The inaccessibility of crypto funds following the death of Gerald Cotton, CEO of cryptocurrency exchange QuadrigaCX in 2018, has further raised public concerns over the credibility and security of digital asset investments.
Unlike previous cases where funds were stolen by hackers who discovered vulnerabilities in exchanges, QuadrigaCX did a good job of safe-guarding their users’ funds. In fact, the funds on the exchange were so tightly guarded, nobody has been able to access them since Cotton passed away in December last year!
After searching for months, users’ funds have still not been recovered. In April, Canada’s Nova Scotia Supreme Court officially approved the cryptocurrency exchange to file for bankruptcy, as it owed around 115,000 customers some $195,000,000 in damages.
AAX does not have a single point of failure (SPOF)
Several media reports have pointed out that the funds may have been stored solely in QuadrigaCX’s wallets and the CEO may have had sole access to the private keys of the exchange’s wallets. In this case, the recovery of the funds is tied directly to the recovery of those private keys – the whereabouts of which are as yet undiscovered.
Users of Quadriga are in limbo because nobody has been able to get the private keys that were only accessible to Cotton. This is a classic example of SPOF, where a single component can comprise an entire system. This example highlights the dangers of SPOF for cryptocurrency exchanges and indeed all businesses.
AAX actively implements technologies and procedures including multi-party and multi signatory processes, and well-defined authorization processes for key recovery to minimize risks and remove concentration of power in individuals, thereby eliminating the risk of SPOF.
AAX’s multi party processes in key recovery
The security team at AAX has mastered the technology to divide a key into multiple pieces. To reconstruct the original key, a minimum number of pieces would be required. This practice ensures keys can be recovered and funds released even in the loss of key staff and employees who have access.
AAX’s multi-signature wallets
The wallets of AAX are institutional-grade, multi-signature, multi-coin transactional wallets. All of our wallets use industry standard multi-sig or secret sharing for security. They require multi-signature and two out of three-key management to access, removing any single point of failure.
AAX wallets consist of 3 keys: one held by AAX’s compliance department; one held by AAX’s administrator; and the final one is held by a vault secured by a custody body for recovery and backup. Two signatures are required on every transaction on a AAX wallet.
These advanced security configurations ensure assets moving out of wallets are secured and recoverable.
AAX makes use of Two-Factor Authentication (2FA)
All accounts on AAX require a Two-Factor verification to operate. In addition to username and password, users will need to enter a code from his or her mobile phone, adding an extra layer of security to the account. While there is a risk that a single factor such as a password may be compromised, requiring a second factor can effectively mitigate this risk.
At AAX, we are actively working towards establishing procedures and protocols that can improve the future security of cryptocurrencies for all participants. We are continuously examining our technology and processes in detail to look for vulnerabilities to address and mitigate issues ahead of time.
To find out more about AAX or to pre-register please visit www.aax.com.