$137milllion Worth of QuadrigaCX’s Customers’ Bitcoin Stuck in The Abyss

[The AchieVer]

$137milllion Worth of QuadrigaCX’s Customers’ Bitcoin Stuck in The Abyss 

 

 

Cryptocurrency exchange, QuadrigaCX, has suffered a security incident after it lost control of its customers assets. $137 million worth of assets are inaccessible as the only person with access to the offline wallet sadly passed away at the age of 30. Assets include Bitcoin cash, Bitcoin gold, Ethereum and Bitcoin SV. Over 100,000 customers are affected.

Strong security measures in place hinder the process of retrieving customers’ assets

QuadrigaCX stored assets offline as a security measure to prevent unauthorised access by hackers. Further security measures in place included encrypting laptops. Again this made it harder for hackers to access bitcoins. With encrypted devices, there is always a recovery key. However, the company was not able to locate this either. An encrypted USB belonging to the director soon diminished hopes of finding any information to help. The founder encrypted emails and set short retention rules on other messaging software.  QuadrigaCX called in a cybersecurity professional to attempt to decrypt all devices but was unsuccessful in retrieving anything.

All these security measures succeeded in its objective but also hindered the access and use of the assets. In this rare instance, it defeated its purpose. It made it hard for anyone to get in, including staff of Quadriga CX. To add, there was no back up plan or access to the assets in the event of an incident such as this.

The gap in the security measure implemented

Organisations should indeed restrict the number of people who hold passwords to highly sensitive company data. QuadrigaCX did the right thing by keeping critical data offline and encrypting all devices containing data. These all preserve its confidentiality. However, preserving the availability should not be neglected, as was the case here. Lesson learned here is that organisations should prepare for all sorts of eventualities with critical assets forming part of the business continuity plan. Risk always has a level of uncertainty and all events should be considered and risks assessed.

QuadrigaCX filed a creditor protection motion with the courts. The matter is still ongoing.

 

Source

[straycat19]

On 2/3/2019 at 9:52 AM, The AchieVer said:

QuadrigaCX filed a creditor protection motion with the courts

 

That is designed to protect companies from losses caused by factors outside the company, not from actions of personnel within the company itself, and especially not the founder.  The fact the company failed to create a back up plan directly puts the responsibility on it.  Customers should be able to successfully have this motion squashed.