In case you missed the news, last week QuadrigaCX went out of business.
To summarize the story so far:
QuadrigaCX was Canada’s oldest cryptocurrency exchange and one of the biggest. The founder and CEO of QuadrigaCX, Gerald W. Cotten, supposedly died in India on December 9th, 2018.
Cotten had exclusive control of the private keys for 26,488 Bitcoin (BTC), 11,378 Bitcoin Cash (BCH), 11,149 Bitcoin SV (BSV), 35,230 Bitcoin Gold (BTG), 199,888 Litecoin (LTC), and 429,966 Ethereum (ETH), with a total value of $190 million (USD).
Cotton had control of the keys ON HIS LAPTOP and officers of the company are now claiming the laptop was encrypted and they cannot get access to the funds.
A court filing was made in Nova Scotia by Cotton’s widow to put the company into creditor protection while she becomes familiar with the business and locates the money (hopefully).
The court filings can be found here. They make for fascinating reading.
Where Did the Crypto Go?
Before we examine the implausibility of the current narrative, I should explain the difference between hot and cold wallets.
Crypto (bitcoin, Ethereum, Ripple) is stored in an electronic wallet. A hot wallet is a wallet with the private keys that are accessible online (ie on a server that is connected to the internet).
A cold wallet is not accessible via the internet, for example it is loaded on a USB stick or on a computer that is not connected to the internet.
Obviously, when Cotton’s laptop would be connected to the internet, the cold wallet would become hot and then he could transfer the crypto to QuadrigaCX accounts for the necessary transfers.
Much of the current narrative centers on the fact that the laptop is encrypted, meaning nobody can access it because the passwords are lost.
Now, laptop security can be hacked, and Cotton’s widow has brought experts who can do that, but apparently they have had no luck so far.
But they don’t have to hack the laptop to recover the wallets.
Let me explain.
Most, if not all crypto-wallets force the user (through a script) to create what’s called a paper backup.
Here is a screensnap of a paper backup of bitcoin wallet that I created on my desktop (that contains no bitcoin by the way).
It is possible to bypass the paper backup procedure, but how many people would load $190 million of crypto on their laptop and then not make any backups?
What if Cotton was still alive and the laptop had been stolen? What if the laptop has just dropped on the ground or the hard drive died?
It’s inconceivable that there is not a paper backup anywhere. EVERYBODY with a crypto-wallet does a paper backup.
As it stands, nobody in the QuadrigaCX organization says they had any conversations with Cotton about the practice of storing $190 million of customer funds on his laptop without any backups.
That includes Alex Hanin, the co-founder of QuadrigaCX:
There is now speculation that there may have never been any cold wallets in the first place:
Remember, there is no legislation in Canada requiring that the owners of cryptocurrency exchanges hold customers funds in “cold wallets” or in reserve.
Beyond antimony laundering and know-your-customer (AML/KYC) legislation, there are no regulations on the crypto-exchanges at all.
It is possible that Gerald Cotton moved the crypto to secret accounts to perform what is called in the industry an “exit scam.”
However, it is also possible that Cotton moved the reserves to exchanges such as Bitfinex to loan out the crypto for interest.
As you can see from the chart, yearly interest for Bitcoin is 1.46% and for Ethereum is 189%.
About Ethereum, that’s not a typo: 189%
I think it’s safe to speculate that for an owner of any crypto-exchange, that type of interest rate would be very tempting.
Conclusion: Where is All the Crypto?
The $190 million worth of crypto is in one of two places:
- Cotton’s laptop
- Somewhere else
There good reasons why it would NOT be on the laptop and good reasons why it would be somewhere else i.e. at the Bitfinex exchange earning interest.
What’s needed now is a court order for the QuadrigaCX organization to disclose the addresses of the wallets (hot or cold) that the funds were transferred to.
There has been much amateur sleuthing on the internet already (see Taylor Monahan’s tweet storm earlier in the story).
For sure, the story “all customer funds have been lost because we can’t hack into Cotton’s laptop” is not holding water.