More details emerge in the QuadrigaCX saga. As reported here last week, the founder and CEO of the Canadian cryptocurrency exchange, Gerald Cotton, allegedly died in December, taking with him the only known keys and passwords needed to access "cold wallets" (wallets not connected to the internet) holding roughly $250 million in client funds. The exchange subsequently filed for creditor protection and a Canadian court appointed a Big Four auditing firm to oversee the case. That auditor recently issued a report describing how it has taken control of Cotton's laptops, encrypted USB keys and cellphones in order to recover client funds. The auditor further stated that while it had located more than $900,000 in cryptocurrency held by Quadriga, $500,000 in bitcoin was later "inadvertently" transferred by Quadriga to its inaccessible cold wallets. Blockchain analytics companies and internet sleuths later used this news of the transfer, along with other information, to track down the addresses for the wallets. A number of these addresses have now been published and appear to comport with some of the details in the auditor report.
In an update to another major hack, Elementus, a blockchain analytics firm, tweeted earlier this month that, of the roughly $16 million in tokens reportedly stolen in January from New Zealand-based exchange Cryptopia, $3.2 million were recently liquidated on other major exchanges, with a large portion of the funds going through Etherdelta, Binance and Bitbox. On the app front, a major digital distribution service and store was found unwittingly hosting a malicious "clipper" app, which looked like a legitimate cryptocurrency app but operates to steal funds by transferring them to the attackers instead of to valid wallets. The app has since been removed from the platform. In its attempt to defend against potential hacks, Coinbase recently issued a $30,000 bug bounty for a critical vulnerability in its system. Currently, Coinbase has a four-tier reward system, ranging from $200 to $50,000, depending on the impact of the bug. Coinbase also announced this week a means for safely backing up encrypted private wallet keys on widely used personal cloud-based storage accounts.
For more information, please refer to the following links:
- Report: QuadrigaCX Accidentally Transferred $500K in BTC to Cold Wallets It Cannot Access
- Blockchain Analysis Ties 5 Bitcoin Addresses to QuadrigaCX Exchange
- QuadrigaCX likely lacked any ETH cold wallets, per report
- Funds Were Moving On QuadrigaCX Right Before Its Collapse
- Analysis: Hackers Liquidated $3.2 Million in Tokens From Cryptopia Hack
- Google Play caught hosting an app that steals users' cryptocurrency
- First clipper malware discovered on Google Play
- Coinbase handed out a $30K bounty for a critical bug in its systems
- Backup your encrypted private keys on Google Drive and iCloud with Coinbase Wallet
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
