By Daniel Livingston, Partner and Scott Colvin, Lawyer
So, it happened again — another cryptocurrency exchange looks likely to have lost millions of dollars of its client’s money.
This time it was in Canada, when the founder and CEO of Quadriga CX died at age 30, taking with him the encryption codes and the only means of accessing the highly-secured systems in which customers’ data — including their digitally-stored currency — was stored.
The exchange held approximately AUD$270 million of client funds in a variety of fiat and cryptocurrencies that could be traded on the platform. With no one possessing the means to access those funds, they are destined to exist in a form of limbo and there is a real possibility that they may never again be accessible by their rightful owners.
This story is slightly different from the usual tale in which an exchange is the subject of a cyber security failure (aka a ‘hack’) or the controlling minds abscond with the money. In 2014, the Mt. Gox exchange suffered a security breach that creditors claim resulted in the theft of USD$60 million in Bitcoin. A year ago, USD$500 million in a variety of digital assets was stolen from Coincheck Inc.
There is nothing unusual about Quadriga CX’s security measures within the industry. But this story, as well as other cautionary tales, demonstrates how vital it is for exchanges to take the next step in their evolution and radically overhaul their treatment of customers’ money.
One obvious possible solution lies in custodian arrangements, in which trusted, independent entities with leading security protocols hold monies or access codes on trust and act as an intermediary between customer and corporation.
This type of custodian scheme is common in the investment, superannuation and managed funds industries, but unfortunately (due to some structural complexities) has not been adopted by players in the cryptocurrencies space to date. There is potentially a lot of money to be made by a company solving the cryptocurrency custodian issue.
Internal protocols, too, could be improved. It should not be for one enigmatic founder to hold the only set of keys to the entire vault, as was the case for Quadriga CX. While some security was in place in that instance (for example, crypto-assets were held in ‘cold storage’, on devices with no connection to the internet and untouchable to outsiders), more robust policies such multi-signature keys spread across executive staff with backups in place would have avoided the disaster that occurred.
It will fall to investors (and users) to push through these changes to the industry. Those with the means to do so will let their money do the talking on the systems and processes they trust and are prepared to rely on. Mindful investors will create a virtuous circle by which investor pressure on companies to maintain better systems will drive an improved public/market perception on this industry — an issue that lingers as the space moves from tempestuous beginnings to maturity. That better public perception will, in turn, result in greater opportunities for investment, both from the public at large and institutional investors.
The lesson of Quadriga CX is simple. It’s time for those in the crypto space to move beyond the often amateur-ish security regimes they currently employ to protect users’ assets. There exists a significant opportunity for companies to be bold and offer innovative solutions across the market. This will improve the public perception of the industry as a whole, as we move into the next phase of the development and proliferation of crypto-products, in which demonstrable trust will become a cornerstone of successful players.
Get the latest news insights and articles straight to your inbox, simply enter your details.