back to article Crypto exchange in court: It owes $190m to netizens after founder 'dies without telling anyone vault passwords'

A Canadian court today granted legal protections to a Great White North cryptocurrency exchange that is holding some $190m that can't be accessed – allegedly because its founder, the only person with the passwords to the digital vaults, died. QuadrigaCX went to a Nova Scotia judge for temporary protection from potential …

  1. Starace
    Alert

    Bullshit

    If you believe that little story you'll believe anything.

    I mean seriously, the only keys to all this real and crypto money were held irrecoverably by one person? All this money that happened to be stored in such a way that only this one person had control? Someone who just happened to be off abroad (which would have fucked the operations of the company anyway) and 'died' somewhere where it wouldn't be particularly difficult to buy the paperwork to prove this?

    Smells scamtastic one way or another.

    1. BillG Silver badge
      Alert

      Re: Bullshit

      I was thinking the same thing, this whole thing smells like bullshit.

      "In filing for protection, QuadrigaCX, which went offline last week, will be shielded from lawsuits by its aggrieved customers..."

      Bullshit. If this outrageous B.S. story was actually true and only one person held the passwords, then they deserve to be sued into oblivion.

      1. Doctor Syntax Silver badge

        Re: Bullshit

        "If ...only one person held the passwords, then they deserve to be sued into oblivion."

        If only one person held the passwords they don't need to be sued.

      2. LucreLout Silver badge

        Re: Bullshit

        If this outrageous B.S. story was actually true and only one person held the passwords, then they deserve to be sued into oblivion.

        What would be the point? Despite government insistence to the contrary, a court order can't beat the maths in modern encryption. If, and I'll freely admit it's a big if, the stroy as told is true, then they have no recoverable assets, rendering suing them pointless.

        If, of course, its a fraud - either the guy has a fake death cert, or the wife has the decryption keys and he's really dead - then proving that seems to be challenging. I may very well have this wrong as I claim very little knowledge of crypto currency, but presumably the 'coins' in the 'wallets' are identifiable, and could be watched/tracked; any movement of any part of the 'assets' at any time in the future would indicate someone having access to the keys?

        1. c1ue

          Re: Bullshit

          There are more possibilities than the 2 mentioned.

          The strongest possibility IMO is this is the final act of a Ponzi scheme.

    2. romandog

      Re: Bullshit

      I believe it. Something similar happened to members of my family when our Uncle passed away and didn't write down his Netflix password. Devastating.

      Most everyone's coin is in the cloud and 1 keystroke away from being locked out. Buy PMs or a house.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bullshit

        I never thought of Project Managers or Prime Minsters as a particularly good long-term investment...

        1. Swiss Anton

          Re: Bullshit

          I don't know, May seems to be indestructible

          1. Androgynous Cupboard Silver badge

            Re: Bullshit

            Despite her best efforts.

        2. mosw

          Re: Bullshit

          I don't know if Prime Minsters are a particularly good long-term investment but I am pretty sure they are for sale.

    3. DougS Silver badge

      Re: Bullshit

      Since it would easily be known if someone took the money out of that wallet, he might be able to fake his death, and might be able to steal the money, but he can't do it without people finding out. Which rather defeats the purpose of faking one's own death.

      1. Carpet Deal 'em

        Re: Bullshit

        This assumes anybody knew the address(es) holding the coins. If that was properly hidden, he'd look like just another whale on the blockchain(especially if he was clever enough not to move it all at once).

      2. Anonymous Coward
        Anonymous Coward

        Re: Bullshit

        "Since it would easily be known if someone took the money out of that wallet"

        This assumes the wallet contained the expected bitcoin total or even existed in the first place.

        Password recovery on garbage can prove difficult...

      3. Eddy Ito Silver badge

        Re: Bullshit

        According to a WSJ pay piece there are indications that the money isn't there.

        But two independent researchers say publicly available transaction records associated with QuadrigaCX suggest the money may be gone, not trapped.

    4. MonkeyCee Silver badge

      Re: Bullshit

      The part about the bank deposits requiring access to his computer are either bollocks or imply that there was no other record of where the accounts were held, which is pretty sus.

      I can see why they might hold on to them (for the moment) until an agreement is reached on who gets paid back in which order.

      Not sure anything is going to calm the conspiracy theory. Not sure what currencies were held, but at least some can be monitored. If the cold wallet is known, then you often can see the balance, and the bank stuff is supposed to have independent financial oversight now.

      Now if he's already got his money out before all the attention, and washed into the legal system, then faking your own death and getting a new face and a new life might be a workable plan.

      As for cold storage crypto keys, you've got to make a difficult call on those. Anyone who has them also has full access. My choice was to have them* kept by the lawyer who handles my will. It's in a sealed letter, along with all the details of accounts and access details. My business partners can screw me far harder than just emptying the accounts, so they have their own credentials to everything.

