QuadrigaCX: British Columbia’s Regulator Reportedly Didn’t Have Oversight Over the Exchange

Those using the now embattled cryptocurrency exchange QuadrigaCX won’t be able to count on support from British Columbia’s securities regulator, the British Columbia Securities Commission, as it wasn’t regulated by the agency.

According to Bloomberg Brian Kladko, a spokesman for the British Columbia Securities Commission, revealed the agency currently has no indications QuadrigaCX was “operating as a marketplace or exchange under British Columbia securities laws.” Kladko concluded:

As such, BCSC does not regulate it.

The cryptocurrency exchange went down weeks after his founder and CEO Gerald Cotten unexpectedly passed away, on December 9. It was taken down after it was revealed Cotton was the only person with access to its cold storage keys, meaning QuadrigaCX was left locked out of the $145 million it owed users.

Reports have shown he filed for a will 12 days before passing away in India, and the documents show he left all his assets to his wife, Jennifer Robertson, and he made her the executor of his estate. In an attempt to resolve the complex situation Robertson filed an affidavit, where she mentioned she wasn’t able to retrieve the funds.

She explained:

The laptop computer from which Gerry carried out the Companies' business is encrypted and I do not know the password or recovery key. Despite repeated and diligent searches, I have not been able to find them (the passwords) written down anywhere.

QuadrigaCX has since been granted creditor protection by a Nova Scotia Supreme court, which essentially protects it from lawsuits while it figures the situation out. To pay back its 115,000 users, it’s reportedly looking to sell its platform.

Research conducted by blockchain portal Zerononcense has, however, claimed QuadrigaCX might’ve never had the $145 million to begin with, and that the story of being locked out doesn’t make sense as wallets associated with the exchange have been moving funds. Cotten’s death certificate, issued by the Government of Rajasthan’s Directorate of Economics and Statistics, has since surfaced.

To date, Kladko added, no crypto exchange has been recognized as a marketplace by the securities regulator. The regulator does have oversight over the firm behind QuadrigaCX, Quadriga Fintech Solutions Corp., which is a public company. The British Columbia Securities Commission has reportedly ordered its shares to stop trading back in 2016, as it failed to “make required filings.”

Canada’s federal police agency, the Royal Canadian Mounted Police, is aware of the situation but hasn’t revealed whether it’s investigating it or not. Sgt. Penny Hermann, in an email to Bloomberg, was quoted as saying:

The RCMP is aware of the allegations against Quadriga CX. We will not be providing any further information.

Robertson, Cotten’s widow, has reportedly hired a hacker to try to access the embattled exchange’s funds in his laptop.

CZ Explains How Binance Dealt With Aftermath of $40 Million Theft

On Sunday (May 19), Changpeng Zhao (aka "CZ"), the Co-Founder and CEO of digital asset exchange Binance, told the crypto community what he and his team had been up to since the May 7 security breach that resulted in a theft of over 7,000 BTC from their Bitcoin hot wallet. 

What Happened on May 7?

According to CZ, the hackers involved in the security breach somehow managed to get control over a number of user accounts and structured large withdrawals from these accounts in such a way thay managed not to be detected/noticed by Binance's "pre-withdrawal risk management checks." Their "post-withdrawal risk monitoring system" only noticed something was wrong after the hackers had moved the stolen BTC off of the exchange via a single transaction, at which time it immediately suspended all "subsequent withdrawals." 

At first, the Binance team was not exactly sure what had happened, and so they decided that the safest course of action was for CZ to send out a tweet to say that the "withdrawal servers" were in "unscheduled maintenance mode" while the team was investigating the incident. 

Communication With the Crypto Community

Once the team had confirmed that the exchange had been hacked, information about the security incident was broadcast to the outside world via all of Binance's communication channels (such as Telegram, Twitter, and Medium). 

Since the team could not be sure which user accounts the hackers had access to, it was decided that it would be too risky to allow further withdrawals to be made until the team had the chance to make "significant changes" to the platform (to make it more secure). Binance's announcement on May 8 estimated that the exchange needed to do "a thorough security review" and estimated that this would take about "ONE WEEK," and that during this period, "deposits and withdrawals" would need to "REMAIN SUSPENDED."

By being fully transparent in their communication with Binance users, they were able to receive "tremendous support" from them.

CZ's Periscope AMA Session on May 8

Seeing CZ live put much of the Binance community "at ease." Unfortunately, because CZ had been up all night, he was not in an ideal mental state when he did the AMA. Just before the AMA, his team told him that a Bitcoin Core developer had suggested that it would be technically possible to roll back the single Bitcoin transaction carried out by the hackers by "hugely incentivizing the miners." CZ made the unfortunate mistake of mentioning this "reorg" idea (which he now realizes is a "taboo topic") during the AMA, for which he took a heavy beating (especially from hardcore Bitcoin maximalists) on Twitter (and elsewhere). 

CZ's Mental State Right After Being Told About the Bitcoin Theft

Although he was in a "F***, F***, F***” state" for around 10 seconds, a few moments later, he "began to come to terms with it," and a quick mental calculation told him that the theft of around 7000 BTC (equivalent of around $40 million at the time) could be fully covered by their SAFU fund. Meanwhile, his team had already gone into "War Mode", and their professionalism and support cheered up CZ. 

Support From the Crypto Community

Binance received support from many sources: people defending him and Binance on social media platforms, and helping to answer questions; the Binance Angels (who are all volunteers) "addressing questions" and "reassuring" users on "multiple communities"; analytics firms helping with the tracking of the stolen funds; exchanges and wallet services offering to help by blocking "any deposits associated with the hacker addresses"; and "numerous offers for help from law enforcement agencies around the world."

A Blessing in Disguise?

"Speaking with various team members, and as correctly analyzed by community members, such as Gautam Chhugani, this incident may actually be a good thing for us in the long run. Security is a never-ending practice. There are always more things to do in security, and we have implemented many of them in this last week and will continue to implement more in the future. Given this incident, Binance has actually become far more secure than before, not just in the affected areas, but as a whole."