Remember: No Crypto Exchange is Bulletproof
Juan Villaverde is an econometrician and mathematician devoted to the analysis of cryptocurrencies since 2012. He leads the Weiss Ratings team of analysts and computer programmers who created Weiss cryptocurrency ratings.
On Jan. 28, Canada’s biggest cryptocurrency exchange, QuadrigaCX, suddenly went dark. At least $136 million in customer assets vanished under highly suspicious circumstances.
How was that possible? Here’s the scenario that’s being reported:
Founder and CEO Gerald Cotten abruptly gets married, changes his will, and flies to India in sole possession of private keys to the exchange’s offline crypto wallets.
A death certificate surfaces, saying Cotten died suddenly of Crohn’s disease. But Crohn’s disease is not normally fatal, and India is home to a thriving black market in high-quality fake documents, including death certificates.
Whether all this is true or not, the fact remains it was no ordinary hack. Typically, hackers attack from the outside; this one looks like it was the ultimate inside job.
Did Mr. Cotten secretly siphon off customer crypto to his own private wallets? To co-conspirators? We may never know for sure.
Still, this episode highlights two risks of doing business with cryptocurrency exchanges. The first is widely acknowledged in the industry. But almost nobody talks about the second.
Risk #1: No exchange can be 100% bulletproof against hackers
Every time a cryptocurrency exchange uses a private key for one of its wallets to accommodate a customer withdrawal, there’s a risk it could be compromised.
The risk is tiny, even infinitesimal. But it’s not zero. So, when you multiply that risk by millions of transactions, suddenly it’s not so tiny after all.
Robust security policies and procedures can greatly reduce the risk. But they can never extinguish it.
Reason: The process for withdrawing cryptocurrency from an exchange requires the use of a private key via an automated online process. That’s inherently risky.
Technology is always evolving, but clever hackers are perpetually on alert for new ways to score.
Security experts know that, no matter what they do, exchanges could ultimately be vulnerable to Risk #1. So as back-up plan, they normally keep only a small fraction of their total funds in the online wallets they use to transact with customers.
It’s like a neighborhood grocery store that keeps just enough change in the cash register to cover the business on an average day. The bulk of their money is moved offsite. In the crypto world, the equivalent mechanism is called “cold storage.”
Are cold storage wallets safer than online wallets? Sure. In-and-out transactions are less frequent. So, there are far fewer chances for private keys to be compromised. And, needless to say, if they’re not even connected to the internet, it’s much harder for hackers to gain access in the first place.
However, this solution to risk #1 can also create …
Risk #2: Too many exchanges are not audited.
There are a lot of exchanges in the world. If even just a handful don’t get audited, that’s too many. If there are more, that’s even worse.
Result: There’s no way to know how much crypto they have — not even how much they’re supposed to have. Sure, we know about some wallets that belong to exchanges, but the full picture is often not disclosed.
Here’s the issue in a nutshell:
The distributed ledgers that support cryptocurrencies are transparent and fully auditable. But once the assets are sent to an exchange, only the exchange staffers know how much they actually hold.
You’d think customers would demand more disclosure. But most are satisfied just so long as their transactions are executed efficiently, and they can get their crypto out on demand.
In the meantime, the opacity of exchanges can conceal a multitude of sins. This researcher claims Quadriga never even held the Bitcoin it supposedly lost and depended on inflows from new customers to cover withdrawal requests by existing customers.
Valuable Lessons from Bernie Madoff’s Ponzi Scheme
Investigators recently interviewed by the Wall Street Journal reached a similar conclusion. They suggest Quadriga was a crypto version of the Ponzi scheme that fraudster Bernie Madoff ran for decades.
Indeed, the comparison to Bernie Madoff contains a valuable lesson that exchanges and their customers should not ignore:
Madoff started off as an honest fund manager. But he soon realized he could bring in a lot more money another way.
As long as customers thought performance was good … and as long as they could get their money out on demand … they didn’t ask questions. They didn’t concern themselves with the “intricacies” of his apparently “infallible” investment strategy. They never realized he was running a pyramid scheme.
Now, Bernie is doing something he never had much time for before. He’s reading good books. Behind bars.
Reputable crypto exchanges don’t do that. They don’t even think about it. But in the absence of regular audits, they could be in a position to.
That’s not just bad for customers. It’s bad for the exchanges, too.
To run a clean business, they not only need to avoid shady operations, they also must avoid the appearance of shady operations.
Was the Mt. Gox disaster really a hack?
Or was it also an inside job?
The Mt. Gox exchange was once responsible for processing about 70% of all Bitcoin trades.
Then, in early 2014, the problems began to show up. Customers claimed they’d been waiting for months to withdraw their Bitcoin. Mt. Gox eventually filed for bankruptcy protection and claimed it had lost some 740,000 Bitcoin. (You can read the full story here.)
We’ll never know for sure exactly what happened. But here are three possibilities:
- Mismanagement. Due to internal confusion or bad data, Mt. Gox wasn’t aware of how much Bitcoin they owed their clients. And they didn’t have enough on hand to fulfill their obligations.
- Internal theft. Someone on the inside was stealing funds from customers, transferring Bitcoin deposits to their own accounts, and no one noticed.
- Hack. Someone from the outside had broken through the exchange’s security barriers and stolen the Bitcoin. Management was not aware. Or they thought they could cover it up.
All different? Yes. But all boil down to the same problem: Mt. Gox did not have sufficient funds to meet customer withdrawals.
In other words, they were effectively using what’s called a “fractional reserve system,” whereby their IOUs are bigger than their assets. It’s a game that can be perpetuated just as long as customers don’t rush to redeem their assets at the same time.
Back in the 1930s, the fractional reserve system — combined with the lack of audits and transparency — is what left U.S. banking institutions vulnerable to bank runs. It also helps explain why companies that specialized in nonprime mortgages went bankrupt in 2007, triggering the global debt crisis.
The irony is that Bitcoin was invented in response to all this. So are exchanges now reproducing the same vulnerable system that cryptocurrencies were supposed to replace?
The bigger issue here isn’t just about what happened to Quadriga’s CEO or Mt. Gox. It’s about exchanges in general:
When you use an exchange, you are do not really trade or hold crypto. All you trade or own is an IOU, to later be redeemed by the custodian for crypto or fiat at a later date.
Just like a bank.
But banks are regulated. They are accountable to national governments and international institutions. They must adhere to strict rules. They’re audited regularly. You don’t often hear stories of bank CEOs flying off to India with depositor funds, and then claiming to be dead.
In the world of crypto, the exchanges you deal with have essentially the same risks, but without the guarantees that make the traditional banking system relatively stable for billions of people worldwide.
Is this situation hopeless?
Not at all.
We’re not against exchanges. Not in the slightest. What we want to see is more transparency and more accountability in the process of exchanging one crypto asset for another. We’ll lay out some guidelines in a future post. In the meantime …
- Be sure to transfer most of your crypto to your private offline wallet.
- Keep the key codes backed up in a safe place.
- And never share them with anyone, except for one designated person you’ve known personally and trust completely.