      Same deal at workplaces, by choice the letter with all the domain passwords was with legal, not the boss. The next best is somewhere only the next BOFH would find it, usually taped it on the bottom of my lowest desk drawer. The one with the single malt, boxes of chocolates and gift cards hidden under assorted ewaste.

      *and other property I'd want passed to my next of kin after I died

      1. doublelayer Silver badge

        Re: Bullshit

        On the topic of faking one's death, if this happened, he could probably transfer the funds out somewhat easily by sending them to an exchange and getting a different currency. He'd lose a bunch of it, but you can lose a lot of $137 million and still be fine. In the meantime, while someone could detect that the money was taken, they wouldn't know how to find the thief.

        Two things don't make sense here:

        1. That the company would be so large and store all the passwords and other critical data in one brain and one computer.

        2. That the company would put all the cold storage cryptocurrency in one wallet. That's just asking for someone to get in and take it. If you store a medium amount in each of four hundred wallets, an intrusion can be detected before you lose too much.

        I would expect any crypto company to do both of these things. The fact that they have not makes them incompetent, whether these actions were done out of negligence or malice (I think it more likely to be the former).

        1. Andre Carneiro

          Re: Bullshit

          Was it Einstein that said "Never put down to malice what can be easily explained by human stupidity"? And also "There are only two infinite things, the Universe and human stupidity. And I'm not so sure about the first"?

          I'm still putting my money on malice, though. The whole thing is just so very suspicious...

        2. Doctor Syntax Silver badge

          Re: Bullshit

          "the company would put all the cold storage cryptocurrency in one wallet"

          The article puts wallets in the plural. But it still makes no sense to have a sole password holder. If there are multiple wallets then the passwords can be shared out between multiple trusted employees. A business such as this does have multiple trusted employees doesn't it? For extra security the passwords themselves could be split and handed to different employees.

          1. bombastic bob Silver badge
            Devil

            Re: Bullshit

            a normal LEGIT company would have some sort of 'escrow' system set up, like writing down the passwords or copying files/info onto an unencrypted device, and placing this into a bank safety deposit box, and/or keep in secure legal storage at a law office.

            IANAL, but there's an obvious liability issue here, if it's not a deliberate scam.

        3. MonkeyCee Silver badge

          Re: Bullshit

          "he could probably transfer the funds out somewhat easily by sending them to an exchange and getting a different currency."

          That requires an exchange that is out of reach of the creditors.

          Most legit exchanges have a blacklist of wallets that are known to contain stolen/contested funds, and won't accept deposits from them. Because they then become liable.

          In the same way having $137 million in cash would present a problem trying to deposit any significant amount into a bank. Even under formal reporting limits the activity will get flagged.

          As I said above, if he planned this in advance, maybe. But faking his death then moving the crypto is dumb. I can't really see how someone "smart" enough to fake his death would also be dumb enough to try and loot out afterwards.

          If the cold wallets are empty, I'd have expected reddit to have burst into flames by now :)

          1. LucreLout Silver badge

            Re: Bullshit

            In the same way having $137 million in cash would present a problem trying to deposit any significant amount into a bank.

            You'd be suprised. Not pleasantly.

            Take a walk through the right Swiss Canton with a big enough bag of cash and one of the banks will take it in return for a numbered account. They'll all claim not to, but there are well worn routes to achieving this.

            Only an idiot would actually try the above though - much easier to use the yachts or casinos routes if you only have a couple of hundred million to move.

        4. M.V. Lipvig

          Re: Bullshit

          The one guy with access dies in a third world nation? Bet he was cremated there too, or "sent down the Ganges." No body, no death.

          Nor does his wife have to be in on it. He's dead, his will gave her all* his stuff, she's free and clear with enough to get by, and he's doing the L Ron Hubbard**.

          *Obviously not the 137MM

          ** Buy a 50 foot yacht, then sail to the middle of the Atlantic with a dozen hookers 300 pounds of coke and 130MM in suitcases in the hold.

    5. Anonymous Coward
      Anonymous Coward

      Looks like fraud

      The founder left the country, and so the company didn't have the password when he left, isn't that odd in its own right?

      He left to 'set up an orphanage'.... did he work for QuadrigaCX or abroad running an orphanage? Because both would be full time jobs.

      Setting up an orphanage, I'd expect him to set up a 'Crohns disease foundation', it also seems to be to paint him in a positive light.... "he couldn't have stolen the money... look he sets up orphanages in his 'spare' time!".. where is the orphanage?

      India... far away not easy for Canadians to check...

      It looks like an obvious fraud, he could be somewhere in India having done a runner. The certificate is irrelevant, it just means some doctor has filed some paperwork to the correct department. The obvious next step would be to contact the Gastroenterology of Fortis hospital Jaipur and verify they signed off on it, and then verify the identity of the person they signed off on was him (since id would be simply his wife confirming the body is him).

      Instead of starting out from the *claim*, start out from the *evidence*.

