What’s worse to lose – your keys or your wallet? That’s the question more than 100,000 angry investors who used the QuadrigaCX exchange to purchase cryptocurrency now contemplate. The apparent sudden death in December of Canadian Gerald Cotten, the exchange’s 30-year-old founder, has without warning left them in a $250 million-shaped hole.
Mr Cotten, who had Crohn’s disease, is said to have died while on honeymoon in India after his bowel became perforated during what is reported to have looked at first like a bad case of Delhi belly. With him, we are led to believe, went the only crypto key to the place in which QuadrigaCX investor money is stored – repositories known as offline ‘wallets’.
Either fortuitously or suspiciously, depending on your perspective, Cotten made a will 12 days before dying, leaving his $8 million estate to his wife and a $80,000 trust fund for his two chihuahuas. Naturally, not everyone believes he is dead, especially since blockchain research by crypto sleuths has since raised the real possibility QuadrigaCX was nothing more than a Ponzi scheme.
A detailed report published on the Zerononcense blog alleges that QuadrigaCX had no offline wallet reserves at all. ‘It appears that QuadrigaCX was using deposits from their customers to pay other customers once they requested a withdrawal. It does not appear that QuadrigaCX has lost access to their bitcoin holdings,’ the report states. It adds the quantity of bitcoin held by QuadrigaCX was ‘substantially less’ than was reported in a sworn affidavit submitted to a Canadian Court last month by Cotten’s wife.
Anyway, a death certificate has now been issued by the government of Rajasthan and a spokesman for the Jaipur hospital to which Cotton was bought has stated publicly that he died there. So, one way or another, Cotten has certainly exited.
But what chance do QuadrigaCX investors have of getting their cash back? Sam Reed, chief technology officer of the world’s largest bitcoin exchange BitMex is not optimistic. ‘Well, if he’s actually dead and nobody can get into his laptop that contains the keys, then basically zero,’ he says. He adds it strikes him as very odd Cotten made no contingency plans. ‘It would mean he never made a back up, paper or otherwise, that he made accessible to anyone at any time. That could be the case. It’s not great security and it’s not very responsible, but I suppose it’s possible.
‘As an exchange operator myself, I find it hard to believe that anybody would not take those steps. At BitMex, we think all the time about the safety of the money we hold. And we have multiple contingency plans such that if we die or the data centre explodes… it can happen without everyone losing their money. I find it hard to believe that that sort of due diligence wouldn’t have been done in Cotten’s case. But it’s crypto, so anything can happen.’
Reed suggests QuadrigaCX investors’ best hope now lies in authorities somehow cracking the code for Cotten’s laptop and then discovering the lost crypto key, because, he says, guessing the combination for the key itself would be impossible: ‘There’s more possibilities for that key than there are atoms in the universe’.
While the QuadrigaCX case is undoubtedly fascinating, in this age of electronic banking and investment where money exists only in binary code, is it not possible a similar event could at any time befall anyone who uses a traditional bank? According to Ross Anderson, Professor of Security Engineering at University of Cambridge’s Computer Laboratory, the answer is yes. He says in recent years a number of major international banks have had ‘scary near misses’ after getting their digital accounting systems into a mess.
He says: ‘Over the last thirty years banking systems have become more and more complicated. It’s been made particularly complicated by the arrival of real time settlement systems. So you no longer automatically checkpoint things overnight, and if you get things in a fankle whereby the bank is out of balance, because there are bugs creating errors which in turn cause more errors and still more errors, then the whole thing can cascade and you can end up screwed… On the occasions where we have come close to losing a bank, that is what has happened.’
He says banks on the whole today use legacy digital computing systems that have been modified and patched up since the 1990s, meaning they are far from perfect.
‘We have seen near misses on a number of occasions. We had a near miss at NatWest, there was a big screw up with TSB, and there have been other cases where banks have sought to replace systems and the project has dragged on for several years more than was planned and cost several hundred million more than was planned. Look, running big complex computer systems is a mess and it’s a headache and all the rest of it. Basically, our ability to manage big complex systems is one of the limiting factors of what can be done.’
In the cases of NatWest (2012) and TSB (2018), hundreds of thousands of customers were locked out of their accounts, or shown other people’s account details in error. In the end, no customers lost money, but the TSB failure alone, which cost CEO Paul Pester his job, took longer than six weeks to fully resolve.
Professor Anderson is unequivocal that in the case of a really big bank failure caused by a computing system error, proving the existence of funds held in your account would be nigh-on impossible.
He says: ‘If you turned up with a bundle of paper bank statements, your bank would say “fuck off sonny, we only believe the computers”. And the computers will be down for the next eight months, while the forensic accountants go through them.’
He adds that if you were someone who is ‘totally badass and reasonably solvent’, with paper bank statements to match, then you could sue for your money back. ‘But if the bank had at that time gone into administration, you would join a very, very long queue and at best you would have a claim for £85,000 against HM Government, because there is a government guarantee scheme for that amount.’
That said, Professor Anderson, who until recently refused to use online banking at all, says he still prefers traditional banking systems to the brave new world of crypto.
He says: ‘Overall, financial IT has been pretty dependable over the past 50 years without any major catastrophes, despite the occasional extended outages.
‘Cryptocurrencies are scams and anybody who puts any money into bitcoin or Ethereum or whatever and loses the lot only has themselves to blame.’