Nobody Can Find a Trace of QuadrigaCX’s Ethereum Cold Wallets

At least four different analyses of public blockchain data have found suspicious movements of funds controlled by QuadrigaCX, the Canadian crypto exchange that claims to have lost access to its reserves after its founders’ unexpected death. Millions of dollars’ worth of Ethereum was moved from QuadrigaCX to a variety of other exchanges between 2016 and 2018—movements that are hard to reconcile with the normal functioning of an honest exchange.

Coindesk’s analysis found nearly $1 million worth of ETH was sent from Quadriga accounts to other cryptocurrency exchanges in December 2018 alone. More than half of that was transferred in the week before Cotton’s reported death on December 9.

In its recent filing for bankruptcy-like protection, Quadriga disclosed that its customers had balances totaling 430,000 ETH, or about $46 million USD, and more than $100 million worth of other cryptocurrency. It claims that most of those funds were stored in accounts only Cotten himself could access.

It is common for exchanges to operate both “hot wallets” that handle day-to-day transactions, and “cold wallets” that hold funds long-term. A “hot wallet” can mean either a desktop wallet, which can be physically compromised or keylogged, or an exchange account, which can be compromised in about a thousand ways. A “cold wallet” is a highly secured account, generally defined as one whose private keys have never been exposed to the internet, and therefore can’t be hacked. It can mean a ‘paper wallet’ containing private keys generated on an air-gapped computer, or a hardware wallet like a Ledger Nano.

But several analysts further claim that in reviewing Quadriga’s transactions, they have found no sign of those “cold wallets,” at least on the Ethereum blockchain. Similar conclusions have been reached by the analytics firm Elementus, an independent analyst known on Twitter as @proofofresearch, and by Taylor Monahan, CEO of MyCrypto.

The possibility those wallets don’t exist at all, along with the hard-to-explain transfers to other exchanges, raise questions of gross mismanagement or even criminal behavior behind the scenes of the exchange.

QuadrigaCX has claimed it lost access to its cold wallets because Cotten himself was the only one with the accounts’ private keys. But the possibility those wallets don’t exist at all, along with the hard-to-explain transfers to other exchanges, raise questions of gross mismanagement, or even criminal behavior behind the scenes of the exchange.

On Friday, reporter Laura Shin published an episode of her Unconfirmed podcast featuring Monahan, who gave an enlightening (and dispiriting) description of how she concluded the cold wallets don’t exist.

Starting with blockchain addresses that Quadriga has publicly disclosed owning, Lorenz was able to “follow the money.” “You can detect patterns,” she told Shin. “You can see common addresses that they’re sending to. And . . . you can really start to see the difference between when a customer deposits funds into Quadriga, and when Quadriga themselves is sending around money.”

Monahan found that Quadriga used only three addresses for its primary ETH holdings. She also says she found a clear distinction between automated deposits by customers, and transfers made manually by the exchange. Automated sends, Monahan explains, often come with “a lot of decimals,” while manual transactions were made in round numbers.

According to Monahan, those manual transfers included large transfers from Quadriga accounts to other exchanges. “We’re seeing a lot of ether being moved to other centralized exchanges, primarily ShapeShift, Bitfinex, and Poloniex.” Those could be customer transfers, though some were large enough to make that hypothesis a longshot.

More importantly, those manual transfers didn’t reveal any previously unknown ETH reserves. “If there were cold storage, or even any storage account with a significant amount of money in it, you would expect this to show up at some point . . . but we don’t have any address that just held money, like you would expect of an exchange of this size that’s using cold storage for its reserves.” Though transfers out of cold wallets are tightly restricted to enhance security, their balances should still be visible on a public ledger.

Quadriga’s apparently regular use of other exchanges is equally worrisome. Quadriga had very troubled banking relationships, and may have been forced to convert some crypto assets into conventional currency to pay operating expenses. But that doesn’t explain transfers to Bitfinex and Poloniex, which didn’t offer conversion to conventional currencies during the period in question. Monahan also told Shin that the amount of money being moved was “far more than one would ever need [to convert to conventional currency] for day-to-day operations.”

The involvement of ShapeShift is “even weirder,” Monahan told Shin. “I really cannot imagine why they would ever do this.” That’s because ShapeShift charges above-market transaction fees in exchange for convenience. Monahan says the amount moved from Quadriga to ShapeShift totaled “321,000 ETH, with a total equivalent value of $20 million at the time of transaction.” These were, according to Monahan, conversions from ether to bitcoin. “The amount they spent on fees, and the higher [price] spread on ShapeShift, it just defies logic.”

It may be significant that, until last fall, ShapeShift didn’t require identifying information from users. Later, on Twitter, Monahan has referred to such transactions as “laundry day,” implying that she suspects they’re tied to efforts to conceal or “launder” funds. Monahan also speculated to Shin that Quadriga could have used information gathered from its own retail customers to open accounts on other exchanges.

Though those are unsubstantiated claims, the blockchain data themselves are irrefutable, and paint a highly worrisome picture. This morning, Monahan published a large cache of the relevant transaction data, and is inviting fellow sleuths to try and unravel more of the story.