      It's like the "Russian bank has $10 billion loan to Africa state"... and everyone makes jokes about Nigerian scammers.... as if the claim was real. But this is VTB Bank, the Russian (US sanctioned) bank. The one funding Trump Tower Moscow deal, the 250 room building with fee to Trump totalling $130 million.... i.e. half a million dollars per room licensing fee for use of the name "Trump". A bank doesn't suddenly mistakenly think it has a $10 billion loan out to an African state and not notice! Yet it reported it as true when balancing its books, and people start from the idea that their report is true, and they try to explain how they could have make such a mistake! Claiming Nigerian scammers!

      The evidence here is that the founder left the country, claiming to be off to do another job, taking the keys with him, far away, and all that money is gone.... how did that work when he was abroad anyway? Did he personally do the transfers... it doesn't smell right.

    6. Dabbb Bronze badge

      Re: Bullshit

      It's not a bullshit if that single person was the exchange.

    7. Mark 85 Silver badge

      Re: Bullshit

      This indeed smells scamtastic. So "Joe Investor" puts their coin in his care but never has access to the account or the funds unless the owner uses his password at the same time? I might be reading this wrong but that's what it looks like. That would be similar to the bank president dying or even going on vacation and had the only combination the bank's safe.

    8. fajensen Silver badge

      Re: Bullshit

      Remember: All Regulation is Evil!

      1. yoganmahew

        Re: Bullshit

        Re: Bullshit

        Well, he died from complications from Crohns. I have Crohns, the last way I want anyone to know I went is that I shat myself to death. There are honestly a gazillion other ways you could pretend to be killed by in India (and get a death cert for). Gored by a cow. Run over by an elephant. Knocked off your motorbike as it slips into neutral in front of a killer red line bus... but a shitting disease aggravated by Delhi Belly? It's entirely credible.

        1. Omgwtfbbqtime Silver badge

          Re: Bullshit

          Agreed, I have the other digestive CD - Coeliac (Fully managed by diet- TTGA assay <1.2 on diagnosis it was 97)

          The best thing about it - it's not Crohns.

          1. Omgwtfbbqtime Silver badge
            Trollface

            Re: Bullshit

            A downvote for that?

            Seriously?

            For a change I am not trying to piss people off (it is a good way of keeping score though!).

    9. This post has been deleted by its author

  2. cosymart
    Childcatcher

    Lesson for us all...

    CEO dies from an existing serious illness whilst in India and no-one had the nounce to suggest that it might be wise to have the passwords written down on a post-it note stuck to the back of the monitor. So what happens to the $190m of bits and bytes stored on spinning rust?

    1. DougS Silver badge

      Re: Lesson for us all...

      That $190 million is just gone, no different than if he'd robbed a bank of $190 million in cash or gold, buried it somewhere secret and took that secret with him to the grave.

      The one difference is that in five years that $190 million might be worth a fraction of that amount, whereas $190 million in US currency or gold will likely be worth pretty much the same in five years.

      1. The Nazz Silver badge

        Re: Lesson for us all...

        re $190 million gone.

        Excuse my ignorance, of bitcoin, but as i understand it that a finite number of Bitcoin can be issued.

        If the $190m of bytes has truly gone for good, in the short term does that not make each of the remaining quantity of Bitcoin more valuable?

        Within reason, once it is down to the last few Bitcoins then they'll almost, if not actually be worthless?

        1. Anonymous Coward
          Anonymous Coward

          Re: Lesson for us all...

          Actually, this tends to be the sort of thing that makes the value of all cryptocurrencies go down. While, yes the supply of that one has effectively (though not technically) gone down, people have also just been reminded how silly and risky the whole cryptocurrency thing is. The result is usually that a lot of people suddenly jump out of the pool after things like this, and thus the price drops accordingly.

          Also, the coins are not really gone. They're just inaccessible. Come back in 10-20 years and a toaster will be able to crack it (depending on the encryption on that wallet, of course). By which time most laws will have passed their statute of limitations.

        2. Persona

          Re: Lesson for us all...

          Your argument would be true if the bitcoins together represented some underlying asset with a tangible value. They don't. The value of a bitcoin is simply a function of market supply and demand: when people want to buy them it pushes the price up and when they want to sell the price goes down. As there is no underlying asset that can be valued independently, there is no true notion of the price being under or overvalued so there is nothing to constrain the price rising towards infinity or dropping to zero.

          1. mtp

            Tangible value of currency

            Much like GB pounds or any other currency not backed up by a vault full of gold. A currency only has value is if you think other people (including bank managers) will take them as if these bits of paper with £10 written on the front are a real asset.

            I recommend reading "Sapiens: A Brief History of Humankind" for some interesting observations on this kind of thing.

            1. Persona

              Re: Tangible value of currency

              That's not a good comparison. Fiat currency has value and need because of the government behind it. It levies taxes that must be paid in its currency and it pays out in that currency. The currency then becomes a representation of the underlying asset value of the country. This "generally" makes for a reasonably stable currency which can be valued then traded against fiat currencies of other nations. This is utterly different to bitcoin which is not a currency. A more appropriate analogy for bitcoin would be a limited set of baseball cards. When the fans want to buy them the price goes up, and when they want or need to sell them (perhaps to pay a tax bill) the price goes down. Even that is a far from perfect analogy as a baseball card has a picture on it with some intrinsic value.

