Hacker News new | past | comments | ask | show | jobs | submit login
$190M missing after crypto exchange Quadriga CEO dies (theglobeandmail.com)
182 points by scosman on Feb 2, 2019 | hide | past | web | favorite | 125 comments

Edit - This is a conspiracy theory but it doesn’t mean it’s totally crazy - there is a good chance this “dead” CEO is still alive.

Very shortly before his death he got his affairs in order and flew to India. Then it’s reported he died along with a death certificate from India. Now they can’t find $200mil in crypto and are not reporting the cold storage addresses.

Would not surprise me if there has been massive fraud here, whether the CEO is alive or not. Everything is too convenient.

If you want to read posts from many sad and pissed off people, their subreddit is full of them https://www.reddit.com/r/QuadrigaCX

I am from India and trust me, finding a public toilet is more difficult than faking a death certificate

i don’t like talking about this in public due to the safety risk, but it’s also very easy in the united stages. you just need paper pen, white out and a fax machine. most death certificates are easily available online. perhaps i restored some of your faith in humanity. Deading someone isn’t more common

Most jurisdictions (US and otherwise) have moved to Electronic Death Registration Systems. There was a fun Defcon talk about "killing" people with them a few years ago - https://www.youtube.com/watch?v=9FdHq3WfJgs

And apparently a big problem if someone fat fingers your SSN and kills you by accident. Most systems aren’t design to unkill you to correct the mistake.

It’s easy I agree but not that easy. When my grand mother passed away at home in India we took her to the hospital and they said she was brought dead and they cannot issue a death certificate. Then we had to find some doctor in the neighborhood who was willing to issue one. Now he only agreed to issue after making sure that he she was actually dead. I suspect getting a fake death certificate would not not be this easy.

Are you trying to be dramatic just for the sake of it? Because finding a public toilet (aka sulabh shauchalaya) is not difficult AT ALL.

Source: I've lived in 7 cities in India all my life.

That's the joke: it's super easy to fake a death certificate in India.

Thanks for the clarification. English not being my first language, I find it difficult to catch jokes if they're worded that way.

As a native English speaker it still is ambiguous to me

In a country of over a billion people, I imagine that finding a public toilet is not that easy.

You imagine and I've experienced it. Wonder who has a better idea...

Yeah and imagine that faking a death certificate is even easier than that. That would make it a pretty effective metaphor for how easy it is.

Can you easily buy a new identity and passport though?

I guess with $200 million untraceable money you can afford to buy an identity of a dead Indian.

I would think since every transaction is recorded on the blockchain, and he is the only one with the keys, any activity involving those BTC would raise a red flag.

But suppose that some time from now someone moves all that BTC into a different cryptocurrency, potentially via automated services like shapeshift.

What happens? How do people punish him?

Death certificate is issued by local authorities, so easier to bribe. But valid Passport will be hard to get.

That could have been obtained before the "death", anywhere in the world. (and forged entry stamps could also be obtained)

wait. so is that easy or hard?

> Very shortly before his death he got his affairs in order and flew to India.

This is a huge red flag. It's really easy to get fake IDs, passports, marriage certificates, death certificates, driver's licenses[1] etc in India, if you grease the right hands. and it's not even that much in USD. We are talking a couple of 100 bucks ( USD ) for a new passport with a new name and far less for other things.

[1] Source: Me. I) had to bribe a DMV officer about 200 Rs ( 4 USD back then in 1999) to get my Driver's License , so I can drive in US. I had to do this cos I was leaving in 3 days and I'd landed a job the previous week ( Had my H1-B ready to go).

I didn't even go to the DMV. He delivered the "International Drivers Permit" drivers license right to my door in 2 days.

Add to this:

"Mr. Cotten was diligent in other areas of his life. He signed a will on Nov. 27, less than two weeks before he died."

If that his first will, either he knew he was so ill this was a chance or another red flag.

One comment in that thread stands out: "Who writes a will two weeks before their death but doesn't create a backup plan for the wallets that hold other people's funds?"

Wait... What the???

Quote "BitGrail lost $170 million worth of Nano XRB tokens because... the checks for whether you had a sufficient balance to withdraw were only implemented as client-side JavaScript "

I remember a number of early e-commerce sites that put item prices in HTML forms. So craft your own POST, and name your own price.

Yes, seen this once before, where the shipping price was calculated client side, then sent to the server with no validation. You could craft a request with a negative value and get the price down to a cent for the entire cart!

