Have you heard recently about Quadriga? Quadriga was Canada’s largest cryptocurrency exchange with over 115,000 users with multimillion-dollar transactions daily. The money allocated on the exchange summed up to $250MM from which $50MM came from FIAT currency and the rest was in crypto.
The company started to have some liquidity problems in January 2018 and the Canadian bank CIBC froze around $15MM linked to its payment processor after the bank had difficulty determining who the owners of the money were.
Adding insult to injury Quadriga’s CEO, Gerald Cotten, 30, passed away last December and left everyone in astonishment.
OK back to the root.
Quadriga’s cryptocurrency holdings were located and encrypted on a cold wallet and the password to access it was only known to the CEO. He stored passwords on his laptop and never shared with anyone including his closest friends and family.
As a consequence, further investigation and hacking couldn’t break into either laptop and wallet and retrieve the passwords. It’s estimated that $137MM is frozen on the wallet right now and inaccessible by anyone.
What happened there exactly and what measurement could be taken to prevent it?
ICOs are ruled by smart contracts. When the soft cap is reached the contract is automatically triggered and funds are given to the company. In return, the company is issuing tokens to its shareholders. This is where the process starts. Funds obtained during ICO have to be allocated somewhere and this is where digital wallet comes in place.
We have a few solutions here:
- online wallets at the time of ICO (single or multi-signature wallets)
- offline wallets where funds can be moved
- Escrow agents
After successful ICO company needs to access funds for operations but, rightly so, investors want to have extra protection that their investment was rightly allocated and money won’t be taken away from them.
Imagine the easiest possible situation where there is only 1 single key to withdraw the money. Anyone who has access to the key can take the funds away from the wallet. It is a convenient mechanism but also a dangerous situation in terms of possible fraud. All power in one hand and if the key is only with the owner, then whatever happened in Quadriga, can happen to any company.
If you add more keys, then all of the keys need to be input at the time of transactions which basically adds an extra layer of protection. Why? Because the responsibility is spread over more people.
Let us take a simple example: Company X is represented by 4 main stakeholders that are also part of the board of directors. These stakeholders share 2 keys — two board members know 1 key, two other board members have access to the second key. In this case, the decision is split and governed by a board agreement with all parties to agree on the company decisions. It takes at least 2 members to withdraw the money and also gives protection in case of an emergency situation e.g. unexpected death of one of the members.
Let us add the Escrow agent to the equation. It’s an independent company that supervise funds spending when certain situations occur e.g. roadmap is fulfilled. In consequence, you add the third party that puts an umbrella on the company’s decisions and governs decision making. Of course, the disadvantage is that it adds cost and red tape to the whole process.
How do we handle things in Bitcademy?
We keep them simple but very effective. We have 2 keys with back up deposits containing passwords and designated persons to retrieve them in case of key holders inaccessibility. We use Gnosis digital wallet for our smart contract (audited positively by Callisto Group, based on Ethereum ERC-20) and in case we need to move to cold storage there will always be a save deposit to protect your funds governed by at least 2 parties.
Enjoy our ICO… it’s coming soon https://bitcademy.io