It’s been in the crypto news cycle for months: the owner and CEO of Quadriga exchange dies – taking millions in missing assets with him.
As stories and speculation around the QuadrigaCX scandal mushroom, it’s important to look at the situation objectively.
What are the facts in the QuadrigaCX case, why has it captivated the public, and what potential ramifications does it have on the future of crypto and blockchain key security?
The QuadrigaCX scandal began far before late 2018. Looking over a full timeline of the life and death of QuadrigaCX, it appears the exchange was on shaky footing from its foundation:
There’s a lot to unpack here – but, notably, a great deal of Quadriga’s issues not only stem from unsavory custodial practices, but also from human factors in a real-life zero-trust environment.
The case continues to captivate the public due its plot twists (Patryn’s identity, Cotten’s marriage and sudden death, and the question of lost assets), and the deeper questions it has raised about the security of cryptocurrency exchanges.
Gerald Cotten, the late CEO of QuadrigaCX
From a cybersecurity perspective, a number of technical issues stand out from this case:
The primacy and premiership of cold wallets Public opinion has largely looked at cold wallets as the ultimate in crypto security measures – a fact supported by the spike in searches for the term over the past two years. However, Quadriga exchange illustrates that the use of cold wallets alone is not a guarantee of an institution’s security; what is is what is done with those cryptocurrency wallets and how private keys are used and maintained.
Managing funds in a real-life zero-trust environment Discussions of cryptocurrency security typically assume that malicious actors will come from the outside (e.g. hackers). The Quadriga case raises the question of how funds can be entrusted to an exchange in the event the exchange owners are not trustworthy (or if untrustworthy employees are hired to the exchange), and if any mechanisms are in place to prevent malfeasance in such a scenario.
Backup keys in case of human loss If a cryptocurrency account holder dies, what happens to his/her assets? What measures are available to pass the keys on to a trusted inheriting party?
Co-wallet strategy and rapid disbursement of funds QuadrigaCX officials blamed the slowness of the co-wallet strategy of exchanges for slow transaction times in the disbursement of funds following Cotton’s death; it’s an issue which “Proof of Keys” and other movements have raised before. (For those who are unfamiliar, in the “co-wallet” strategy employed by most exchanges, an exchange’s assets are aggregated on one or several cold wallets completely disconnected from the internet and kept in a secure place, and transfers are made to connected “hot wallets” in order to execute transactions with clients). Is there a better way to automate the process in the event of what is, essentially, a modern-day bank run?
Theoretical questions? Think again. Some exchanges have already reported a decline in public trust in the exchange system since the scandal broke. The case has become a wake-up call for the crypto sector, both on individual and institutional levels.
The QuadrigaCX debacle was apparently mostly caused by human factors – but that does not mean that technical failsafes don’t exist to prevent a similar case from happening in the future. These include:
A quorum system of crypto-asset key management, similar to those employed by large fiat banks. In a quorum system, an arrangement is set up whereby a set number of participants (human or bot) in a predetermined group of participants must approve a transaction. M number of N people (e.g. 3 of 5) must approve the transaction to continue. This can be achieved through a multi-signature setup or – ideally – a multi-party computation (MPC) setup which allows for greater flexibility. From a human-fraud perspective, a quorum alone would prevent rogue actors from accessing funds; for exchanges looking to regain public trust, it would be possible to set up a wallet structure and quorum system which would be almost entirely in the client’s hands (e.g. place restrictions on the amount of employees that can serve as approvers). Automation can be made possible by implementing the above with risk-based policies in place for certain types and thresholds of transactions.
Zero-knowledge backup keys kept in the hands of trustees determined by the client This is more or less self-explanatory, but it is worth noting that with the quorum system above, a backup key quorum can be predetermined amongst the client’s chosen heirs (or the exchange’s top-tier employees and a third-party attorney, for example).
Time will tell whether exchanges will adopt these precautions. But for now, the souring of public opinion on cold wallets has made the discussion a lot more interesting.
Thank you for reading,
Tova Dvorin from the Unbound Tech team