Clients of Canada’s largest crypto currency exchange, QuadrigaCX, found themselves locked out of most of the £145 million worth of their assets. The founder, Gerald Cotten, said to be the only person with knowledge of the password to the ‘cold storage’ area is apparently dead, having passed away in India in December 2018. The cause being given is complications with Crohn’s disease, which occurred while he was helping to set up an orphanage.
According to Cotten’s widow, even a technical expert has been unable to recover the password, and hence unlock the millions of crypto-coins, largely variants of Bitcoin, in the exchange’s cold storage.
This is not the first controversy linked to QuadrigaCX. Earlier in 2018, some irregularities associated with a payment processor were reported, with $26 million in assets frozen by a bank while these irregularities were resolved.
Partly as a result of this earlier controversy, some, including rival exchanges, have cast doubt on the veracity of reports of Cotten’s death. Movement in and out of QuadrigaCX accounts has allegedly been detected, though it is unclear as to whether this involves cold storage or ‘hot wallets’.
One expert on applied cryptography, Peter Todd, says that “The people trying to pull off a QuadrigaCX exit scam could actually be the family and other employees, by hiding the fact that the cold wallet keys are known”, without claiming that this is actually the case. The owner of another crypto exchange calls the reports of the death and lost keys “bizarre, and frankly unbelievable”.
What lessons can we learn from this?
Other than the fact that cryptocurrencies and their infrastructure are still very much the Wild West in legal terms, there are a couple of important lessons here.
Firstly, cryptography is a two-edged sword. The state of the art in today’s cryptography is such that it is impossible in practical terms to break the encryption if set up correctly. While it is useful for keeping those secrets that you wish to remain hidden, it can also be abused – either by ransomware bandits, who can encrypt your data so that it becomes inaccessible, or used as an excuse for not coming up with the goods – be they bitcoins or other digital assets.
Secondly, and related to the above, a valuable piece of information, such as a key to unlock a digital vault, is too important to be held by one person. On a personal level, it is now possible to create a ‘digital will’ which is the IT equivalent of the envelope marked “To be opened in the event of my death” so beloved of mystery writers.
At an organisational level, a dependency on confidential information being held by one person requires a fall-back in the event of that person being unavailable. It doesn’t have to be as dramatic as death – a system administrator on an off-grid holiday somewhere in the wilds of the Welsh mountains may be a fatal blow to business continuity if the timing is wrong.
Obviously, in the case above, there is a fundamental structural issue with this organisation’s password policy This can be avoided through the use of secret sharing, whereby more than one person is needed to unlock a vault, open a file, or otherwise gain access to secured information. At its simplest, this is analogous to the famous launch control systems used in nuclear missile silos during the Cold War – a launch can only be initiated by two keys being turned simultaneously in two locks, spaced so far apart that a single operator cannot perform this – in other words, two people have to simultaneously give their consent to launch.
In multi-signature terminology, this protocol would be a 2-of-2 configuration. Two keys are available, and two are needed to unlock. These two keys might be held on separate devices – a PC and a mobile phone, for example, or they might be known to two different people. The concept could be taken further – a 2-of-3 configuration might require two keys from a pool of three to unlock the vault, so our Welsh wanderer’s key, though unavailable, becomes redundant, and could be replaced by the keys held by the CEO and CIO. A 3-of-5 configuration might be implemented to provide a majority voting solution to access jointly-held funds, etc. There are clearly many possibilities here.
Back to Canada and QuadrigaCX – Cotten claimed earlier in 2018 that the exchange had implemented multi-signature technology for its cold storage of crypto coins. Given the current situation, that claim – or the report of Cotten’s death – now seems suspicious, unless the multi-signature was one requiring a unanimous vote.
How can we help?
At First Response, password security is something we take very seriously. If passwords are poorly managed or carelessly stored, become the easiest way for your organisation’s networks to be compromised and taken over.
A network’s password system is more than just access to computers. It also comprises switches, routers, dedicated network appliances and the like, as well as Active Directory and Office365 administration passwords – all of which may be reprogrammed by an attacker who has used a compromised weak password to gain administrative rights over your resources, thereby causing damage to your business or operations. Often, the attacker exploits a weakness in procedures, rather than technology; for example, the use of identical, or near-identical, passwords for different devices, or password sharing by admin teams.
We can assist with best password practices, and help you set up a password vault system, tailored to your individual needs which provides security from attacks launched from both inside and outside your organisation, while at the same time providing failsafe and controlled access in cases where the primary key-holder is unavailable.
Call us for details of how we can help to solve password-related issues – before they become a crippling problem.