Founders Demise Reveals Crypto Exchange Security Flaw

Home/Founders Demise Reveals Crypto Exchange Security Flaw

Founders Demise Reveals Crypto Exchange Security Flaw

Canadian, Gerald Cotton aged 30 died on 9th December 2018 as the result of complications arising from Crohn’s disease. The death was unexpected and a tragedy for the family.

However, it also was, and currently still is, a tragedy for many thousands of investors. For Gerald Cotton was the founder and Principal Officer of Canada’s largest cryptocurrency exchange QuadrigaCX  –  which has filed for creditor protection as It has not been able to locate or secure its cryptocurrency reserves since Mr Cotton’s death.

In court documents filed with the Nova Scotia Supreme Court on 31 January, his widow Jennifer Robertson, says the laptop on which Cotten carried out the companies’ business is “encrypted and I do not know the password or recovery key………Despite repeated and diligent searches, I have not been able to find them written down anywhere.”

It is estimated that around 115,000 Quadriga users hold balances in their personal accounts in the form of cash obligations and cryptocurrency and the company estimates it owes about C$250m ($190m; £145m) – including C$70m in hard currency which is currently kept in a ‘cold wallet’ located offline, designed to protect against hacking or theft.

Those who have held such balances now have to wait and see if they can actually be recovered.

The reason we report this, in addition to it being an interesting story is twofold.

  1. Cryptocurrencies and the technology which underpin them are unquestionably a most innovative development in the modern world and may indeed be the direction in which future national currencies may be created. However, they are not infallible. They are prone to hacking and manipulation and fraud, and no-one should ever forget this. Now when an exchange which protects against this in the way that QuadrigaCX has, it then performs the most basic of errors – it does not share access to the passwords necessary to access the funds in the event of the demise or departure or incapacity of the ‘key holder’.

Which leads us on to point

  1. When one operates in a non-regulatory industry, all forms of corrupt or negligent activity often goes unnoticed, unchecked or ignored – until a victim brings it to the attention of the Authorities. However, in a Regulated Industry, there are checks and balances often in place to prevent the former from happening.

Now we are not saying that regulated activities or industries get it right all of the time, or that there isn’t negligence or fraud involved. What we are saying is that in a Regulated environment, particularly within financial services it is more likely to be discovered earlier and often much of the negligence is overcome via tried and tested procedures and systems.  Also, often, customer deposit protection schemes are in place which offer compensation.

As some of us are former bankers who worked both in charge of a branch and also at the Group Head Office, we could see how such systems not only worked in the main part but also protected the consumer to a large degree. Now we appreciate some listeners will be shouting out but there is still corruption in banks – Libor Rigging, Mis-selling, market manipulation – and yes that is true. But just think for one moment how bad it could be if such regulations were not in place.

At its most simple level, as a Branch manager, one would hold the key to the branch. In addition, so would the Assistant Manager plus one other senior staff member (with a spare also held at the Areas head office). Two keys were required to open the branch thereby requiring 2 staff members to be present.

There were also 2 keys necessary to access the strong-room – one held by the Branch Manager or Assistant plus one held by the chief cashier– who did not have a key to the branch – and again 1 spare held at the area office).

So in order to ‘rob the safe’ as it were, out of hours, 3 people had to be involved unless some form of explosive was used, and guess whose work was the most closely examined when the annual ‘bank inspection’ was carried out – yes the manager, the deputy manager and the Chief cashier.

Now these systems were regulated within the organisation as it had to be shown to the authorities that sufficient security measures were in place to protect staff, customers and the cash.

Now this is just a simple example to make a point. So, when you consider investing or depositing your monies into any vehicle, regardless of what it is, our recommendation is to make sure its regulated, and also has appropriate systems of protection and access should something go wrong and we haven’t even covered the issue of depositor monies protection which such a regulated environment also commits to providing.

Just imagine, this guy was the sole owner of the passwords to Canada’s largest cryptocurrency exchange – who would have believed it – so beware, take nothing for granted and do your own due diligence.

By |February 5th, 2019|

Leave A Comment