QuadrigaCX: $190-million lost after founder takes cold storage password to the grave
1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 3.89 out of 5)

QuadrigaCX: $190-million lost after founder takes cold storage password to the grave

Some have cast suspicion over the “death” of embattled owner, Gerald Cotten.

Let’s take a quick detour from our standard fare and talk a little bit about a strange situation involving the cryptocurrency exchange, QuadrigaCX, the death of its sole director and operator and the fact that nearly $190-million may now be unrecoverable after the cold storage password potentially died with its owner.

Unfortunately, as a blog that covers a lot of encryption topics we get hit up a lot by various crypto-bros looking to pawn off unoriginal content or advertise their own unique solutions. I almost categorically ignore them. But this bit of cryptocurrency news feels more intriguing. And that’s owing to the fact that this could potentially be either a horrible stroke of luck or something far more scandalous.

Either way, it has some teachable moments and should make for some light reading to start the week.

Let’s hash it out.

What happened to QuadrigaCX – the official story

QuadrigaCX is a Canadian cryptocurrency exchange with around $190-million worth of holdings across several different types of currency. It was run by a sole proprietor, Gerald Cotten, who served as the sole director and lone board member.

Late last year, Cotten headed to India where he was reportedly helping to build an orphanage. According to an affidavit filed last Thursday by his widow, Cotten succumbed to Crohn’s disease in December.

Now here’s where things take a turn, the password to the cold storage wallet used to store QuadrigaCX’s holdings seems to have died with Cotten. In all, Cotton held the private keys for 26,488 Bitcoin (BTC), 11,378 Bitcoin Cash (BCH), 11,149 Bitcoin SV (BSV), 35,230 Bitcoin Gold (BTG), 199,888 Litecoin (LTC), and 429,966 Ethereum (ETH), with a total value of $190 million.

Here’s the affidavit that was filed last week by Cotten’s widow.

Jennifer Robertson Affidavit by on Scribd

Per Cotten’s widow, experts were hired to decrypt Cotten’s laptop, though there has been little success on that front so far.

The expert, she added, has already accessed Cotten’s personal and work email accounts and is now trying to gain access to an encrypted email account. Cotten also used an encrypted messaging system, but the chances of successfully reading the communications appear dim because, the expert has reported, “messages would disappear from the encrypted messaging system after a short period.”

Now, assuming that everyone here can be taken at their word and QuadrigaCX’s sole proprietor did pass away along with all knowledge of the cold storage password, there’s a couple of takeaways.

First, this is the modern day equivalent of lost pirate treasure. Macabre though it may be, that’s really the only historical parallel I can come up with that is even close to losing nearly $200-million worth of crypto assets as a result of a forgotten password.

Second, and this is maybe a bit more salient, this is the downside of the “decentralized” nature of cryptocurrency. And make no mistake about it, in the marketing material this is something that’s painted almost entirely as a positive. It’s decentralized. It’s not dependent on large institutions like most fiat currencies. And I feel like many people just buy that without questioning what it means.

This is the downside of decentralization. Because as much as it’s popular to hate banks and the finance industry – and there are plenty of good reasons to feel that way, too – this scenario doesn’t ever occur with more traditional currencies. When the president of a bank dies, you don’t risk losing access to all of your assets. And, you also have recourse mechanisms. Granted, not all of them work as intended, but you’re not just SOL like you would be with cryptocurrency.

What if this was something more nefarious?

And there’s the $190-million question. Not everyone thinks that this is on the up-and-up. In fact, some people in the cryptocurrency community have come right out and said that this doesn’t smell right.

The following is from a blog post on Crypto.IQ:

QuadrigaCX users are suspicious for multiple reasons, with many users on the QuadrigaCX subreddit calling this is an obvious scam. Apparently QuadrigaCX admins are censoring the subreddit, so a new censor-free subreddit has been created, and it is filled with scam accusations.

QuadrigaCX did not publish a list of cold wallet addresses, and users are requesting that QuadrigaCX publish a list of addresses to end suspicion. Users are looking for the cold wallet addresses to see if they are truly inactive.

One user claims to have found QuadrigaCX’s Litecoin (LTC) cold wallet addresses, and claims these addresses are actively being liquidated. It cannot be confirmed at this time that these Litecoin (LTC) addresses are the true QuadrigaCX cold wallet addresses however.

There is some additional information that does lend itself to a more conspiratorial conclusion, too. For one, there is some question over the death certificate, which isn’t an official certificate at all, rather just a statement of death from a Canadian funeral home.

QuadrigaCX death certificate

While there does appear to have been a service in Nova Scotia, there’s some question as to whether or not the ashes that were received from India were actually Cotten’s.

Additional factors that have raised suspicion are the fact that QuadrigaCX was, at the time of Cotten’s death, involved in court action with the Canadian Imperial Bank of Commerce over $25.7-million that had just been seized.

And then there’s this, Cotten’s will, which left $100,000 to his dogs and put his widow in charge of his estate, was signed just two weeks before his death.

Suffice it to say this case has a whole lot more questions than answers and regardless of how this ultimately turns out, it’s not likely to be a happy ending.

As always, leave any comments or questions below…

Hashed Out by The SSL Store is the voice of record in the SSL/TLS industry.

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *


Patrick Nohe

Hashed Out's Editor-in-Chief started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. He also designs the visuals for Hashed Out and serves as the Content Manager for The SSL Store™.