Over the last couple of weeks, the world has watched as the QuadrigaCX crypto exchange saga unfolded. Long story short, the exchange lost access to the majority of its assets in cold storage after the founder died unexpectedly. Cotten reportedly had the “sole responsibility for handling the funds and coins,” and was the only person who knew the passwords. With his passing, no one else at the exchange can access the assets.
QuadrigaCX now owes customers nearly $190 million in holdings it cannot retrieve. Customers could be out thousands of dollars and the exchange’s team is caught between a rock and hard place. This situation is both sad and confusing for all parties involved, however, it reinforces some valuable lessons about storying crypto assets.
1. Store Your Own Crypto – The entire revolutionary aspect of blockchain technology is that it is decentralized. This feature provides security by eliminating any central entity that can be compromised. Keeping your crypto in an exchange wallet defeats the entire purpose of a decentralized system. If the exchange is compromised, frozen or, in the case of QuadrigaCX, inaccessible, you can kiss your digital assets goodbye most of the time.
Transfer any assets purchased on exchanges to your private wallet for safe keeping. Exchange wallets can be convenient, but they come at too high a cost to security.
2.Don’t Store Your Passwords Online – “Don’t write your passwords down,” is advice as old as the internet, but storing them in a file on your computer/cloud is just as dangerous. I’ve seen several strategies for keeping managing passwords and there isn’t a single perfect solution.
Breaking up passwords into pieces can be a useful trick, but even using this method, you should still hold the separate parts of a password in different mediums. For example, maybe the first half of your password is filed away in a physical book while the other half lives in a spreadsheet with other decoy information.
3.Don’t Store Your Passwords on Your Person – If parts of your passwords are recorded on a physical medium, like paper or a notebook, make sure you store it somewhere secure, like a safe or a safety deposit box at your bank. While keeping track of your passwords in a physical form can protect you from cyber criminals, it can leave you more vulnerable to physical threats like robbery.
By keeping your physical passwords in a secure place off of your person, you minimize both online and offline risks.
Dima Zaitsev, Head of International PR at ICOBox comments, “the QuadrigaCX situation should cause everyone in the crypto community to reassess their security protocols. If you are an exchange customer, transfer your holdings to a private wallet as soon as possible. If you are an exchange, revisit and revise security protocols and contingency plans.”
Knowing a well-constructed password by heart without written record anywhere might be the best solution for the everyday crypto user, but QuadrigaCX has proved that this method simply doesn’t cut it when other people’s money is on the line. Our advice is to take some time developing your own multifaceted security strategy, no matter who you are.