      2. MonkeyCee Silver badge

        Re: Lesson for us all...

        "whereas $190 million in US currency or gold will likely be worth pretty much the same in five years."

        Gold fluctuates based on how good/bad things are perceived to be, and what the Chinese and India governments are doing. In the last 10 years it's been between $400 and $1800 an ounce. I no longer own any since both China and India have been paying spot plus 15% for a couple of years now.

        Based on current inflation rates, USD from 5 years ago has lost about 8% of it's purchasing power.

        As compared to Lego, which gains about 3% a year in value. Someone even analysed which would be the better investment, and the returns Lego beats gold for about 38 out of 40 years. Obviously there are more traditional investments that beat it too, but it's not quite as good a store of value as it appears.

    2. David Pearce

      Re: Lesson for us all...

      Another scenario is that he was a fool, not a crook and somebody used a variation of rubber hose code breaking to force him to reveal the passwords and then killed him. $190m is far too much money to logically keep in your pocket

  3. nematoad Silver badge
    Unhappy

    Damn.

    I was in a similar situation once.

    Just after Christmas one year I went to my local Bank of Ireland branch to get some cash. When I went up to the cashier she turned to me and said "We haven't got any money!" I mean I've heard of a pub with no beer, but a bank with no money? It turns out that the time lock had malfunctioned over the holidays and when the staff turned up for work they could not open the vault.

    I laughed my head off and for my pains got some really sour looks as I left.

    It seems that some people have no sense of humour.

    1. DropBear Silver badge
      Trollface

      Re: Damn.

      ....this wouldn't have happened in January 2000 perchance...?

      1. nematoad Silver badge

        Re: Damn.

        "....this wouldn't have happened in January 2000 perchance...?"

        Yep, got it in one.

        1. J.G.Harston Silver badge

          Re: Damn.

          Being curious, I went to Google and typed Bank of Ireland bank run 200 and it prompted 2008? 2000? 2005? 2007? 2006? :O

  4. Anonymous Coward
    Anonymous Coward

    I don't find it hard to believe at all, just hard to believe that anyone would trust cryptocurrency asset managers after all the fails. Small company, zero trust, your job depends on doing what the owner/founder/manager tells you. And there are no rules, no oversight, no regulations. I believe in empathy and compassion for anyone in a painful situation, but I am mystified by the trust people place in any third party crypto vault

    1. Anonymous Coward
      Anonymous Coward

      Never underestimate the stupidity of people. Or, in this case, Laziness.

      1. Omgwtfbbqtime Silver badge
        Holmes

        @AC

        You missed greed.

  5. David Gillies

    There are well-known threshold schemes for secret sharing such that a key is split into, say, eight pieces, any five of which can be used to reconstitute the key. Fewer than the threshold and the secret is irrecoverable. I've even got some C++ code knocking about that implements this with nim multiplication over GF(256). I dunno what sort of shonky operation has a single point of failure like this.

    And seriously, if you've got inflammatory bowel disease, is a holiday in India good idea?

    1. Anonymous Coward
      Anonymous Coward

      It's credible if you can prove the money hasn't been removed.

      Foresics on this would be fascinating to do...for someone who has at least half a clue about crypto currencies.

    2. ATeal

      Someone had wikipedia open when they wrote that

      EDIT: Added book recommendation at the bottom; should be readable for any half-decent *cough* "programmer".

      So a little bit snarky but secret sharing systems usually have some huge caveat. That's why we don't already use what would be a brilliant thing (I don't want to argue what constitutes shared secrets (not secret sharing) so let's take the "I give you a string of abstract bytes, you give me some pieces back I can give to a fixed number of people such that [the schemey bastard threshold > 50% OR SOMETHING)"

      It's really not that easy. Doing it on paper is even worse - computers can at least do the tedious crap we can't do well.

      So to answer your question: "none" - unless you are also like these numptys and willing to risk so much on some C++ thing you wrote once - from how you suggest it I kinda doubt you've got past rule 1:

      1) Don't write your own crypto.

      With age and a fuck-tonne of maths spanning abstract algebra, measure theory, combinatorial optimisation and a few others (of which I've spent 6 years veering towards in no rush) AFTER the obvious stuff (like not counting undergrad) and the thought of breaking this rule WITH $190m on the line should allow one to cut a cigar with your anus (should it rest on your implementation).

      Then you relax as you realise "wait the GPL says "no warranty fuckers!" ;)"

      Lastly: the problem is actually not too difficult for small divisions, for example 3 people you have "1/3rd" as the only fraction in play when it comes to colluding. A big problem that quickly bites is you get an n! (for sharing among n) trying to work out what order to put the pieces in.

