No hackers involved. The crpyto exchange CEO took the key to the grave.

Another story with a message or lesson to learn. Katia Moskvitch wrote an article on wired.co.uk 2 days ago about the Canadian crypto exchange QuadrigaCX. The exchange’s CEO died last December and he took the master password of the exchange to his grave. It means that 115,000 clients are unable to unlock their crypto assets.

The total value of the crypto at stake is CAN$250 million ($187m). QuadrigaCX was Canada’s largest crypto exchange. The complete control of the exchange was in the hands of one person, Gerald Cotten. He passed away at the age of 30.

As Katia Moskvitch writes: „Cotten was careful, perhaps too careful. The result? Millions of dollars is locked in a box for which nobody has the key. According to Robertson’s affidavit, most of the users’ cryptocurrency was in a so-called cold wallet, an offline storage that allows owners to store their digital money in a way that reduces the risk of hacking and theft. To access it you need a key – but with Cotten’s death, that has disappeared. There are plenty of private keys for the individual accounts inside the cold wallet, and they can be restored even if you lose them, but without the Cotten’s master key, account holders are left out in the cold, just like their crypto savings.”

The problem with a one-person-controlled cold storage in the case of a crypto exchange is that, compared to a physical vault which can be opened using force, Cotten’s laptop that stores Quadriga exchange funds has encrypted access, so without the master key there’s nothing you can do to access the data.

Moskvitch adds: „It’s an unusual arrangement. Most crypto exchanges storing cryptocurrencies offline spread the assets across several cold wallets, and ensure that they are multi-signature, where it takes more than one user to access the funds.”

Some experts believe that there is a way to retrieve the Quadriga crypto that is stored on the late CEO’s laptop, but the only way for a security analyst to figure out the access code is to go over all Cotten’s accessible data. And even that does not guarantee any results.

What’s the lesson here? What can one do in a situation like this? If you are on the victim side of the story, there’s nothing you can do. Still there is a lesson here. Although you can’t do anything in such a situation but you can make sure in advance that you prevent getting into such a trap. Dickie Armour, partner at ICO consultancy Corre Innovation, suggests that, in order to stay in control of your assets, you should keep in in your own hardware wallet in cold storage. No middlemen involved. That’s what one of the pillars of this new decentralised world is.

Source: https://www.wired.co.uk/article/quadrigacx-cryptocurrency-exchange-canada

Zsolt Balló