We recently ran across this piece of news (originally published in The Hustle) about the founder of Canada’s largest cryptocurrency exchange effectively locking the company out of $190,000,000 of investors’ funds when he passed away last year…because he was the only person with the account’s password.
The company has since filed for Creditor Protection in accordance with the Companies’ Creditors Arrangement Act (CCAA) in order to allow them the opportunity to resolve outstanding financial issues that have “affected our ability to serve our customers.”
What lesson can we learn from this incident?
First, all the keys should not be in the hands of one person. QuadrigaCX allowed their founder to have exclusive access to accounts without a contingency plan. There were no documents or instructions for retrieving those investments should anything happen to Mr. Cotton.
Second, if you are dealing with sensitive client/customer information (which most businesses do), you need to have top-notch security. You don’t have to be dealing with cryptocurrency–we’ve heard the horror stories of customer lists with credit card information being hacked and stolen, and this is in part due to poor security measures.
Finally, if your company doesn’t trust in your IT department, they will not be able to maintain these proper security measures. Gerald made the mistake of trusting no-one, and his company is literally paying the price.
Here’s the original article:
Investors in QuadrigaCX, Canada’s largest cryptocurrency exchange, have been locked out of their funds since the exchange’s founder, Gerald Cotten, died last year.
The reason: Gerald didn’t trust anyone else with the password.
Now, according to CoinDesk, Cotten’s widow, Jennifer Robertson (who has no clue what the password is), said the exchange owes its customers roughly $190m in cash and crypto that’s tucked securely away in “cold storage.”
Cold storage “vaults” are a type of digital storage used by coiners to keep long-term investments safe from hackers. Cold storage companies are growing, but by the looks of it, they’re going to have to update their fine print with a clause about CEO power complexes.
Cybersecurity firm CipherTrace reports that crypto theft hit $1.7B in 2018 (up more than 400% from the year before), but $950m of that was stolen from exchanges and wallets — AKA “hot storage.”
But after months of transaction delays, QuadrigaCX has filed for creditor protection (a step to avoid bankruptcy) as it works with an expert to bypass encryption — so far, to no avail.
The company reportedly has some 115k clients with assets worth $70m, which Robertson estimates had grown to $250m by December 2018, and now, per the CBC, many people are calling conspiracy.
Despite a death certificate, some are even convinced Cotten’s still alive… living atop a mound of hard drives on an island somewhere (the truthers’ alternative theory is unclear)?
When cryptocurrency blasted into popular culture around 2017, even the fanboys freaked out about security. So naturally, people went “expert level” on their passcodes.
The only problem is, when the time came, no one could friggin remember them — and, like Quadriga, these aren’t the kind of encryption layouts that let you name your childhood best friend to prove you are who you say you are.
Until Quadriga’s encryption ringer cracks the code, its investors are up crypto creek without a paddle… or a password.
If this sounds like a nightmare to you, you’re right. It is extremely difficult for a company of any size to bounce back from such a large debacle. So if you want to ensure the security and legacy of your business, trust and understanding within your IT department is absolutely vital.
If you’d like to learn more about how IT Mindshare can help your business, contact us via phone at 304-658-7600 or online at https://www.itmindshare.com/consultation/.