      Conversely (for me anyway, I've come to accept that the statement "no one else gives a shit") - and this is what I find interesting - if we give up on the "suppose we want exactly n parts given out and all n required to unlock the secret, with no probable way to work out the order (this has a formal meaning)" above (which for reasons stated is impractical for n after a few, and for n small enough the bastard ratio is huge (eg 67% if 2 people collude with n=3)) it actually leads to some quite interesting ideas

      None of which are practical of course ;)

      Book: Foundations of Cryptography - Volume 1: Basic Tools - Oded Goldreich

      A lot of this is English so you can just open it somewhere and "enjoy" - which is why I mention it. I know PDFs of it can be found. PLEASE DON'T THINK THAT THIS IS ANYTHING TO DO WITH WRITING CRYPTO STUFF THAT YOU SHOULD TRUST it's pure theory and is one of the few books I've found that spans both sides of the formal/informal divide.

      1. gnasher729 Silver badge

        Re: Someone had wikipedia open when they wrote that

        "Shamir Secret Sharing". First time I read about it was in Donald Knuth's "Art of Computer Programming", printed some time in the 1980's. Of course you might tell Adi Shamir to not write his own crypto, but he'd probably just say "and who are you?"

        And it works perfectly fine for k out of m people. Just a polynomial of degree k-1, evaluated at m points, so k results reconstruct the polynomial, an doing everything over some finite field makes sure there is ZERO information out from k-1 results.

        1. ATeal

          Re: Someone had wikipedia open when they wrote that

          *sigh* c'mon guys read before you post.

      2. Anonymous Coward
        Anonymous Coward

        Re: Someone had wikipedia open when they wrote that

        Don't try to make this algorithm sound more complicated than it really is, for the purpose of excusing the exchange for not implementing it. It really isn't. If you can live with small numbers of n (i.e. any 3 out of 4 keyholders need to collaborate, which if we assign a key to the CEO, CFO, CTO and an independent director would have sufficed perfectly) then the simplest possible algorithm would be to encrypt the main key multiple times, using different key fragments xor'd together. Encrypt it 4 times, using a^b^c, a^b^d, a^c^d and b^c^d. Any combination of 3 fragments can then decrypt it. Job done. It really is that simple.

        1. c1ue

          Re: Someone had wikipedia open when they wrote that

          The problem with sharing secrets is that any individual member of the chain can hold the rest hostage.

      3. Claptrap314 Bronze badge

        Re: Someone had wikipedia open when they wrote that

        No, apparently, YOU were the one with Wikipedia open--and you misread it.

        Yes, the #1 rule of crypto is you don't role your own--but this applies to creating the primitives, not implementing them. As I've repeatedly mentioned here, however, if you're not using libraries, you better have a **** good reason.

        And the prior poster mentioned libraries.

        But secret sharing is actually one of the more simple primitives (and arguably less sensitive than encryption or hashing). I actually would not be too freaked out over an independent implementation.

        If you want to share this secret among n people (with infinite storage) so that any three or more can know it, just translate the secret into a plane in R^3, and hand out random points on the plane.

        Of course, we are finite beings, so you need to use finite fields instead of R--say, of order p^k. This in turn means that any two collaborators can "compromise" the secret to the point that only p^k possibilities remain. So, choose p^k to be as high as you need for your application, and you check that no set of three points end up on the same line.

        If you want to require four to reveal, just step up the dimension of the affine plane (and "line") in question.

        If you need to look up anything I just wrote, then use a ******* library.

        The issue is application development. All of the usual issues apply here, but it's important to keep in mind that the secret is not known to the application until enough keys are provided--and the application properly combines them.

        1. ATeal

          Re: Someone had wikipedia open when they wrote that

          I didn't. I studied (past tense) this stuff, and I remember it?

          What's annoying though is I gave a book with an easily available PDF which is accessible to ... let's call them "crypto-users" - people who could read it and just ignore/gloss over the formal parts AND THIS IS STILL GOING ON.

          There's no excuse for this, but I'm arguing solo and not going to help someone against their will ;)

      4. David Gillies

        Re: Someone had wikipedia open when they wrote that

        Shamir secret sharing, which is what I'm talking about, is completely indifferent to the order in which the shares are used to unblind the secret (in fact there is no 'order', per se). For an (m, k) scheme where you need k from m it is trivial to make k = m.

        I've been doing this stuff since the early 90's so a bunch of hand-waving doesn't impress me, I'm afraid.

    3. Nolveys Silver badge

      And seriously, if you've got inflammatory bowel disease, is a holiday in India good idea?

      Maybe he was hooked on adrenaline and a trip to India was like his version of base jumping.

    4. Persona

      N of M key sharing is a feature built into every Hardware Security Module you can buy. I've even used it on two different brands. Don't build it yourself: the cost of failure is too high.

  6. Anonymous Coward
    Anonymous Coward

    I'm going to need to see a body before I'll believe this cock and bull story.

    1. Anonymous Coward
      Anonymous Coward

      That's a shame because it is extremely unlikely that they are going to ship it to you.

