the chairman and all the outside directors are civilly and criminally liable for it.”
He believes the legal consequences of corporate auditing — including prison time for fraud under the Sarbanes-Oxley Act — are stronger than cryptographic proof alone.
He did admit that a more secure, future version of PoR might be possible if it involved zero-knowledge proofs that protect wallet privacy while still confirming ownership.
Not everyone agrees with Saylor’s opinion. While some praised his focus on security, others accused Saylor of hiding something.
Speculations resurfaced about whether Strategy truly holds all the bitcoin it claims, or if it’s involved in so-called “paper bitcoin” — claims to BTC without physical backing.
Others pointed out that exchanges like Kraken and asset managers like Bitwise have implemented PoR systems without major breaches.
