Crypto crunch How to lose $150m to a dead man
Millions entombed after exec dies with ‘cold’ passwords
● Wild price fluctuations, hackers, scams — add one more item to the list of risks for cryptocurrency investors: the possibility that a coin exchange executive unexpectedly dies, leaving the digital vault locked.
A Canadian court appointed Ernst & Young as monitor for the cryptocurrency exchange QuadrigaCX on Tuesday, after the company sought protection from creditors following the death of its CEO.
Gerald Cotten died in India late last year, at the age of 30, taking with him clients’ access to almost $150m (about R2bn) in digital assets.
According to statements from his wife, first reported by Bloomberg, Cotten took sole responsibility for the handling of exchange assets. Passwords were stored in an encrypted laptop to which he alone had access.
This has left customers of the Vancouverbased exchange unable to reach $150m in bitcoin, litecoin and other cryptocurrencies.
The personal keys that gave them access to their coins were stored in “cold wallets”, encrypted hardware that is not connected to the internet. Only Cotten, it seems, could deencrypt the cold wallets.
In addition to the digital currency, the company also owes $50m in cash to its users, according to documents filed with the Nova Scotia supreme court by E&Y. Some 92,000 people had assets with the exchange, and one individual had as much as $50m.
In a statement posted on the QuadrigaCX website last week, the company said that it
We are investigating the bizarre and, frankly, unbelievable story
Jesse Powell
CEO of Kraken cryptocurrency exchange
was “attempting to locate and secure our very significant cryptocurrency reserves held in cold wallets, and that are required to satisfy customer cryptocurrency balances on deposit ... Unfortunately, these efforts have not been successful.”
Conspiracy theories are circulating on the internet chat rooms where cryptocurrency enthusiasts congregate. One user on the social media site Reddit claimed that he had identified recent transactions originating in Quadriga cold wallets, proving that the users’ keys had not in fact been lost.
“Given the kinds of people involved in the shadier side of cryptocurrency I wouldn’t make any assumptions or prematurely rule out any theories,” said Kim Nilsson, a Tokyobased software engineer credited with solving crypto’s most notorious heist, that of the Mt Gox bitcoin exchange in 2014.
In a Twitter post, Jesse Powell, CEO of the cryptocurrency exchange Kraken, said: “We have thousands of wallet addresses known to belong to @QuadrigaCoinEx and are investigating the bizarre and, frankly, unbelievable story.”
Mike Belshe, CEO of BitGo, which provides digital asset custodial services, said that while Quadriga had used BitGo software for their “hot wallets” — which are linked to the internet and used for trading — Quadriga managed their own keys and cold wallets.
He said that digital asset exchanges and investors should use third-party custodians and multiple administrators precisely to avoid situations such as Quadriga’s.
“Custodianship is all about eliminating single points of failure” caused by natural disasters, fraud or death, Belshe said. “If you don’t have independent checks and balances between the trader of the asset and the holder you’re always going to have this type of failure.”
Custodians often store the private keys of asset owners on hardware stored in physically secure vaults, according to Gabriel Wang, an analyst at the Aite group, and have redundant processes in case a key individual is unable to provide access.
Matt Johnson, co-founder and head of product at Digital Asset Custody Company, said that while some other exchanges act as their own asset custodian, “the crucial point here is there was no business continuity plan” in the case of the CEO’s death.
“I would hope that an exchange of any size ... would have a robust plan that would allow for key man risk.” — ©The Financial Times