    2. Mark 85 Silver badge

      Since he died in India, It's very possible he's been "cremated by the river Ganges". Or that might be the story.

    3. Rob

      Its India...

      ...you can buy a body as well as a certificate of death, you could probably find someone that would do some sort of bundled deal for both if you buy cash (not crypto though).

  7. Anonymous Coward
    Anonymous Coward

    > Its founder and CEO Gerald Cotten passed away in India before Christmas without leaving any written record nor copies of the passwords and keys to unlock his organization's financial reserves.

    Have they tried looking underneath his keyboard?

    1. Anonymous Coward
      Anonymous Coward

      The password has to be "Joshua". It just has to be.

  8. Chairman of the Bored Silver badge

    As we get older...

    When my dad passed he was not of sound mind. When I got into all his accounts and books the realization hit that his judgement had actually been degraded for some time, and I had a major forensic accounting task on my hands.

    Seriously:

    If you've got kids do them a favor while you can still think straight- put them on all your accounts and go over your financial status with them in detail at least once a year. I'm making sure mine have no surprises when I shift off the mortal coil.

    1. David Austin

      Re: As we get older...

      As a kid going through this right now; Please, please do this. Even just something in the Home office Safe with "Here's all the accounts i have" would be a big help

    2. Warm Braw Silver badge

      Re: As we get older...

      When my aunt went into care, she left behind many bin bags full of unopened correspondence from the previous several years - everything from bank statements to Readers Digest Prize Draw promotions. Or, rather, the first stage was to gather the correspondence into bin bags from the various places it had been secreted after clearing off the worst of the dust.

      She had, fortunately, very reluctantly agreed to a Power of Attorney while she still had some vestiges of capacity or there is likely very little I could have done. She resolutely refused to make a will: apparently there is/was a widespread superstition that making a will brings forward your demise.

      However much she might have been implored to "put her affairs in order", she would never have done so, she really didn't care what happened after her death - she really didn't care much what happened during her life.

      On the other hand, she didn't run a crypto exchange. Or if she did, she'd hidden that correspondence particularly well.

      1. Doctor Syntax Silver badge

        Re: As we get older...

        "there is/was a widespread superstition that making a will brings forward your demise."

        Or the simple fact that thinking about one's demise is not a pleasant thing to do and hence gets put off...and off ...and off.

      2. Mike Moyle Silver badge

        Re: As we get older...

        "(A)pparently there is/was a widespread superstition that making a will brings forward your demise."

        Based on some families that I'm aware of, it may not be pure superstition.

    3. Symon Silver badge
      Headmaster

      Re: As we get older...

      It's 'shuffle'.

      http://shakespeare.mit.edu/hamlet/full.html

      1. Arthur the cat Silver badge

        Re: As we get older...

        It's 'shuffle'.

        http://shakespeare.mit.edu/hamlet/full.html

        That's because Shakespeare didn't have shift registers available. The big question is, is it shift right or left, pursued by bear?

        1. qwertyuiop

          Re: As we get older...

          If i was being pursued by a bear I'd probably shit right AND left!

          Oh...

          ...you said SHIFT...

        2. Chairman of the Bored Silver badge

          Re: As we get older...

          Appreciate the correction on my Shakespeare reference. To be honest when I wrote that I originally thought to write of myself shifting off a register into the bit bucket. While it doesn't have the brutality of the "take a dirt nap" from my service days it still felt depressing.

          Not sure what my endianness is at this point, so not sure which way I will go. Will the most significant or least significant bit be the last to go? Depends on whether you ask the ex...

  9. Nick Kew Silver badge
    Boffin

    Crypto-busting test case

    Taking the story at face value (no laughing at the back), does this make an interesting crypto-busting test case for the kind of folks who did the FBI Iphone?

    In 30 days I expect they'll be throwing whatever they can find at it, from brute force to experts. Could be an interesting scenario if some TLA does know how to break it but isn't prepared to reveal that they know ...

    As for entrusting your money to one man with no fallback ... erm, 'nuff said. Maybe if it's laundered money you just accept there will be attrition, but who else?

    1. doublelayer Silver badge

      Re: Crypto-busting test case

      From the sound of it, the people attempting to regain access aren't that good at it. I don't know the details, but it sounds as if they think they have access to a computer with the data on it. I'm assuming the computer is encrypted, but even so, that is a problem with a solution. They were also the people who let a store of value be set up in such a way that only one person could access it, which doesn't say much for their common sense.

      1. DropBear Silver badge

        Re: Crypto-busting test case

        If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a "problem with a solution", what is the point of encrypting any computer...?

        1. Groaning Ninny

          Re: Crypto-busting test case

          I think it really means that he doesn't understand that any decent encryption is unbreakable in useful timescales.

          1. Doctor Syntax Silver badge

            Re: Crypto-busting test case

            "any decent encryption is unbreakable in useful timescales"

            And at any appropriate cost. There's be no point if it could be decrypted by use of resources that might cost 5 times the value of what's on there.

