Are offline wallets the perfect way to perpetrate an exit scam?
18.3.2019
Translation: machine translated
Millions of cryptocurrencies are accumulating in so-called offline wallets which, as the name suggests, are not on the internet and are therefore the safest place to store this type of currency. However, this very security is behind one of the latest big coups in the field.
Gerard Cotten, 30, founder and CEO of Canadian cryptocurrency exchange platform QuadrigaCX, died at 7:26pm at Fortis Escorts Hospital in Jaipur, India, from septic shock while conducting charity work in the region. Doctors and investors agree: there is nothing particularly exceptional about this event, which is certainly quite tragic.
.
And yet, on that evening, no one had any idea that this death would completely shake up the world of offline wallets and cryptocurrencies.
Offline wallets: a necessary evil?
Online or offline wallets are a kind of wallet or account for bitcoin and other cryptocurrencies. There are a large number of them and, although not all of them are reliable, they are essential for anyone wishing to carry out cryptocurrency transactions. Online wallets (or 'hot wallets') are connected to the Internet and are obviously attractive to hackers, who try to get hold of the key - i.e. the password - associated with them and access their contents.
Online wallets, on the other hand, operate without an Internet connection. Their keys are stored offline and protected from cyber attacks. So only you know what they are. But this security also has its drawbacks, since in the event of your death, you risk not only taking all your assets to your grave, but also opening Pandora's box...
And this is precisely the disaster scenario that came to pass when Gerald Cotten died.
Till death do you part
A week or so before the young entrepreneur's death, customers of three Canadian banks who carried out transactions via QuadrigaCX stopped receiving money. This problem was quickly resolved, but only in order to avoid a payout limit. This news has worried many, experts and neophytes alike, since these are clear signs that an exchange platform is temporarily no longer able to refund its customers' deposits.
Apparently only Gerald Cotten had the access code to QuadrigaCX's offline portfolio, and his company's entire holdings disappeared with him, raising investor suspicions. News that the Canadian exchange suddenly no longer had access to 99% of its funds reached the Coindesk news portal. Client accounts frozen, an insolvent exchange whose director suddenly dies abroad and takes everything to his grave... You can imagine the scoop! Everything pointed to an exit scam, much to the delight of conspiracy theorists.
.
An unintended and expensive end
The darknet describes an exit scam as the ultimate stunt a criminal can orchestrate to disappear with as much loot as possible. All the evidence suggests that this is exactly what Gerald Cotten did. Nobody believed the legitimacy of the death certificate provided by his wife, and experts suggested that the document had been falsified. It took official confirmation of his death from the hospital where he was admitted the day before he died to quell the rumours, though not silence them.
In fact, the way cryptocurrencies work and the non-anonymisation of the blockchain have not succeeded in erasing all suspicion. Quite the contrary. Analysts have published various addresses belonging to QuadrigaCX from their own payments and from reports published in verified forums. They used wallet clustering(in English) and various testing tools, but found no trace of an offline wallet that had been used to make payments to the exchange platform via these addresses. Further analysis also showed that the withdrawals were not made from the company's capital, but from other customers' deposits. Financial experts were also surprised to find that it all resembled a Ponzi scheme or pyramid scheme.
They also discovered that payments were made 30 days before Gerald Cotten's death from addresses belonging to QuarigaCX, which is impossible according to the official version of events. A cluster of addresses to which 760 bitcoins were paid a month before the CEO's death also cast doubt on the exchange platform's claims that it no longer had access to his offline wallet. Did Gerald Cotten try to disappear in order to avoid facing up to the problems of his exchange platform, the warning signs of which dated back to the previous year? Incidentally, the problems with Canadian banks that I've just mentioned weren't the only things that worried financial institutions, as a faulty update to the Ethereum client had already caused payment difficulties at QuadrigaCX in 2017.
Canadian cryptocurrency experts, however, were never able to prove that they were indeed dealing with an exit scam. Gerald Cotten therefore remains innocent until proven guilty. For the time being, we have to make do with the statements made by his widow and the press release issued by the Indian hospital. We will have to wait one to two years before we have access to the results of the ongoing hearings.
One for all, all for one
The lack of professionalism of Gerald Cotten and his team gives cryptocurrencies a bad name. If a director is the only person who knows the combination to the safe containing all his company's funds, you have to wonder whether he really trusts his staff and whether his recruitment policy might leave something to be desired.
On the other hand, a safe can always be broken into so that the company can outlive its director. It's not an easy task, but it's not impossible. But cryptocurrencies are changing the game. The blockchain admits of no mistakes, and it cannot be hacked. It's rather ironic, given that this high level of security and transparency is both highly prized... and allows huge sums of money to disappear without a trace. Even if Gerald Cotten hadn't died in India, a second's inattention at the wheel could have sunk QuadrigaCX.
We'll all die eventually
The mistake Gerald Cotten made wasn't in using an offline wallet, as it doesn't single-handedly give carte blanche to commit an exit scam. Rather, it was the way in which he used it that suggests it. A multi-signature wallet would have been enough to avoid the problem. It could not have prevented the death of the young entrepreneur, but it could at least have saved his company and avoided the exit scam rumours. In the case of a multi-signature portfolio, two other people (in addition to the CEO) must own a physical portfolio such as a Ledger Nano S, a KeepKey or a Trezor. It works in a similar way to the offline wallet but, unlike the offline wallet, at least two of the three holders must approve a direct debit. This system prevents a single employee from destroying a business.
Gerald Cotten has strikingly demonstrated how quickly you can make a fortune with cryptocurrencies. In the space of five years, he has created a successful exchange platform and business. He didn't make his decisive mistake during one of the many complex processes inherent in doing business with unregulated financial services providers. No. He simply didn't trust anyone and, like a rookie, cut his teeth on a basic tool: the offline wallet.
As for the rest, we can only speculate. Was the Canadian entrepreneur simply reckless? Did he orchestrate a stunt worthy of the most notorious gangsters and steal millions? Or did he want to take his bitcoins to his grave? No one will ever know.
Header image: A double-edged sword: In the wrong hands, offline wallets can do great damage. Source: CNN
Raphael Knecht
Senior Editor
raphael.knecht@digitecgalaxus.chWhen I'm not stuffing my face with sweets, you'll catch me running around in the gym hall. I’m a passionate floorball player and coach. On rainy days, I tinker with my homebuilt PCs, robots or other gadgets. Music is always my trusted companion. I also enjoy tackling hilly terrain on my road bike and criss-crossing the country on my cross-country skis.