The Crisis at QuadrigaCX: Components of Controlling Your Own Keys
One of the many promises of decentralized currencies is a shift in control from third party institutions to users: anyone can hold, manage and transact with Bitcoin.
But as third party institutions continue to be a necessity in driving mass adoption, certain cases continue to exemplify the perils of third party trust.
If you haven’t heard, Canadian cryptocurrency exchange QuadrigaCX has recently been the subject of a number of controversies involving “lost” cryptocurrency, to the tune of nearly $200 million. Due to a number of exceptional circumstances, the team has been completely unable to access a majority of the lost funds, while simultaneously managing to lose more to payment processors, and even recently sending out another $500,000 to cold wallets “accidentally.”
If these problems weren’t enough, the company’s CEO, Gerald Cotten, recently passed away while visiting India, which would be a major crisis on its own, if it weren’t for the fact that he was the sole person with access to a number of the wallets involved in the case.
Multiple conspiracy theories surround the crisis at QuadrigaCX, including claims that Cotten faked his own death, or that rogue employees siphoned away the money, but a few core truths remain clear.
Non-custodial control and multi-signature wallets are of utmost importance when dealing with cryptocurrency.
When anything can happen at anytime, and every transaction is irreversible, you need to take steps to hold, control and manage your funds, even if you can’t get rid of third parties entirely.
Hold Your Keys
One of the major benefits of cryptocurrency is the ability to transact in a trustless system.
Multiple parties are sending, receiving and mining, all with their own interests in mind. But since all parties are governed by a set protocol, the trust is in the algorithm, rather than an institution. Because of that, a user can handle their own funds through private keys, and verify that those funds exist at any given minute through the blockchain.
Every transaction is irreversible and immutable, which means it’s extremely important to keep an eye on your funds. If you store them with someone else, such as an exchange, you’ve already forfeited the greatest security measure of all: holding your own keys.
And just as customers who stored coins on QuadrigaCX are now left without recourse, so too is QuadrigaCX itself.
Because the company operated as an exchange, it needed to cooperate with payment processors. However, as QuadrigaCX got into trouble with banks like CIBC, the payment processors began to clamp down on funds: they controlled the access, so they controlled the money.
What began as a lawsuit to freeze the assets held by one payment processor has led to roughly $40 million locked up with five different payment processors, including over $10 million CAD held by WB21, which itself is currently facing a lawsuit by the US Securities and Exchange Commission.
QuadrigaCX’s model required third party trust, and leaving their funds in the hands of third party payment processors would lead to their eventual downfall.
On a network of irreversible transactions, you just can’t trust your keys with someone else.
Manage Your Keys
To make matters worse, QuadrigaCX maintains that their CEO had sole control or knowledge over their cold storage system. This was due to his restructuring of the company’s operations in early 2016, when he allegedly threw caution to the wind and dispensed with regulations entirely.
With his apparent death, the wallets in cold storage and the funds within them are effectively lost to the world, as all efforts to access the funds, or Cotten’s heavily encrypted laptop, have lead to failure.
QuadrigaCX left one person in charge of all their cryptocurrency, which meant that if something were to happen, it would all be lost.
Anything can happen at any time, and that is especially important to the world of cryptocurrency.
Payment processors can fail. Company leaders and keyholders can disappear. Employees can be someone other than who they say. It’s stories like these, where millions of dollars are at stake, that continue to contribute to the “Wild West” narrative that surrounds cryptocurrency.
By being careful about who you choose to invest your money with (or by simply handling your investment yourself), you can actively improve the perception of cryptocurrency — while enjoying security and peace of mind.
The ultimate lesson in the QuadrigaCX crisis concerns key management. It’s a guiding principle for us as we build Fortris, and we hope newer members of the community adopt a more cautious approach after controversies such as this.
“Not your keys, not your crypto,” says Fortris CEO Shane Lourensse. “There’s nothing else to say — you have to control your keys.”
Distribute Your Keys
When dealing with large amounts of money, it makes sense to divide access between trusted people, rather than leave it all up to one.
Through multi-signature wallets, you can opt for 2/3 or 3/5 authorizations for a cold-storage solution holding millions of dollars — a safer option than handing the keys to just one person, considering how much is riding on their ability to dodge everything their life may throw at them.
As we engineer custodial and non-custodial solutions for our clients, we follow a strong belief in the power of multi-signature and its ability to bring security and stability to organizations.
Because of the high-risks of a cryptocurrency such as Bitcoin, it’s imperative to work with companies that give you as much control as they can.
You need to hold your own keys, so that if anything happens, inside or outside of a company’s control, you can still access your money.
We believe that operating with this singular principle in mind is the only way to deal in cryptocurrency.