            1. lglethal Silver badge
              Coat

              Re: Crypto-busting test case

              For $190 million, you can dedicate a fair few resources...

            2. M.V. Lipvig

              Re: Crypto-busting test case

              5 times the value? I'm guessing the multiplier will be a wee bit larger than 5.

        2. Anonymous Coward
          Anonymous Coward

          Re: Crypto-busting test case

          If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a "problem with a solution", what is the point of encrypting any computer...?

          Encrypted data on a hard drive should be recoverable. The data will be encrypted by a random key generated for that drive and stored in the controller. The user's password will then be used to encrypt that key, but the drive manufacturer should be able to recover the key (or, if it's a Samsung SSD, anyone can)

      2. Robert 22

        Re: Crypto-busting test case

        Is my understanding correct that the data needed to access the cryptocurrency is contained on the laptop and nowhere else??? If so, this would seem to introduce further potential points of failure:

        1. If the hard drive fails catastrophically

        2. The laptop is lost or stolen

    2. Tom 7 Silver badge

      Re: Crypto-busting test case

      I remember when, at one company we started of trying to work out how to be secure without locking ourselves out. Its not as easy as it sounds. A safe with the encryption code on an envelope? For $190 million that's not safe.You can keep adding layer after layer but it always ends up with a SPOF, either in terms of making it possible for others to get in or locking yourself out. Banks have two key access to boxes that are freely available to people with diamond tipped drills.

      When working on something that is 'designed' to avoid outside scrutiny I can easily imagine keeping it in house and not trusting your colleagues this loophole was never looped.

      1. doublelayer Silver badge

        Re: Crypto-busting test case

        "If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a ["]problem with a solution["][my statement], what is the point of encrypting any computer...?"

        The point is to prevent data being stolen with a machine. If you were to rob me in the street today, you'd get my computer, but not the data on it. You could try some passwords, but it wouldn't get you in, and the security of my data would be intact. That's because it's not worth a ton of money to you. $190 million in bitcoin, on the contrary, is worth quite a bit to people, including to the people who run this company who could face some negligence cases if they don't get access to the thing. That makes it possible to invest some more resources into brute forcing passwords. For example, if the encryption is done using bitlocker on Windows, the passwords aren't super-secure*. It would be possible to brute force the possibilities of the default code if you had the inclination. For $190 million, the inclination is there more than for the random files I happen to have, and it is thus more likely to be attempted by this company than it is by a street thief who already has the main source of value, the hardware of my laptop.

        *The default password for bitlocker is a 6-digit numeric pin. This machine could use a different system and/or a more secure password. This system could in fact not be encrypted at all. However, automatically typing in all combinations of digits is doable if you are willing to spend a couple of weeks on it, and other methods of trying to crack the password are doable too.

  10. Peter Clarke 1
    Big Brother

    Wrong Conspiracy

    The CEO was totally honest and is dead. The truth is someone who had a lot of money in his account pissed of the wrong TLA or criminal organisation and they bumped him off to permanently freeze the asets

  11. Tromos
    Joke

    This is why these cryptocurrencies need to be backed up by being stamped onto pieces of metal, or for large amounts where this can be unwieldy, printed onto sheets of some lighter material.

    1. LDS Silver badge
      Devil

      No, thanks to the highly decentralized and democratic implementation of cryptocurrencies you don't need that.... oh wait....

  12. Winkypop Silver badge
    Devil

    Has anyone tried....

    "qwerty123" ????

    1. David 132 Silver badge

      Re: Has anyone tried....

      “swordfish”. It’s always “swordfish”.

    2. Mark 85 Silver badge

      Re: Has anyone tried....

      "password9"

      1. yoganmahew

        Re: Has anyone tried....

        toomanysecrets

    3. Flak_Monkey

      Re: Has anyone tried....

      correct horse battery staple?

      1. Norman Nescio Silver badge
    4. nyk.birdm

      Re: Has anyone tried....

      TrustNo1

    5. BinkyTheMagicPaperclip Silver badge

      Re: Has anyone tried....

      That's the kind of thing an idiot would have on his luggage!

    6. Anonymous Coward
      Anonymous Coward

      Re: Has anyone tried....

      It's a long shot, but: 0118 999 881 999 119 725 3 ??

  13. Anonymous Coward
    Anonymous Coward

    Show us the Body ...

    ... otherwise he's probably just done a runner with all of the dosh.

    1. Anonymous Coward
      Anonymous Coward

      Re: Show us the Body ...

      I'm actually wondering if this is doable:

      - fake death, easy, particularly in countries like India

      - move somewhere and get the dosh off the wallets, without any of the idiots noticing

      Anyone ?

      1. M.V. Lipvig

        Re: Show us the Body ...

        Yes, but you need to reverse the order. After all, YOU are the only one with the key, and are the only one who can check to see if the money's still there.

  14. Mr Dogshit
    FAIL

    Wah wah waaaaah!

    Should have put your money in a bank, losers.

