At the beginning of the year, QuadrigaCX, which is one of Canada’s largest cryptocurrency exchanges, announced the death of its Founder and CEO, Gerald Cotton, 30 years old. At the time, the company announced that Cotten had passed away a month earlier, while he was on his honeymoon in India.
What Really Happened?
Unfortunately, the death of Cotten revealed a major flaw in the company’s infrastructure. What came as a surprising revelation was that Cotten was the only one who had the password to its users’ cryptocurrency funds, which were being held at the exchange. The value of these funds was estimated at over $190 million. To top it off, there were many allegations that Cotten had faked his death in order to take the money for himself. This week, lawyers representing some of company’s client, presented the Canadian law enforcement with a letter requesting them to exhume Cotten’s body and to perform an autopsy.
The recent request by the lawyers has now opened a whole new can of worms. The major questions being asked are why was the CEO the only person who knew the password and could access more than $190 million worth of the clients’ digital assets? In addition, did Cotton fake his death in the hope of simply getting away with all of the money?
So, to answer the question as to how did Cotten manage to be in complete control of the accounts; the answer is that QuadrigaCX used ‘cold wallets’ as opposed to hot wallets. That is, the company used hardware that enables a crypto exchange to store the cryptocurrencies offline. In this way, the funds are less vulnerable to attacks from hackers. Hot wallets, on the other hand, are stored online.
Storing Cryptocurrencies Safely
As Emin Gün Sirer, a computer science professor at Cornell University, explained, most exchanges will store a small amount of cryptos in hot wallets to maintain the day-to-day operations of a company, while the bulk of the digital assets are then stored offline.
For companies to be able to retrieve any funds that are maintained in the cold wallet storage, they have to use cryptographic keys. This is simply a string of codes. According to people who knew Cotten, the CEO maintained these keys on his personal MacBook Pro. No one else had access to these keys. To top it off, Cotton’s widow stated that it is not possible to log into the encrypted laptop since no one knows the password.
But not everyone is convinced.
Preston Byrne, a lawyer at the cryptocurrency-focused firm Byrne & Storm P.C., stated that the whole set up makes no sense and it does not sound believable that a million-dollar company is all being run from one laptop. To put this into perspective, if Cotten used the laptop for his daily work, the information stored on this device could have been hacked. In addition, the laptop could have been stolen at any time.
The best way to securely store cryptocurrencies at an exchange is to split it across many different individuals. In most cases, key shares are given to the r three senior people in the company. Any combination of 2 keys will then unlock the funds. Sirer explained that by splitting the keys, you would then also require two people to steal the funds, plus you have the ability to access the funds if one party is not present. Only time will tell what the real story about Cotten is and if he got away with the millions.