Bitcoin Q&A: The QuadrigaCX Scandal and Counterparty Risk - YouTube

Christina asks, "Regarding the matter of QuadrigaCX and the funds lost, as the owner died holding the keys,

can you see this affecting encryption and regulation?" This is an interesting question, Christina.

QuadrigaCX is a Canadian exchange that recently went into bankruptcy proceedings,

in order to protect itself legally while it tries to find [a way to] pay back its customers.

The story at the moment, as far as we know, is that the owner of the exchange had sole control over keys...

to the cold storage, which is long-term storage of [cryptocurrency] that is offline for security reasons.

[Allegedly], the owner of QuadrigaCX was the only person with access to these keys.

They died recently. As a result, those keys are now "lost."

It appears they were stored on an encrypted laptop.

This is a perfect example of the risks [around] third-party custody over keys.

I've used an expression many times. You have probably heard it being chanted as a mantra:

not your keys, not your coins, or not your keys, not your bitcoin.

Not your keys, not your crypto.

The idea is, you should be very careful with trusting third parties to hold your money.

This applies to any domain of money, but it applies especially to [cryptocurrencies]...

because it is easier to steal or lose bitcoin and other cryptocurrencies when you put it all in one place,

under the control of one person.

Bitcoin maintains its security through decentralization. In order to rob a thousand people, you would need to...

break into a thousand wallets on different computers, which are on mobile, desktop, or hardware wallets, etc.

That is very difficult to do. Essentially, you would need to pull off a thousand heists.

But if those one thousand people deposit their crypto with one person who controls all the keys,

now you only need to hack or lose one wallet to get one set of keys, and those thousand people lose their money.

This is exactly what has happened in this case. How does it affect encryption and regulation?

It doesn't really change anything about either of those categories. Arguably, as I said in...

my testimony to the Canadian Senate, it is important to [be skeptical of] institutions that hold bitcoin...

on behalf of other people in custodial accounts, in a very similar way to banks.

We should put them under the same type of scrutiny. They concentrate risk when they have control...

over people's funds, significant risks to resilience.

[There should be] contingency planning, disaster recovery, and business continuity...

in the event of a founders death, theft, or hacking.

Reserves [should be audited regularly to determine] whether they actually have the money they claim to.

As I have suggested, regulating the decentralized control of [cryptocurrency] keys is unnecessary.

Regulating the centralized control of keys is necessary and something the government should be doing,

but of course in the space there is a lot of sloppy security.

Hopefully, this doesn't change encryption or regulation, but it teaches people the lesson that apparently...

needs to be told again and again, when exchanges fail again and again.

People [need to] learn the fundamental lesson of not trusting third parties with their cryptocurrency.