The Sad Story of QuadrigaCX: What it Means for Crypto | Hacked: Hacking Finance

clicks | 6 months ago | comments: discuss | tags: cryptocurrency bitcoin

Article preview (bot search)

(Original link:

Nic Puckrin
It has been all over the news recently and has shocked both crypto evangelists and newbies alike.
It is the seemingly unlikely story that a cryptocurrency exchange can lose access to C$190m ($143m) of its customer’s money .
How did we get here? Who is to blame? And what does this mean for the cryptocurrency industry going forward?
I will attempt to answer all of this in the post below. What is QuadrigaCX?
For those people who have still not heard of QuadrigaCX, they were a large Canadian cryptocurrency exchange that was based in Vancouver. Prior to their collapse, they were one of the largest.
Although the exchange was not one of the most efficient or technologically advanced, it was trusted by over 100,000 Canadian crypto users as their fiat gateway of choice. They handled an impressive amount of volume for such a basic exchange.
The exchange did run into some trouble and there were a few warning signs that the operation was not being run with business best practices in mind.
Indeed, they even had C$25m frozen in their CIBC bank account in the middle of 2018. The CIBC was concerned that they were unable to identify whether the funds did, in fact, belong to Quadriga. While these funds were eventually unfrozen, the exchange faced a backlog of withdrawal requests.
These problems came to a head towards the end of the year as customers started complaining about not only Fiat withdrawal requests taking forever but also crypto withdrawals being held up.
There was something going on and that Crypto canary in the coal mine was long dead. So What Happened?
The founder and CEO of QuadrigaCX was an individual by the name of Gerald Cotten. He was quite well known in the Canadian cryptocurrency scene and started QuadrigaCX back in 2013.
Gerald was quoted several times in the press as saying that the firm employed cold storage when it came to managing their vast supplies of cryptocurrency. For those who do not know, cold storage is keeping the coins in an offline and secure state such that it is out of the reach of hackers. Gerald Cotten, QuadrigaCX CEO. Image Source
When most people heard this explanation of “Cold storage” they assumed that QuadrigaCX employed a multi-signature wallet scheme with at least a 2 of 3 key authentication. This would mean that Gerald held one of the keys and two other people at Quadriga held the remaining.
This would have the benefit that even if one of those keys was lost, the other two keys could be used to unlock the funds. It is a pretty standard operating procedure at any cryptocurrency business.
There is only one real problem with this…
Gerald Cotten ran a single key authentication scheme and he was the sole holder of this key. He was also the only person who knew the password or seed words to access these wallets.
Gerald also decided to take a trip to India in December of last year while long suffering with the Crohn’s disease. While on the trip, Gerald fell ill and was admitted to hospital. Unfortunately, he passed away from complications to the disease without anyone knowing how to access the cold wallets.
He, quite literally, took the money to his grave . What Followed
As one could expect, the news was shocking to most.
At first it hit the cryptocurrency news outlets that the company had filed for creditor protection and had gone offline. Then news got out that the CEO had died with the private keys. The reaction from some industry veterans like the Binance exchange CEO is quite telling. That's sad. There are many solutions to split private keys or signing to achieve 3/5, 5/7 etc. Never neglect security.
Also, never have CEO carry private keys. Bad on many levels.
Personally, in good health and intent to live longer and prosper. Thx for asking. Stay #safu .
— CZ Binance (@cz_binance) February 2, 2019
How could an exchange of this size operate such an amateurish wallet management protocol? How can a CEO with over $130m in easy-to-steal cryptocurrency travel to India holding the primary key?
Indeed, there were a number of theories around whether he actually did die and whether Quadriga was facing issues prior to his death. There were also questions around the other founders at Quadriga and what part they played.
I won’t go into all of these theories for the moment, but there is one thing that is clear from this debacle: It has harmed crypto adoption.
The coverage exploded onto all of the major news outlets. Across the globe people were alerted to the fact that an unregulated cryptocurrency exchange does not really have government mandated cold storage protocols.
For those who were thinking of investing in cryptocurrency, they will most likely think twice. For those that were convinced that cryptocurrency was a “scam” now have further fodder to play with.
Not your keys, not your crypto?
While most crypto users know the dangers of leaving funds on the exchange, there were many who thought that QuadrigaCX could be trusted. There were some who merely lo...