At least in e-commerce, you can always send an email to the customer explaining the mistake, and cancel the order...

Recently seen the price listed/editable in the URL on a checkout form page.

"top men"

Kudos. It's harder to lose $100m these days as when Bitcoin was at peak price.


Also, to feed the conspiracy theory that this is a fraud:

They are claiming he died from Chron’s disease which is highly unlikely.

It seems like a plausible deniability move. He probably has Chron’s disease and that can be easily proven through his medical history.

Also is easier to tie that, to a story in which he couldn’t get the right treatment for his Chron’s disease complications abroad.

Dying from complications related to Crohn’s is not out of the question, especially in places that don’t always have the best health care.

https://en.wikipedia.org/wiki/Medical_tourism_in_India "India is cost-effectiveness, and treatment from accredited facilities at par with developed countries at much lower cost."

But will a Canadian that’s unfamiliar with the country be able to find it?

(Serious question, I have no idea what the answer is).

It's really easy to find hospitals in India, just google 'hospitals around me' or use the phone number '102' to call an ambulance from any place. Usually, doctors are very comfortable talking in English. I'm from India and most of my conversations with doctors happen in English.

Extremely easy.

I've been unwell in India, and had unwell children there. India probably sucks if you have no money, but if you have a white face or other sign of affluence, then getting to a physician or hospital is no problem at all, and the care is good.

India probably sucks if you have no money

This is true in most of the world, not just India :P

It's also more likely to die from complications of, say, surgery for Crohn's. So you might make a will beforehand (he made a will 2 weeks prior to dying). For the same reason, you might look into key escrow or similar (he clearly did not).

I'm sure there's good health care there for people who can afford it

Good to add that they were having some liquidity problems before his death.

The trip to India was supposed to open an orphanage. This orphanage was built by an organization that accepts large donations for specific buildings such as orphanages or water wells. For an orphanage, it costs $ 50,000.

It did not seem to me, when visiting this organization's website, that they have full transparency about these negotiations and these expenses.

And so far they have not released addresses for cold wallets. Okay, he had the private key. But public keys would have to be known by the system.

He could perhaps have been having trouble with his Chrones disease, so he got his affairs in order and went to India for potentially risky and expensive treatment, which didn't go well.

And the motivation for getting the affairs in order didn’t motivate including private key management in the affairs. There is zero chance this is not a scam exit.

Well strictly speaking it is a conspiracy theory but not an unreasonable one.

Yes the exchange participating in not disclosing cold storage addresses would make it a conspiracy

Well, it is a conspiracy theory, but not all conspiracy theories are wrong...

Not sure there's even a conspiracy required, just the CEO being a fraudster.

Yes, since conspiracies have been unveiled several times before, the possibility is always there. Now, one needs some clues to feed the conspiracy. If there is an investigation we may know more.

Indian here. Its very easy to get a death certificate. Local newspapers do funny stings where they have got birth certificates and death certificates made of international personalities. Most funny was those of Zarqawi and Bin Laden.

Not true. Things have improved vastly in the health administration sector, especially when it comes to records. Corruption is indeed rampant but I think most Indians themselves have a very Bollywood-y idea about how things happen outside of their circle. So for a foreign official, outright faking it would be tough, until its somewhere deep in the rural parts (with little connection to the outside world). I think its more plausible that he committed suicide and the records are being altered, not faked.

Source: I have family working in this sector. Shit is difficult, especially if you are a foreign personal.

I'm sure they have improved greatly, which is wonderful, but it's still India, as you admit yourself:

> Corruption is indeed rampant

Are you seriously claiming you couldn't get a fake record in India for USD$1m? or even USD$100k? That is a lot of money for a doctor in India. I have a trouble believing it would be all that hard.

It was probably all organised before he even got on the plane.

A viable one at that. Many NGOs in India are actually sketchy business operations.

I am no expert but Indian laws are very strict when it comes to foreign money transactions. The law behind is called the Foreign Contribution (Regulation) Act, 2010. Everyone taking in foreign contributions need to register and file the amount of dollars flowing in.

I tried searching for the NGO on the FCRA website: https://fcraonline.nic.in/fc8_statewise.aspx

in state of Andhra Pradesh and got nothing.

people have done crazier things for less money

Fake your death, get some plastic surgery done, enjoy life with those $200 million dollars

Reminds me of drug trafficker "Lord of the Skies" Amado Carrillo Fuentes, who underwent plastic surgery, but died after the 8 hour procedure. The doctors were later found in concrete filled oil drums along a highway, with signs of torture to boot.



