If we needed proof that truth is stranger than fiction, then we only need to look at the recent events surrounding QuadrigaCX. In a plot twist that could easily have come straight out of a movie, the Canadian exchange has stated that all of its customers’ crypto funds have simply gone–forever.
At the beginning of February, news broke that the founder of QuadrigaCX, Gerry Cotten, had died while traveling in India towards the end of 2018. Apparently, Cotten was the sole holder of the exchange’s private keys which are needed access to $137 million of cryptocurrencies held offline in cold storage.
QuadrigaCX actually owes a total of $190 million to customers. However, $53 million reportedly held in cash has been frozen due to ongoing disputes with banks and payment processors.
Understandably, the cryptocurrency community reacted to the news with shock and disbelief. Even in the unregulated world of crypto, putting a single person in charge of millions of dollars of customer funds is woefully irresponsible. Some have cried foul play, stating that the entire story is fabricated in an attempt to pull off an elaborate exit scam.
Exchange Security is a Continuing Problem
The story rumbles on, but long before the QuadrigaCX news emerged, security has long been a problem for users of cryptocurrency exchanges. The Mt.Gox hack is still one of the biggest exchange hacks of all time, and the aftershock is still causing ripples to this day.
In terms of the value of stolen funds, it was eclipsed by hackers of Tokyo-based exchange Coincheck in early 2018. Coincheck’s management team confirmed that the attack had generated losses worth $533 million in NEM tokens.
Perhaps the reason the Coincheck hack hasn’t embedded as deeply on the collective consciousness is that the crypto market in 2018 was much bigger than when the Mt.Gox attack happened. The $473 million worth of Bitcoin stolen by the Mt.Gox hackers was a far more significant proportion of market cap back in 2014.
Breaking All the Wrong Records
Market size notwithstanding, 2018 was still a record-breaking year for exchange hacks, with close to $1 billion in stolen funds racked up throughout the year according to intelligence firm CipherTrace. So far, 2019 doesn’t look to be much better.
Even before news of the QuadrigaCX incident broke, New Zealand-based Cryptopia customers were the latest to fall victim to hackers. The exchange website went down on January 13, with news following two days later that the Cryptopia had been subjected to a security breach, which had been reported to the local police.
Since then, news has been sparse. The Cryptopia Twitter account has issued one post since mid-January, referring users to a New Zealand police webpage that will provide updates about the ongoing investigation. The page itself only states that the investigation continues and “is expected to take some time to complete.” Blockchain analytics firm Elementus claimed in a tweet on Feb 5 that $3.2m of stolen Cryptopia tokens have so far been liquidated by the attackers.
Are Non-Custodial Accounts the Answer?
Trust is now becoming one of the biggest issues for users of custodial exchanges like QuadrigaCX or Cryptopia. When you use exchanges like these, you’re effectively handing over full responsibility and ownership of your cryptocurrency to the exchange.
Even if you don’t intend to hold your tokens on an exchange for a long time, they are still out of your control for the duration of the time the exchange has them. Whether it’s an external hack or an internal scam, from a user perspective, it requires a leap of faith.
How a Non-Custodial Exchange Works
For this reason, many in the cryptocurrency community are now looking to non-custodial exchanges for the additional security they offer compared to custodial exchanges.
Digitex Futures is a new exchange that’s just about to open its doors to the public. One of the main reasons to get excited about Digitex is that it’s the only exchange to operate a zero-fee model for its users, who will access the exchange services using the native DGTX token.
However, under the hood, the company is also working to implement Ethereum’s Plasma protocol. Plasma allows the development of child chains on the Ethereum platform, enabling far faster transaction speeds than the Ethereum main chain can handle by itself. By using Plasma-enabled smart contracts, Digitex plans to offer secure, non-custodial accounts to its customers.
Once this is up and running, it means that if you leave your funds on Digitex, they are held securely in a smart contract that communicates with a Plasma side chain. The smart contract is completely immutable – it cannot be changed or switched off as long as the Ethereum blockchain exists.
All funds and private keys are inaccessible to anyone within the Digitex organization. Even if the Digitex company systems are hacked, the attackers wouldn’t find any funds there to steal.
Non-Custodial Wallets for Safe Storage
Non-custodial wallets are also now starting to appear on the market. One example is Atomic Wallet. While many online wallets manage your private keys on your behalf, a non-custodial wallet gives you complete ownership of your keys and your cryptocurrency holdings. Atomic Wallet uses a mnemonic seed, which secures the user’s funds on their own device through encryption.
Non-custodial exchanges and wallets do provide the security of knowing you have full control and ownership of your crypto-assets at all times. However, with a non-custodial account, you are entirely accountable for holding onto your private keys. If you write them down, then lose or accidentally destroy the paper, nobody will be able to recover them for you.
However, in light of the proliferation of scams and hacks that continues to plague custodial exchanges, then keeping your keys out of harm’s way appears to be a far safer bet.