  15. Anonymous Coward
    Anonymous Coward

    before his apparent death,

    Either he is dead, or done a runner, or a Schrodinger's Canuck.

  16. Pascal Monett Silver badge

    Bunch of muppets, the lot of 'em

    So everyone thought it was a good idea to have only one person know the access to $190 million and no backup of the codes ?

    His leaving for India is irrelevant - he could have been hit by a bus while doing his morning jog.

    The sheer incompetence, or outright criminal behavior in some (rare) cases, that is demonstrated time and again by these "exchanges" is what is keeping me away from this market.

  17. anthonyhegedus Silver badge

    I still don't understand how he had millions of real dollars in real bank accounts that are now not accessible. Pretty poor excuse for a bank account if that's true. The whole thing sounds like a load of old tosh to me. And regarding the actual bitcoins, what complete idiot stores their money with a company and doesn't do any due diligence to find out how safe their bitcoins really are?

  18. Anonymous Coward
    Anonymous Coward

    It looks like an badly prepared exit scam, made in desperation after becoming insolvent in December. There is no 190M left in cold wallets.

  19. steviebuk Silver badge

    Maybe...

    ....they find him secretly living next door to his wife some years later coughJohnDarwincough.

    On a side note regarding John Darwin. You're supposed to be dead, so why fucking risk having photos of yourself taken while on a secret holiday. Idiots.

  20. steviebuk Silver badge

    I'm surprised..

    ...no one at the company ever thought to "whistleblow" in respect to "Excuse me. I'm your new finance director. Can I ask why only the CEO is allowed access to finances?. I also hear he is off to Indian. Surely he's a single point of failure and someone else needs access. Or at least keep them in a safe that only keep people have access to?" and potentially being told "That's the way he wants to run his company, just stop asking questions" should of raised massive flags to internal people.

    Very odd and very much looks like a scam. And also will give more excuse for governments to not support crypto-currency without legislation.

    1. stungebag

      Re: I'm (not entirely) surprised..

      My money's still on scam, but it's far from impossible that a CEO with an inflated sense of his importance and a disbelief in his own mortality simply wouldn't share, and no-one was able to talk sense into him.

      You know when an uppity staff member is told that nobody's indispensable? Maybe that's not always true.

    2. lglethal Silver badge
      Go

      Re: I'm surprised..

      You seem to be assuming that this was atcually run like an actual company, i.e. CEO's, CFO's, a finance department, etc. etc.

      Everything i read makes this sound like a garage operation - "Bob over there is IT, Tom is Sales, Jenny creates the flash website to get people in, Randy is customer support. And I'm the boss. I hold the purse strings. Cant trust any of these buggers with the codes, so we keep em offline on my laptop, no way a hacker can get in there! What do you mean, what happens if i die? Im only 30, geez. And what do you mean what if someone breaks in and steals my laptop? It's encrypted. And the Police around here a good at recovering stolen property. It's all fine...."

  21. DenTheMan

    More strange tales to come

    Straight from the crypt.

  22. Anonymous Coward
    Anonymous Coward

    He didn't share his encryption keys...

    AND he signed his will two weeks before his death?

    Uh-huh...

  23. Anonymous Coward
    Anonymous Coward

    Have no convenient means of verifying integrity of custodians

    So I scatter my crypto between exchanges and keep the bulk in private wallets. I encrypt the access codes of various forms and share them with multiple trusted parties/executors.

    Come to think of it, I do this with my non-crypto assets too.

    But as far as crypto goes, the whole point is to retain control. Trustless, right? Ultimately, one must trust others to function, and cryptocurrency merely provides a mechanism to temporarily withdraw one's assets from the mortal plane. Even this is illusory because the value is imparted by the faith of the living.

  24. anthonyhegedus Silver badge

    Just goes to show that the principal type of actor around bitcoins is a criminal. Bitcoins are either used for scamming people, extortion, money-laundering or in this case, running a dodgy outfit and running off with the money. I'm afraid I'm going to have to shout again, like I've posted several times before, to numerous thumbs-up: THERE IS NO KNOWN LEGITIMATE REAL-WORLD APPLICATION FOR BITCOINS OR OTHER CRYPTOCURRENCY!!!

    1. Pascal Monett Silver badge

      Especially since buying a pizza is going to cost you not only the pizza, but $50 in "transaction fees".

      Now there's a racket if I ever saw one.

      1. anthonyhegedus Silver badge

        That and the fact that it’s just slurped up 10MWh of energy

  25. dmap0
    Thumb Up

    Chargeback isn't a handy procedure.

    Financial Chargeback Institutions are always too late..too slow.. especially if you make your transactions with credit cards or crypto-currency. Typically, chargeback isn't a handy procedure perhaps I strongly believe info@finance-recovery,ch would greatly help.

  26. Gumby1
    Facepalm

    OH looks its full of Stars

    Reported today in the SMH that ernst & young cracked the laptop and discovered the cupboard bare . The accounts were drained starting from April last year ( 2018) .

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019