Another one:


Cold storage addresses.. you mean the morgue?

I know this is meant as humor, but if they reported the public cold storage addresses then analysis could be done on movements and timelines.

I’m quite confident the lawyers will get to the bottom of this.

You realize that all bitcoin transactions can be tracked. People have sent BTC from their wallets to Quadriga, it should be trivial to find the cold wallet address. Should be easy for anyone who understands blockchain forensics.

Great I just moved 50 dollars over and was going to use it yesterday but decided to wait. Cryto is like a game of hot potato where the most important thing is not to be the last holding the potato when the music stops. It's been slowly going down over the last year as people give up on an upswing and checkout at a lower price.

Using bitcoin as currency always made the most sense over a store of value. The exchanges have all of the properties of a 1910 bank just waiting to get robbed while the bank manager has already taken the loot from the vault.

Thank you!

The amazing thing is that BTC is still 3.5k after the countless money heist that happened. Actually I really thought that it was dead after Mt. gox. I guess that it’s Darwin at work here.

It actually works the opposite. Every time a heist or loss happens, coins are being removed from circulation, making all remaining circulating coins more scarce, thus more valuable in the long term (market takes a while to reflect this).

In heists, the coins become tainted and very difficult to sell as everyone can see their origin.

Mtgox removed quite a lot of BTC from the circulating supply.

No it didn't, those coins got back into the supply before the theft was reported publicly. I think the coins stolen from bitfinex are still sitting there so it does happen, just not with the MtGox theft.

Ahh, yes. That's right, a lot of it 'disappeared' without being noticed or reported, so reentered circulation fairly quickly. How much of it was successfully laundered though? Didn't they catch the guy suspected of laundering them? (Someone behind btc-e if I recall)

Don't really want to split hairs here, but there's still 137,891 BTC left in Mt Gox cold wallets that has yet to be liquidated by the administrators. (Out of the 200k that was 'found'). That's quite a significant amount by anyone's calculation.

It's like the opposite of the feds printing money. Removing currency from circulation decreases supply making it more scarce.

funny how people get the same information and make opposite conclusions ain't it

Crypto is a scam and the only reason anyone should partake in it is to either test your gullibility, or scam others.

Anything that 4chan's /biz/ board promotes aggressively is a scam 9/10 times

Many plants in nature will kill you if you eat them, but can you say that "Plants are deadly to humans"?

It's a bit like money. Money itself isn't bad, but people do incredibly bad things to get money. Likewise, crypto isn't "a scam". People make a lot of scams related to cryptocurrency, but that doesn't mean many of the concepts of cryptocurrency are bad or a scam.

Bitcoin may be quite imperfect, but it's also quite useful for exchanging value quickly and cheaply, and without banks getting to decide if you can or cannot.

would you accept payouts from a person(in the US) who only agreed to pay you in Zimbabwean dollars? that's the argument you're making...sure the currency has value but are you prepared to stomach the risk that dealing with it entails?

Well not to buy a pizza, probably not.

But if I wanted to buy drugs, then, yeah probably.

Also 90% of the population is in the developing world where it might actually be the case that BTC is more trusted than their local currency.

I think it’s myopic to consider the value of crypto against the 1st world’s banking system with respect to ‘standard’ transactions.

The value lies in either: ‘non-standard’ transactions (buying black market goods) or in developing nations.

Even in majority of developing countries, it's better to keep your money in Fiat or even USD account(where allowed) becuase you don't suddenly loose 80% in a month or two (Exceptions bring countries like Zimbabwe and Venezuela). Sure, you could loose say 20 to 30% due to fiscal adjustments due to many factors over a year, but almost everyone in your country would likely be in the same boat as you and things like PPP (for locally manufactured goods) might adjust to minimize some of the impact

A lot of developing countries prohibit currency exchange. For example I moved from the US to Tanzania about 6 months ago and the government has outlawed currency exchanges. There are only 2 ways to get USD: 1) the black market, which is expensive, 10% above the “fair” price 2) the National bank, which is 25% over the “fair” price.

I think BTC might be an attractive alternative here.

Moreover, by some measures, annual inflation is 7-10%. So holding the local currency is highly penalized

Nearly 3B of the developing world population is in India and China. I'm Indian and BTC is virtually banned here. Not that it has much utility - our payment systems are very robust and essentially free. UPI, a mobile-first payment protocol, beats anything crypto can throw up.

