Exchanges - How many people have access to Cold storage Private keys?

[Kakmakr]

I watched the latest documentary 'Trust No One: The Hunt for the Crypto King' on Netflix last night and it was all about QuadrigaCX Exchange and the death of the founder Gerald “Gerry” Cotten.

QuadrigaCX collapsed in 2019, leaving more than 76,000 investors from Canada and around the world out-of-pocket for at least $169 million.  

Now, according to this documentary they said at one stage ... Gerald Cotten were the only person with access to Private keys to the Cold storage. It later came out that it was one big Ponzi scheme and that there were no coins in Cold storage.... but it still raised a red flag with me.

I hope this thread will remind Exchange owners and regulators to implement a backup plan for the keepers of the Private keys for the Cold storage on exchanges and people owning coins. 

Also, remember that you as a wallet owner have zero access to the Private keys for your bitcoins on an Exchange. It is also not advisable to store your coins on Exchanges for long periods.

                                                                 "Not your keys, not your coins"

[AB de Royse777]

I hope this thread will remind Exchange owners and regulators to implement a backup plan for the keepers of the Private keys for the Cold storage on exchanges and people owning coins.

For service like exchanges and others who need to store large amount of bitcoin, I would say a multi signature wallet is very much less riskier than having it to one man hand. If the one man has any accident or even an evil move from him will lose all the coins. A 2 by 3 or any combination of x by y ensures that you are not relaying on one person.

[Husires]

I hope this thread will remind Exchange owners and regulators to implement a backup plan for the keepers of the Private keys for the Cold storage on exchanges and people owning coins.

There are already some attempts from some platforms, I talked about them in this topic https://bitcointalk.org/index.php?topic=5383817.0 and I will quote the following:

• Binance have Secure Asset Fund for Users (SAFU) which committee 10% of all trading fees.
• BitMEX is known for its large emergency fund https://www.bitmex.com/app/insuranceFund

All of them will be good if there is a hack in the hot wallets, but hacking cold storage or with more than 40% of trading volume, it will be almost impossible for any fund to compensate for clients' losses.

[Beerwizzard]

From what I've heard, major exchanges are splitting their balance between multiple addresses in order to secure at least a part of these funds. Also, exchanges are making their own emergency funds that chould help in case of hack. So even if it happens, only a part of coins would be stolen and users would get a repayment.

It is definitely a red flag if the owner of the company have uncontrolled access over user's assets.

[Charles-Tim]

I watched the latest documentary 'Trust No One: The Hunt for the Crypto King' on Netflix last night and it was all about QuadrigaCX
Also, remember that you as a wallet owner have zero access to the Private keys for your bitcoins on an Exchange. It is also not advisable to store your coins on Exchanges for long periods.

Exactly. Not you key, then not your coin on blockchain, the owner of the key have the full control over the coin, that is why exchanges and custodial wallets can freeze their customers account, because they only provide their customers with addresses while they have the private key. These are good advise, it is not even not only to no leave coins on exchanges, also not to leave any inactive coins on exchanges, exchanges have the full control which is used to frustrate customers like during account freeze. Also, anything related to custodial service, people should know that it is not their private key and they have no full control.

[CaVO32]

From what I've heard, major exchanges are splitting their balance between multiple addresses in order to secure at least a part of these funds. Also, exchanges are making their own emergency funds that chould help in case of hack. So even if it happens, only a part of coins would be stolen and users would get a repayment.

It is definitely a red flag if the owner of the company have uncontrolled access over user's assets.

And that means, he has ill intentions to begin with if he wants full control of assets. Up until now, I don't know if I believe that he is dead already. It seems to me that he set up himself to that situation to get away with those millions. But no one really knows the truth. Why would he travelled to that country and suddenly disappeared and claiming to have a disease? But no one can produce his body. So for me, this is a mystery and just a reminder to all crypto holders not to store their coins to custodial platforms, even if we say they are trusted ones.

[bill gator]

QuadrigaCX collapsed in 2019, leaving more than 76,000 investors from Canada and around the world out-of-pocket for at least $169 million.  

Another example to further solidify my stance; we should not be using an exchange as a wallet. Leaving funds to sit on an exchange for any longer than necessary is defeating the purpose of BTC entirely. You are meant to be the exclusive owner and controller over your coins and letting anybody take that away from you, to any degree, for any amount of time is a mistake waiting to be realize.

We have watched countless exchanges of varying sizes disappear with everyone's coins, or implementing restrictions without warning that lock the coins down permanently. Save yourself the heartbreak.

The answer to the title of this thread is probably either "Too many to be comfortable with" or "Too few to be comfortable with", and either way it's people that you shouldn't be comfortable having ownership and control over your funds.

[livingfree]

It should be a multi-sig wallet.

And the access should be across to the high-rank officials of that exchange which includes the CEO and next to its lines like the board of directors. The difference in QuadrigaCX's CEO is that he really had planned it all before he made an exit.

Too bad that many good and innocent people were the victims of it that has good plans of increasing their assets value and just want to trade there.

[hd49728]

                                                                "Not your keys, not your coins"

There is a website on it: https://notyourkeys.org/

Your question is strange. In my opinion, exchanges decentralize their fund into hot wallets and cold ones. You store most of funds in cold wallets to make sure that only their team have access to private keys or seeds.

For hot wallets, when it needs to be refilled, they will make deposits from cold wallets to top up their hot wallets. So if exchanges let other people (outside of their team) to have access to cold storage private key, it means they have very serious issue. For exchanges, I think they know how to keep their cold wallets untouchable by strangers

[khaled0111]

The private keys for cold wallets must not be in one single man's hands for security and safety reasons. Here is an example why it's not recommended:
A crypto exchange may have lost $145 million after its CEO suddenly died
A multi-sig set up is a must so no one (even the exchange owner) can run away with the customers funds and if one of the private keys get compromized the funds remain safe.

Exchanges are not wallets and no one should use them to store his coins, not even for a short period of time.

[GreatArkansas]

I hope this thread will remind Exchange owners and regulators to implement a backup plan for the keepers of the Private keys for the Cold storage on exchanges and people owning coins.

There are already some attempts from some platforms, I talked about them in this topic https://bitcointalk.org/index.php?topic=5383817.0 and I will quote the following:

• Binance have Secure Asset Fund for Users (SAFU) which committee 10% of all trading fees.
• BitMEX is known for its large emergency fund https://www.bitmex.com/app/insuranceFund

(.....)

I am also curious about these emergency funds like Secure Asset Fund for Users (SAFU) are being secured by exchanges, for me, they are still in danger and still centralized.
This is the biggest problem of using a centralized exchange, hacks, and they can control it too because I believe that there are already a lot of cases in the past that there could be an insider and exchanges authority just telling the public that it is not insider, it was hacked by other people or entity.

[hugeblack]

If the cold wallet is hacked, the platform will rarely be able to compensate your clients' money because it is much more than they have enough assets to cover those losses.

If you notice that most of the money that is compensated for those hacks that occurred to the hot wallet, which represents about 3% to 5% of the total assets they have.
Thus, they can compensate for the assets registered in their name, but the cold wallet penetration means the end of the platform, so it is accessible to specific people.

We can consider what happened to QuadrigaCX to be exit scam because debts cannot be inherited to the children of the deceased, and therefore if the founder disappeared, they could put that argument to steal the money.

[naira]

Meanwhile, for now I personally always set a benchmark on the funds on the exchange if the funds are specifically for trading. Then I will cash out the rest to keep in a cold wallet with multiple layers of transactions. In conclusion, don't let the funds last too long on the exchange if there is no trading activity.

Btw I'm interested in watching the documentary.