The Canadian cryptocurrency market is growing more shaken by the day over the scandal involving QuadrigaCX, whose owner 30-year old owner, Gerald Cotten, died unexpectedly in India and took to his grave the codes to access to nearly $140 million worth of cryptocurrencies held in the company’s “cold storage” system.
Well over 100,000 customers are still hoping their assets are not gone forever. The Nova Scotia Supreme Court has granted the exchange temporary protection from its creditors as a court-appointed monitor searches for the missing funds. Meanwhile, Canadian banks are acknowledging the controversy is making them more suspicious about crypto in general.
The crypto industry should be much further along when it comes to storage and use of private keys. Bitcoin was released a decade ago—a lifetime when it comes to technology. And in much of the world, nearly all money now is digital—the balance you have in your checking account isn’t sitting in cash in vaults; it’s simply a record in a database within a financial institution. Cryptographic assets are the next evolution of this, immutable records on a public database or blockchain with which anyone is free to interact.
Because the industry doesn’t have all the regulations and controls of the established banking industry, crypto asset owners should consider six factors before giving over assets to any third party.
1. Have you reviewed audits and accreditations? Whenever you work with an exchange or safekeeping provider, it’s important to verify they are the best in class. Before you leave your assets with them, make sure that they are doing external audits for the security of their financial holdings. Ask to see their audit reports, their compliance documents, and any other oversight details they can provide. These should be your baseline.
2. Do they have insurance? Unlike traditional banks, FDIC insurance isn’t available for cryptographic holdings, but that doesn’t mean they can’t access insurance coverage. They can, and some do. You should always ask for coverage information before storing your assets with a given safe keeper, and the company should be able to provide this information readily. In addition, ask about beneficiary services to ensure that assets can be transferred in the event of your death.
3. What’s their business continuity strategy? Companies change, technologies evolve, and people come and go. Those are business realities. Is the company prepared to adapt as needed when those changes happen? While keys should be safeguarded, a rigorous process should exist for transfer to others in the event someone leaves (or, as in the QuadrigaCX example, dies suddenly) so that nothing is lost.
4. Do they have a track record of success? Typically, you don’t want to store your assets with a new company in the space with no operating history. Not just because they’re new, but because you can’t yet know anything about them or what their performance history is. Reviewing their audit materials can help with this, allowing you to review the history of every transaction on their platform and confirm their operating history. Also, for more established businesses, consider the type of business they’ve operated. Operating a secure cold wallet infrastructure is significantly different than providing hot wallets for high transaction throughput.
5. Who else trusts them? What other businesses are working with this company? Have any large, known holders been willing to put millions of their own crypto assets onto that platform? That kind of trust is good social proof, demonstrating that others trust and are happy with a platform, so maybe you should be, too. However, don’t rely only on social proof: that’s one way convicted Ponzi schemer Bernie Madoff and disgraced Theranos CEO Elizabeth Holmes convinced more investors to trust them. But social proof can be one component of a larger due diligence strategy.
6. Are they using multi-signature protection? Multi-signature is the idea of using multiple keys to access cryptographic assets so that it requires multiple people to come together to release the assets. Further, those who oversee wallets must add appropriate layers of governance and security controls. These may come in the form of operational processes, automated, and manual oversight.
While the crypto custody industry is new, there are certainly reliable providers out there who follow rigorous standards. Most groundbreaking technologies went through cycles of improvement, and that’s what we’re seeing in cryptocurrencies right now.
Progress is happening at a fast pace, perhaps faster than any change in the financial system ever before. The new industry and supporting supply chains are maturing, becoming more real by the day with adoption in all sectors.
In the meantime, by following these best practices crypto businesses and investors will be better able to protect their assets and their bottom lines—no matter what comes next for the market.
Joshua Berlin is Senior Vice President of Custody and Information Systems at SALT.