Best Laid Plans: Security and Cryptocurrency

Best Laid Plans: Security and Cryptocurrency

cryptocurrency illustrated

Even though it’s comparatively old news I still remain utterly fascinated by cryptocurrency. Thinking about the concept and its mechanics never fails to be a mind-expanding exercise. But recent events have shown that, no matter how pie-in-the-sky the new economy and its currency gets, it can still be brought down by something quotidian: security.
In this case, too much of it. Quadriga, a cryptocurrency trading platform based in Vancouver, collapsed in late January, due to the company’s inability to access its investors’ funds. To summarize how that works, very loosely: In order to reduce the prospective damage from being hacked or otherwise compromised, cryptocurrency exchanges frequently keep the majority of their investors’ funds in “cold storage” — a heavily protected, offline, virtual holding pen. When trades are scheduled, the funds are moved into a “hot” (i.e. internet-connected) “wallet”; once the trade is complete, the new total is moved back into cold storage. 
As part of Quadriga’s security measures, only one employee knew the password to unlock cold storage: founder Gerald Cotten. This worked well enough for the company until the 30-year-old director died unexpectedly while on holiday in India on Dec. 9. Quadriga held back the news for a month while they tried to extract $190 million CAD of its increasingly impatient investors’ money from the clutches of their own security measures. Cotten’s widow ransacked his devices for anything that might look like a password. An RCMP I.T. specialist was put on the case. And then, it gets complicated.
“A report released late Friday by court-appointed monitor Ernst and Young […] indicated six so-called cold wallets used to store digital assets offline have been found, but all of them are empty. […]
The monitor also found 14 user accounts on the QuadrigaCX platform that were “created outside the normal process,” using a number of aliases.

More important, the accounts were created internally “without a corresponding customer and used to trade on the Quadriga platform,” the monitor reported. […]

Transaction data indicates there was a significant volume of activity associated with these accounts, including withdrawals of cryptocurrency to wallet addresses not associated with Quadriga, the report says.

The monitor said it remains unclear how the accounts were used and whether the recipients of the withdrawals can be identified.”
Nova Scotia (the case’s jurisdiction) has gotten the Supreme Court involved, and between that body and Ernst & Young, have managed to trace and extract around $30 million so far from a handful of other exchanges that have been found to be holding transactions on behalf of Quadriga. But an untold amount of investors’ money may just be gone.
It’s hard to tell how much of this is actually hinky, versus the standard murkiness of trying to deal with crypto. As time passes, things do seem to be getting clearer: I’m glad the unpleasant rumour that Cotten faked his death to escape creditors has now been disproven. The unprecedented nature of not only the company itself but its current troubles means that it’ll likely be slow, careful going for a while. A lesson we regular-type investors can draw from this? A (block) chain is as strong as its weakest link. If that link is impenetrable… the blockchain is out of luck.