Two very different beasts. When you use the mobile payment system all your traces and data are being exposed, even much more than using cash. While people who need anonymity, or at least want to be hard to track, be it for buying drugs or escaping the unstable local currencies, definitely have a valid use case for crypto. Lumping everything under the term "scam" is shallow.

What does a scam mean? That it doesn’t have value? That it only has value for a select few scammers?

Crypto as a way to avoid taxes, buy goods on the black market, and as an alternative to a shaky local fiat currency are all great examples of crypto’s value.

Also, there’s also the investment angle. It (hopefully) operates as an uncorrelated store of value much like gold or other precious metals.

I think it would be very hard to argue that BTC and ETH are scams, that is, created for the purpose of the scammer stealing from the “scammee.”

Crypto itself isn't a scam, but its strengths also helps scammers thrive because a financial institution can't reverse malicious activity. This can be thought of as the same risk of loss as any investment. "If I convert to crypto, there's a non-zero chance my money could just disappear". This is (usually) necessary to take this risk into account when valuing crypto assets, so in a sense, scamming is part of crypto as long as crypto wants to be exchanged for fiat currency.

Money is involved. What do you expect? Most of the finance world is scammy, too.

Bitcoin only got as much traction as it did because of the financial crisis.

This illustrates why, through extensive experience and interaction with "blockchain" folks, I want nothing to do with the entire crypto industry. It attracts the very worst of the worst. I'm sure there are plenty of honest companies trying their best to legitimize this stuff. But the vast, vast majority of it is just outright plundering and fraud by the most vile people on earth.

People have said the same about the Internet in the past have they not?

Maybe. But the immediately apparent, world changing utility of the internet couldn’t be denied. It didn’t need “evangelizers”, it took off because it was a useful technology. I’ve yet to be convinced in the same way of a single legitimate non-speculatory use for crypto.

And even if you are generous and say it's incompetence and not fraud...that's still a good reason to steer clear.

It's certainly one or other when this sort of thing happens.

The company, which presumably has more employees than this one dude, never considered the fact that he was the only person who held the keys? C’mon.

I’m smart enough to have given a friend my 1Password emergency recovery kit and, I tell you now, that ain’t worth $200m.

This was also true at Mt. Gox, FWIW, as reported by an employee that I find credible.

The sector is clownshoes. We should not be surprised by clownshoes behavior in it. There is a spirited debate on whether a putative financial firm with 9 figures under management perpetuated a nine figure control fraud or was merely markedly less sophisticated at accounting controls than the bookkeeper at my daughter’s kindergarten, that being the plausibly exculpatory option in crypto.

I don't think the company had that many employees. From the legal filing:

Most of the business of the Companies was being conducted by Gerry wherever he and his computer was located. This was most often at our house

who would you trust enough to give the private keys to $200m?

You don't have to trust one person with a key for everything. You can use several keys, and even add a paid dead man's trigger from an unrelated website.

You can break the key up into pieces, so no one person holds the whole key, or use something like Shamir's Secret Sharing algorithm.

They did that here. They lost 1 part of the key and now can't access anything.

I thought it was obvious, but if you do this, you include redundancy.

Color me surprised... surely not another crypto heist.

This is going to keep happening, over and over again. Put your money in this stuff at your own peril.

We created a nearly perfect way to quickly steal large amounts of money... why would people take advantage of that!?

    #WrathOfJay {
        color: surprised;

text-decoration: underline;

Lotsa things don't add up and are just too convenient--based on paper articles. But, unless he gambled /lost them, faking his own death probably not going to ensure that he enjoys the loot. But then, not all think it to every detail.

I would have faked a hack and announce that 8% of coins were stolen or whatever. $15 million, means that at least he could have gotten half of it in cash (assuming a laundering discount) and a lot more if the price rises. Retire in a foreign country and be quiet.

Yet another aspect of crypto's long term ignored consequences come to light. i haven't seen ANY possible solution for transfer of crypto after original owner's death. even ethereum doesn't have this simple ability inbuilt(which you'd think would be obvious).

this basic question gets downvoted on any forum you'd think of - husband/wife has large amount of money in crypto, they die due to unforeseen circumstances(or even foreseen circumstances but it's a quick degradation of mental facilities). who does the spouse approach for the crypto? they have proof of death so why don't they get the money? poof, value gone - have fun now you're a destitute relative coz you can't figure out passwords(most grieving relatives can't)!

this is why no one trusts crypto,these simple things aren't a fundamental part of the platform. you get people telling you these convoluted solutions(that may or may not work). the fraud potential is sky high. is crypto only meant as a transient toy?

