On 15 January 2019, Canada’s largest cryptocurrency exchange, QuadrigaCX, announced the sudden passing of the company’s co-founder and CEO, Gerald Cotten. While this should have been a time of mourning for the company and Cotten’s family, the situation turned into one of anger and confusion as users were informed that Cotten had taken $190 million worth of their cryptocurrency to the grave. 
Cotton purportedly died from complications to do with Crohn’s disease at the age of 30, while travelling in India last December. With him, Cotten took the encryption keys and passwords to the company’s wallets, containing up to $190 million in customer funds. Jennifer Robertson, Cotten’s widow, stated in court filings that the money is now “unavailable and some of it may be lost”. Robertson claimed that “the laptop computer from which Gerry [Cotten] carried out the Companies’ business is encrypted, and I do not know the password or recovery key…despite repeated and diligent searches, I have not been able to find them written down anywhere”. She had even hired an expert, who failed to break through the encryption.
What is Cryptocurrency?
In short, cryptocurrency is a form of digital currency that utilises encryption techniques to control the creation and security of its transactions, which are independent from a central bank. This encryption makes it extremely difficult to create counterfeit money or have accounts hacked.
QuadrigaCX allowed the company’s 363,000 users to deposit funds into their accounts and then trade various cryptocurrencies – mostly Bitcoin – with other users. The funds are divided into secure hot wallets and cold wallets, the latter of which is an offline storage area used to protect the coins from hackers. The business revolved around Cotten; with no office space and just his laptop to work with, Cotten was solely responsible for the transfer of coins between the wallets.
Even after the scandal had surfaced, the company’s court-appointed monitor said that QuadrigaCX had accidentally moved another 100 bitcoins into a cold storage wallet that they obviously couldn’t access, losing another $500,000 by mistake.
Spotlight on the Bigger Issue
This story has left many wondering how exactly something like this could happen. But this scenario is not as bizarre as we’d like to think – rather, it’s a systemic issue. As technology journalist Ramona Pringle explains, “more and more, passwords, online accounts and other forms of digital property – including licenses, cryptocurrency, and even domain names – are falling into limbo because individuals don’t manage such with the same diligence as they do with their real world property”.
A 2017 report from the University of Melbourne found that “the creation of digital accounts, ownership of digital products, and use of digital services are now common and ordinary, yet they raise significant implications for the constitution of our personal property, its archiving, and its inheritance”.
Individuals and companies alike need to realise the proportions of this issue. A good solution is the creation of a digital will, which gives explicit instructions to an appointed person on how to manage your digital presence and assets upon your death, including passwords. Informal and formal wills such as these could avoid the messiness and costs associated with managing a deceased person’s digital presence.
Many have noted that there were various things QuadrigaCX should have and could have done to avoid this issue. The most common solution would be a multi-signature system, which the company had claimed to be using. A multi-signature system allows various people to hold private keys to a wallet which can be accessed once all, or the majority of, the keys are combined. Had QuadrigaCX actually implemented a proper multi-signature system, which it appears they did not, the user funds would have remained safe yet accessible.
Scepticism
With any big scandal comes the equally big conspiracy theories and sceptics. CEO of Kraken, a major cryptocurrency exchange, Jesse Powell stated that the company was “investigating the bizarre and, frankly, unbelievable store of the founder’s death and lost keys”. Peter Todd, a Bitcoin expert and cryptography consultant, brought up the possibility of an exit scam, claiming that “the people trying to pull off a QuadrigaCX exit scam could actually be the family and other employees, by hiding the fact that the cold wallet keys are known”.
Taylor Monahan, CEO of the MyCrypto project, suggested that it is “beyond absurd” for a person who singularly controls millions of customers assets to not have any sort of backup, to not give anyone else access, and to not leave any information or instructions regarding those accounts. Indeed, expert Michael Gokturk similarly pointed out that having this kind of control is “the equivalent of walking around with millions of dollars in cash on you at all times”, which could easily have led to kidnapping or extortion.
Other sleuths have been quick to point out that Cotten filed a Will just 12 days before his death, naming his wife as executor and covering inheritance of his car, yacht, airplane and two chihuahuas. What the CEO failed to do was consider the $190 million worth of cryptocurrency that was essentially locked inside his head.
Monahan and others have also failed to find any resemblance of ‘cold’ storage in QuadrigaCX’s wallet addresses, suggesting that there is actually no offline storage reserves for the company. This oddity is confounded by the claims from a Reddit user who allegedly found proof that several of the company’s supposedly “locked” wallets are actually moving and initiating outgoing transactions since the death of the CEO.
While these theories and concerns are interesting, they cannot be given any weight until a full and proper investigation has been conducted. The Canadian Securities Regulator has initiated an investigation, which will hopefully produce some much-needed answers for the hundreds of thousands of users that have been left in the dark.
Follow our LinkedIn page for all the latest security updates, and Contact Us to see how we can assist your business.
Author: Elsa Chapple, Agilient Consultant