Customers are unable to access over $145m in cryptocurrency after the recent sudden death of 30 year old founder of Canada’s largest cryptocurrency exchange, Quadriga.
The company says that the millions of dollars’ worth of cryptocurrency can't be accessed because CEO Gerald Cotten was the only person with the recovery codes needed to withdraw the currency held in secure cold wallets.
A cold storage wallet is completely offline. It is not connected to the servers or the infrastructure set up by the exchange. In Quadriga’s case only the CEO had the cold storage keys / password / access and the location of the cold storage wallet.
Cotten’s death has set off a storm of controversy in the cryptocurrency world, with some believing that his death is a fake.
With many commentators saying that the Quadriga story has arisen as a result of cryptocurrency being thinly regulated, South Africans with crypto wallets are anxiously wondering how best to protect their own crypto investments. There are clearly many suspicious (and inept) platforms.
Marius Reitz, Luno’s GM: Africa, says that the Quadriga case highlights the need for cryptocurrency regulation. “We are very much in favour of regulation and we are actively working with a number of central banks and financial regulators, including the SA Reserve Bank, to drive regulation for cryptocurrency. Regulation will provide consumers or potential consumers with the comfort that the service they are dealing with is held to defined regulatory standards. Imposing regulations will, in turn, enhance general trust in and stability of the market,” he says.
Crypto exchange security measures
Luno divides its customer funds between a hot wallet (coins in the server) and a cold wallet (an offline storage area to protect the coins from hackers).
“The majority of our customers’ keys are kept in physical bank vaults, inside safety deposit boxes. We call this our deep freeze storage solution. It features processes and procedures to maximise safety like:
- Deep-freeze keys are multi-sig keys, meaning that multiple keys always need to be present to authorise a Bitcoin or Ethereum transaction. It’s a bit like a bank vault that requires multiple keys to be turned at the same time before it can be unlocked.
- Only a couple of senior individuals at Luno have access to the safety deposit boxes, and the same person does not have access to more than one safety deposit box.
- Private keys in the safety deposit box are encrypted, making it impossible for a bank employee to steal the key.
“Our deep-freeze storage is purposefully difficult to access. So for our day-to-day operations, a small percentage of cryptocurrencies are kept in a combined-strategy system, using offline cold storage and an online hot wallet. This allows us to ensure we always have Bitcoin and Ethereum available during the day while leaving a majority of cryptocurrency safely offline,” he explains.
In addition to internal security measures, Luno has also integrated a co-signing partner as a hot wallet co-signing service. “The only way to spend Bitcoin or Ethereum from our hot wallet is if both Luno and our partner, authorise the transaction using multi-sig keys. They also provide us with additional security measures like daily and lifetime key spend limits.”
Luno has a history of building crypto systems for banks and is consequently one of very few crypto companies that actually has bank grade security systems.
When choosing whom to trust with the safety of your cryptocurrency, do research about the company. “If the answers to the above questions aren’t readily available for you to access, search for a company that is more transparent,” concludes Reitz.
Six questions to ask before signing up for a cryptocurrency exchange
1. Do I trust the team building the product or service?
2. Do they understand and implement secure key storage?
3. Do they have a strong technical and engineering background?
4. Do they have security features like two-factor authentication or integration with security partners?
5. Do they undergo regular security and financial audits?
6. Do world-class investors back the company?