Canada’s largest crypto exchange QuadrigaCX lost more than $190 million worth of user funds and is unable to reimburse its users.
As CCN reported on February 1, the founder and CEO of QuadrigaCX passed away in India with sole control over the company’s cold wallets containing more than $150 million in cryptocurrencies like Bitcoin and Ethereum, and $40 million in cash stored with a third party.
How do the world’s largest digital asset exchanges such as Binance and Coinbase store funds to avoid a tragic situation like QuadrigaCX?
A common criticism against the Canadian exchange, which now faces the risk of bankruptcy and bank default, was its structure.
Meltem Demirors, an executive at CoinShares, said that QuadrigaCX lacked continuity planning and a reliable structure.
In a highly unlikely event that an executive or a key figure at an exchange goes missing, the company should still be able to operate and protect the funds of users.
“Beyond horrifying. Canada’s largest exchange QuadrigaCX: founder dies suddenly, no one has private keys to wallets, fiat balances inaccessible. Operational security and continuity planning is essential for both a business and an individual,” she said.
Changpeng Zhao, the CEO of Binance, the world’s biggest crypto exchange based on volume, said that exchanges have to utilize a multi-signature system to control a cold wallet.
In Bitcoin, a multi-signature wallet allows multiple users or organizations to hold private keys to the wallet.
Only when all of the keys or the majority of the keys are combined, depending on the structure of the multi-signature wallet, can the funds be accessed.
“That’s sad,” CZ said, referring to the QuadrigaCX case. He added, “there are many solutions to split private keys or signing to achieve 3/5, 5/7 etc. Never neglect security. Also, never have CEO carry private keys. Bad on many levels. Personally, in good health and intent to live longer and prosper.”
For an exchange, the protection of user funds and the security of internal management systems have to be prioritized over any other area of business.
Many of the largest exchanges in the global market employ a carefully laid out strategy in governing cold storage wallets to ensure the safety of user funds.
In December 2018, Coinbase, a leading U.S.-based exchange, transparently disclosed the biggest crypto transfer on record involving its cold wallet, providing a rare insight into its system.
Prior to moving its cold wallet funds, the Coinbase team said it planned months ahead of the event to eliminate any potential technical hiccup.
Previously, Coinbase stored user funds in a cold wallet secured in a safety deposit box. As the exchange grew in size, the company had to overhaul its storage to a more secure and efficient system.
The Coinbase team explained:
We began planning months before the actual move date and involved almost every team at Coinbase in the process. We conducted risk assessments, honed monitoring plans and conducted test migrations until we were positive that the live migration would go off without a hitch.
Nathaniel Popper, a journalist at The New York Times, said it best.
The Mt. Gox-esque case of QuadrigaCX may have harmed the reputation of the industry as well as that of companies like Coinbase, Binance, and Gemini that allocate a significant portion of their resources in protecting user funds and establishing industry standards.
Already, in major markets such as Japan and South Korea, crypto exchanges have a reputation of being vulnerable to hacking attacks and fraudulent operations due to past events.
These cases demonstrate that the cryptocurrency sector is still at its infancy. Over time, as the industry adopts better practices, the infrastructure and internal management systems of exchanges are expected to improve.