Is your PASS­WORD ul­tra se­cure – that’s a new risk

Banking Frontiers - - Editor’s Blog -

When Ger­ald Cot­ten, 30, the CEO of Cana­dian crypto ex­change Quadri­gaCX, died in a hos­pi­tal in Jaipur rather sud­denly and al­most mys­te­ri­ously, he also took to his grave the pass­word with which he op­er­ated the ex­change. And with that van­ished nearly $190 mil­lion in cryp­tocur­rency, span­ning Bit­coin, Lite­coin, Ethereum and other dig­i­tal cur­ren­cies, which his in­vestors trusted would be safe in his vault. A ma­jor por­tion of this for­tune was owned by some 100,000 users across Canada, most of them sur­pris­ingly not cryp­tocur­rency mil­lion­aires, but com­mon peo­ple, ea­ger to se­cure a bet­ter re­turn for their money in­vested.

The best of se­cu­rity ex­perts have failed to re­trieve Cot­ten’s pass­word, that was the only pass­word to the ‘cold stor­age’ to ac­cess the cryp­tocur­ren­cies. Quadri­gaCX has now filed for cred­i­tor pro­tec­tion. There are whis­pers of mis­ap­pro­pri­a­tion and the com­pany fac­ing cash­flow problems. The fact that Cot­ten, who was suf­fer­ing from Crohn’s dis­ease, had made a will just be­fore his death be­stow­ing ev­ery­thing to his wife, is also a talk­ing point. The gross value of his per­sonal prop­erty was about $9.6 mil­lion.

Cot­ten is said to have been run­ning his com­pany from his en­crypted lap­top to which he only had the ac­cess. He used to move the ma­jor­ity of the coins to the ‘cold stor­age’ to pro­tect them against vir­tual thefts or hack­ing. He had not shared the pass­word with any­one or kept any re­cov­ery key.

The mat­ter hav­ing reached a Cana­dian court of law, it is now pos­si­ble that the gov­ern­ment would step in. It may find a way to com­pen­sate the in­vestors. In some im­me­di­ate fu­ture, se­cu­rity ex­perts may also evolve a method to re­trieve lost pass­words. There would also be calls to bring cryp­tocur­ren­cies un­der reg­u­la­tory con­trol.

Quadriga CX’s case is an ex­tra­or­di­nary in­stance, where en­cryp­tion, which is sup­posed to be a safe­guard, is act­ing against the in­ter­ests of the users. It also points out to some of the fal­la­cies in the realm of tech­nol­ogy - one is that a strong pass­word is a must to elim­i­nate hack­ing, to pre­vent frauds and to en­sure se­cu­rity. This is also in line with our cover story that ex­plores risk man­age­ment in the dig­i­tal ecosys­tem.

This fail­ure is sure to give risk man­agers new fodder to think about. Do some of the lessons of risk man­age­ment need to be un­learnt? Is 100% trust in tech­nol­ogy a risk? What new in­vis­i­ble risks are we rac­ing to­wards as we ride the dig­i­tal wave?

Manoj Agrawal

Mo­bile : 98673 66111 Email : [email protected]­ingfron­

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.