Cryptocurrency storage and security have been in the spotlight recently thanks to the bizarre story of QuadrigaCX, Canada’s largest bitcoin exchange.
It started when the company’s founder and CEO, 30-year-old Gerald Cotten, suddenly passed away in December due to “complications with Crohn’s disease.” He took with him access to $145 million in digital assets the company kept in offline storage, known as cold wallets. Cotten was the only person with private keys to those wallets, and the company hasn’t been able to recover them.
QuadrigaCX kept less than $1 million of its assets in a hot wallet on their server so they could be easily traded. To make matters worse, the company accidentally transferred half of those assets to their cold wallets — after they lost access to them.
It isn’t unusual for a cryptocurrency exchange to store the majority of its assets in cold wallets to protect against theft and hacking. However, it is extremely unusual for only one person to hold the key. You don’t have to be a cryptocurrency expert to understand what could go wrong with such an insecure approach.
QuadrigaCX is facing many allegations, including that assets left the allegedly inaccessible cold wallets after Cotten’s death, and that the company doesn’t have cold wallets at all. What’s certain is that this debacle has emphasized two critical lessons about cryptocurrency storage.
1. Don’t leave your cryptocurrency in an exchange.
Never leave your cryptocurrency in an exchange. Exchanges are for exchanging only and are unregulated. As QuadrigaCX has made clear, you don’t have a key to your own cryptocurrency when they’re stored on an exchange. “Not your key? Not your coin.”
Exchanges can also be hacked or can go bankrupt. If anything happens to the exchange, you could find yourself in the same situation as 115,000 QuadrigaCX investors — waiting to find out if you’ll ever see your assets again.
Anyone with over $1,000 in cryptocurrency should use a wallet that gives them control of their private key. You can choose between hardware like the Trezor, or software options like Gnosis.
2. Distribute your “signing authority.”
Secure cryptocurrency assets are useless if you can’t get to them. That’s why we recommend a comprehensive backup plan, including multiple signers for large cold wallets and contingency plans for hot wallets. This ensures you don’t lose access to everything if something happens to one individual. In the case of the multi-signer set up (example, 2 of 3), it can also act as a system of checks and balances, which is necessary when you have assets hanging in the balance.
If you’re interested in learning more about best practices for cryptocurrency, our guide to hot and cold storage discusses how you can divide your wallets, manage personal keys, and manage backup documents to ensure both security and accessibility. It also gives insight into how to manage different options and scenarios when it comes to securing your assets.
As the world of cryptocurrency continues to evolve, the best defense against a disaster like QuadrigaCX is to have a good offense. So if you’ve got questions about hot or cold storage, cryptocurrency accounting, or just want to shoot the breeze about where crypto is headed next, email our team at [email protected]. We’d be happy to chat.