Just stick a copy of your private key in a bank safe deposit box? That box will be inherited by your next of kin.

Of course at this point you are (sort of) trusting a bank with your money (so why are you using crypto, again?) but it's probably safe and the safe deposit box + its contents would pass through all the usual legal procedures around an estate and more than likely pass safely to the intended beneficiary.

That's like saying cryptography is faulty since if someone encrypted an important document and threw away the key, it would be irrecoverable. That's the point. As for solutions, there are many: use a multi-sig contract with several owners (like a spouse and/or lawyer), or simply leave the seed phrase to be released in your will. The proposed solutions that "may or may not work" are easy to test, I'm not really sure where you get your information.

> That's like saying cryptography is faulty since if someone encrypted an important document and threw away the key, it would be irrecoverable.

No, it is like saying cryptography has important long term consequences. I don't even see any synonyms for "fault" in the post.

There are mechanisms if someone is careful about their estate planning, the issue is we have a great deal of evidence that most people don't do estate planning [0] and the courts have to clean up the mess.

Kkarakk is completely correct in saying that a (potentially non-technical) spouse or heir is being exposed to an exciting new way of losing large sums of money that they are entitled to. This is clearly a disadvantage of cryptocurrency, even if it is an intentional part of the design.

[0] https://www.bbc.com/news/uk-36325871

what happens when your fancy multi-sig contract is disputed by non-technical folk and the matter goes to court? court could easily throw all that shit out and say the crypto goes to your first wife instead. no guarantee that it will work at all.

There is already a well oiled machine for reading your secret-until-death instructions and distributing your possessions. Telling it about your private key storage media and passphrase is not exactly convoluted.

You could even leave parts of the key material with different lawyers/institutions, so that they would have to collude AND steal your hard drive/hardware wallet to access anything prematurely.


Haven’t read it; I just googled “crypto estate planning” (which google had an autocomplete for).

8 customer reviews, not even the top 200 when you search within the estate planning section...nice, i'm sure lots of people have read this

This capacity exists, it’s called a dead mans switch. There are many ETH smart contracts which do this.

A small typo can throw all the money in the trash, while a typo in a real contract can be fixed by a court based on other evidence.

No, there is no legal difference. A small typo in a crypto contract does not entitle the beneficiary to the funds. Your access to restitution through the courts is exactly the same.

A small typo in a crypto contract would not entitle the beneficiary to the funds...but a typo in a legal contract would, if sufficient other evidence of the true intent of the contract is available.

That was the whole point of the comment you were replying to. Legal real-world contracts are simply better for the scenario described.

A typo implies there is no intent.

What beneficiary?

The thief.

there is a way, you give a lawyer a key, or put it in a bank vault and incorporate it into your will. the only reason it's not transferable by default is because people can't touch it without your permission, which is a feature, not a bug.

>Operators of other Canadian cryptocurrency exchanges called it highly unusual for a single executive to be the only one with access to the company’s funds.

It's almost like they never heard of Mt.Gox and MagicalTux.

Greed to make money without honest work led many along wicket paths. Stupids will be slaugtered every now and then.

We have to learn when to participate & when not to. Learn to identify ponzi shcemes, coz they're here to stay.

Analogous, stock-market & trading; bigger companies/fish will always reap better than individual participants.

The 2017 FOMOers need a couple more of these

Everyone wanting to pretend to be Wolf of Wall Street and brag about not understanding technology but making a ton of money trading it? This is easily avoidable by all parties and their ignorance is catching up to them

> The largest individual user account balance is valued at $70-million.

ooof, although maybe if you have 70 mil in crypto it's only a fraction of your wealth. otherwise you're an idiot

It's likely a fund, not a single user's assets.

Yeah, in crypto it's usually not the former

If you don't own your keys, you don't own your crypto.

It's "$190M" in crypto currency, but I wonder how many dollars he's escaping with.

Not sketchy at all.

Paywall but can read article if you stop the page from loading before the modal pops up

Remove the "Https://" bit and type in "www.outline.com/" and it should work here and on many sites like it.

No need to, really. Just prepend "outline.com/" to the full url.



Please don't do this here.

I can't read the article, it is behind a paywall.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact