QuadrigaCX and the Importance of Business Continuity
The tragic December death of QuadrigaCX CEO Gerald Cotten has been the subject of much discussion over the last week. As most everyone knows by now, Mr. Cotten left $136M (USD) of his cryptocurrency exchange’s assets irretrievably locked in cold storage when he passed away.
The Wall Street Journal and others have also reported evidence suggesting QuadrigaCX may not have been holding the assets in cold storage as claimed. Whether the assets are lost in cold storage or lost some other way, this story highlights the importance of business continuity planning, and the challenges of what’s known in the security realm as “key person risk.”
An organization is exposed to key person risk when asset security or accessibility depends on a single individual. Organizations — whether institutional investors or exchanges — have a responsibility to ensure their assets can’t be unilaterally moved by any one individual, and aren’t entrusted to any one individual for safekeeping. Moreover: accidents happen, and assets should always be stored in such a way that they’ll be secure and accessible no matter what happens to any organization member.
QuadrigaCX failed to eliminate key person risk, but this shouldn’t come as a surprise: most organizations simply don’t know what best practices to follow when safekeeping digital assets. Even when organizations adopt approaches that control for key person risk, they usually don’t follow the necessary operational rules. For example, I’ve reviewed dozens of institutional self-custody solutions over the years, but I’ve never seen a policy implemented where a quorum of key-holders is forbidden from riding in an Uber together.
Unfortunately, the fact that solutions to problems like key person risk appear self-evident leads many to mistakenly believe that their implementation is easy. In practice, these policies are hard to implement and audit consistently. When was the last time you brought your quorum together? Do you know *right now* if all the shards are still available? Key person risk is one of dozens of potential issues that organizations holding digital assets must navigate successfully, and most organizations lack the expertise in-house to anticipate these issues.
Most worrying of all: if even the problems that require no technological expertise are consistently botched by a range of organizations, think of how unsound the average organization’s technical controls for private key management must be.
The safe custody of private keys in an accessible manner is a genuinely hard problem. And like other hard problems, it requires specialized organizations to tackle it. Anchorage has developed an approach to digital asset custody that is more secure than cold storage, but also extends all the benefits of asset accessibility. If you’d like to learn more, we invite you to get in touch.
About Anchorage Digital
Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry’s leading security infrastructure. Home to Anchorage Digital Bank N.A., the only federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings. The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn.
This post is intended for informational purposes only. It is not to be construed as and does not constitute an offer to sell or a solicitation of an offer to purchase any securities in Anchor Labs, Inc., or any of its subsidiaries, and should not be relied upon to make any investment decisions. Furthermore, nothing within this announcement is intended to provide tax, legal, or investment advice and its contents should not be construed as a recommendation to buy, sell, or hold any security or digital asset or to engage in any transaction therein.
Anchorage Digital Bank National Association offers fiat custody services through the use of an FDIC-insured, licensed sub-custodian.