Cold wallets, an offline piece of hardware designed to protect large amounts of cryptocurrency from being hacked, are considered best-practice among exchanges.
But the death of Gerald Cotten, CEO of Canadian cryptocurrency exchange QuadrigaCX, cast a spotlight on the efficacy of cold wallet storage after he took the master key password to the grave.
Around $137m in cryptocurrency remains inaccessible to QuadrigaCX customers and a series of suspicious – albeit circumstantial – events leading up to Cotten’s death in December last year caused many to speculate that his death was faked.
In the latest twist EY, the auditors assigned to the case, said that the money appears to have been emptied eight months before Cotten’s supposed death, further stoking internet conspiracy theories.
But as investigators pick through the bones of QuadrigaCX in pursuit of the missing money, the event has brought to light the pitfalls of cold wallet storage.
Verdict spoke with three cryptocurrency experts to find out how damaging the incident is for cryptocurrencies, and what the crypto world can learn from the incident about cold wallet management.
Reputational damage to cold wallets
To those outside of the crypto world looking in, negative events such as crypto-heists and volatile prices can make cryptocurrencies seem a risky investment. As cryptocurrency adoption has increased, many have called for an end to the ‘wild west’ days of cryptocurrencies.
February’s headlines around Cotten’s death no doubt added fuel to the flames of doubt.
But Andy Bryant, COO of Tokyo-based crypto exchange bitFlyer says that the QuadrigaCX cold wallet lockout case is “absolutely a matter of poor controls and not the cold wallet”.
He likens blaming the incident on cold wallets to “blaming the brick wall for killing a reckless driver in a head-on collision”, adding that proper cold wallet management could have “easily” prevented the situation.
It is a view shared by Ben Schmidt, CSO at blockchain-based bug bounty platform PolySwarm.
“A proper cold wallet implementation for an exchange involves multiple redundancies, and does not give anyone person full control of the funds,” he tells Verdict.
The State of Technology This Week
“More reputable exchanges, like Coinbase, take this very seriously and have a number of safeguards in place to prevent this exact scenario.”
Piers Ridyard, CEO of Radix DLT, a distributed ledger technology startup, adds that while the QuadrigaCX incident is not damaging for trust in cold wallets, “it could be damaging for trust in cryptocurrencies as a store of value, because unlike gold or something physical, you can’t forget a password to gold”.
“[It] shows how secure these systems that store the assets are, but it also shows that poor procedure when using this type of storage can permanently lose massive amounts of value,” he adds.
But what can the crypto world learn to prevent another costly cold wallet lockout?
Greater regulation to prevent a cold wallet lockout
When the mysterious Satoshi Nakamoto launched the white paper outlining bitcoin’s implementation in 2008, the underlying ethos was to be free from the banks that had just recently sent the world spiralling into recession.
Crypto-purists feel that allowing financial authorities greater regulatory oversight over cryptocurrencies goes against this ethos.
But could more regulation prevent another cold wallet lockout?
“Any exchange that holds licenses from a reputable financial authority is held to the highest standards of asset security standards, and this includes proper internal controls for recoverability and backup,” says bitFlyer’s Bryant.
Regulatory compliance is built into bitFlyer’s model, with the exchange granted a Payment Institution licence to operate in the European Union in January 2018.
Bryant suggests that users only put their trust in exchanges that are licensed by reputable financial authorities – pointing out that QuadrigaCX was not licensed.
PolySwarm’s Schmidt says that regulations “certainly help”, noting that exchanges are increasingly seeking regulatory validation.
He adds that insurance for balances on cryptocurrency exchanges could also give users more confidence by introducing a third party with a “strong financial incentive to ensure security”.
However, Ridyard says that it is too early to regulate.
“Typically, regulators are not technology savvy,” he says. “Nor does security best-practice stay still. What is the right procedure now may prove to be the wrong procedure later and getting lawmakers to fundamentally understand how good computer security is implemented I think is a stretch.”
Procedures and backups
The root cause of the QuadrigaCX cold wallet lockout was bad procedural practice. Giving one person sole access to a cold wallet, without any failsafes, is clearly fraught with problems.
“Exchanges would be wise to ensure they have multiple redundant backups, as well as prevent any one person from having full control of the stored funds,” says Schmidt.
Another way of preventing a repeat of QuadrigaCX’s lockout is to back the seed of a cold wallet – a randomly generated phrase that can be used to recover a Bitcoin wallet – in multiple secure locations.
“In the event of a death or destruction of the wallet, the contents of the wallet can be reconstructed from the seed,” says Radix’s Ridyard.
He also suggests Shamir Secrets, a cryptographic sharing scheme that splits parts of a piece of information, such as a password, between multiple people. The different parts of the puzzle are useless on their own and different people have different levels of control, meaning a CEO could have full access alone while a CFO would require multiple people from the board to provide their part of the puzzle.
Multi-signature wallets can also prevent one person from being solely in control of funds. But they are not without their flaws, says Ridyard: in 2017 a bug in the Parity wallet froze $152m-worth of ether.
Will there be another Quadriga-esque cold wallet lockout?
With more than 1,600 cryptocurrencies in circulation and over 500 cryptocurrency exchanges, there will likely be more incidents similar to the QuadrigaCX cold wallet lockout.
“Sadly I think these types of incidents are likely to continue and so I recommend users only keep their financial assets in authorised and regulated exchanges or companies,” says Bryant.
“Due to the immaturity of the industry and the small size of teams and organisations that have become responsible for custodianship of large amounts of money in short spaces of time, it is highly likely that this problem is much more widespread than just this exchange,” adds Ridyard.
“I hope this event will be the catalyst for people to get better.”