Quadriga “Loses” Keys to Stored Digital Assets

Quadriga, Canada’s largest cryptocurrency exchange, is unable to gain access to about $145 million (USD) of bitcoin and other digital assets following the sudden death of Gerald Cotten, its co-founder and CEO, in December 2018.  According to Quadriga, Cotten stored those digital assets in a “cold wallet” on his encrypted laptop and repeated attempts by his widow to gain access to the laptop have proved unsuccessful.  Additionally, details of how to access the encrypted laptop appear to not have been recorded or are nowhere to be found.

In the meantime, Quadriga has halted trading on its platform and obtained an order for creditor protection in accordance with Canada’s Companies’ Creditors Arrangement Act (CCAA) to provide it with an opportunity to resolve this issue, which has affected its ability to serve its customers.  The CCAA is a federal law allowing insolvent corporations that owe their creditors in excess of $5 million (CAD) to restructure their business and financial affairs.

Hot and Cold Wallets

A “hot wallet” is a digital asset wallet that is connected to the internet.  Hot wallets provide exchanges and users to make instant payments and withdrawals on demand.  These wallets function like a physical wallet, where cash is kept on one’s person, however it exposes the user to greater risk of a cyberattack.  On the other hand, “cold wallets” are those that are stored off line, also referred to as “cold storage.”  These wallets are located on hardware, such as a laptop or smartphone, and heavily encrypted.  While shielding the user or exchange from cyberattack, cold wallets are much less immediate and convenient.  They are best used for long-term storage.  In Quadriga’s case, such long-term storage may end up being a bit too long-term.

Risks and Considerations

Quadriga serves as an example of the importance of rigorous due diligence into data security, governance and regulatory oversight of a digital asset service providers.  Running a safe and efficient digital asset exchange requires sound internal and external management and supervision.  Internally, an exchange must identify its risks, assign responsibility for limiting and managing those risks, create a framework for remediating risk limit breaches, and execute back-testing to ensure its program is properly adhered to.  Included within those risks is operational risk, which is the risk of loss resulting from failed systems or processes.

External oversight and supervision on the part of regulators and SRO’s helps assure that market players adhere to a uniform and adequate set of industry and risk management standards.  In choosing a platform, consider seeking out regulated platforms that are subject to external risk management standards that are enforced through regulatory compliance and oversight, including onsite examination by regulators and periodic regulatory reporting.