Why QuadrigaCX’s Cold Wallet Reserves Haven’t Been Identified Yet

Since QuadrigaCX went offline late last month due to not being able access $190M in cold storage reserves after the purported founders death, many people have declared it to be an exit scam or fraud. QuadrigaCX has yet to disclose their cold wallet addresses, leading a small group of people to try and discover what those addresses are themselves through blockchain forensic analysis.

Although some have claimed a portion of cold wallets have been found and funds have been moving out of those cold wallets, the evidence as of yet is not conclusive. A much more thorough forensic analysis is likely already underway, but professional blockchain forensic analysis takes time and is greatly aided by the use of forensics tracking software to speed up the process in complex cases such as this.

The Evidence So Far

Thus far the main person who has led the way in terms of forensic analysis in an attempt to find Quadriga’s cold wallets is @proofofresearch. Their analysis can be found in full in their chain analysis report. Their investigation suggests that Quadriga does not hold nearly the amount of Bitcoin as they claim to and questions whether cold wallets exist at all. Furthermore, after this report was published, @proofofresearch found evidence suggesting funds we’re being moved from some of the cold wallets, suggesting fraudulent activity.

Finding Conclusive Evidence

The analysis @proofofresearch has done is impressive given that he did all the work manually. However, a more thorough investigation is necessary to conclusively prove either that QuadrigaCX doesn’t hold the assets they claim to or that wallets that have had recent activity are not actually QuadrigaCX’s cold wallets.

The initial analysis by @proofofresearch involved individual people reporting hashes of transactions that they claimed were a deposit or withdrawal from Quadriga. One of the issues here is that only a few select people voluntarily submitted transactions. A much larger sample size is necessary to ensure there all of Quadriga’s hot wallet clusters are known. Furthermore, blockchain forensics software will be a necessity here, as @proofofresearch has spent a significant amount of time looking at only a small portion of transactions and wallets.

How Does Cryptocurrency Forensics Tracking Software Work?

Manually tracking transactions is always possible but forensics tracking software becomes far more useful, and practically necessary, in highly complex cases involving thousands of transactions and addresses. Software typically isn’t necessary when tracking ownership of assets owned by a single individual. At Cryptforensic Investigators, we don’t normally need to use such software ourselves unless the case is particularly complex or the individual has taken attempts to anonymize themselves or obfuscate their holdings.

Forensic software becomes a necessity when ‘coin mixers’ start being used since such tools exist for the sole purpose of obfuscating ownership of cryptocurrency assets. Coin mixers work by taking a multiple input transactions from different sources, and putting the output into multiple new wallets.

Twitter user @proofofresearch believes the funds are currently being moved and a mixing service is being used to obfuscate ownership of funds. However, mixers do not fully obfuscate ownership of assets; they can merely make it more difficult to find.

Forensic tracking software works by linking wallets through association. Wallet addresses can be identified by how far away they are from one another. Wallet addresses are then put in what’s known as ‘clusters’. Clusters are essentials groups of addresses that are suspected to be linked to one another.

Who at Quadriga is Committing Fraud

While there isn’t conclusive evidence suggesting Quadriga does have access to the funds in cold storage that they claim not to have access to, it’s not looking good for them so far. But, if true, who exactly is exit scamming? Who has access to the cold storage keys? Gerald Cotton himself (if he’s not dead), Jennifer Robinson (wife/widow of Gerald), Aaron Matthews (new CEO), Omar Dhanani (former co-founder and ex-convict), other QuadrigaCX employees, or a combination thereof are all suspect.

Despite fishy behavior among senior leadership at Quadriga, it seems unlikely that either Jennifer or Aaron would be the culprit. This is because many people, including authorities, are watching what they both do very closely. Furthermore, since they live in Canada, they’re relatively easy for authorities to track down. If one of these individuals is siphoning off funds there’s a variety of ways they can be caught such as through:

• Cryptocurrency forensic analysis
• Lifestyle and spending analysis. If either of them starts spending large amounts of money they shouldn’t have based on their level of income, this triggers flags for an audit at the CRA.
• Sudden or significant increases in the size of their bank accounts
• Whistle blowing by a QuadrigaCX employee with insider knowledge (such as cold wallet addresses)
• Successful decryption of Gerald’s laptop by the authorities

Since Jennifer and Aaron are more prone to being caught, charged and sentenced for fraud than someone who’s thought to be dead, it’s less likely that Jennifer or Aaron are siphoning off funds and committing fraud.

Whoever at or associated with Quadriga is siphoning off funds, if they are, is sure to be aware that blockchain forensics will be conducted to verify the accuracy of their claimed holdings. In fact, companies like chainalysis who design tracking software primarily work with 3 types of companies and institutions:

1. Government and Law Enforcement (Drug Trafficking, Terrorist financing, tax evasion)
2. Financial Institutions (Money laundering and terrorist financing)
3. Cryptocurrency exchanges

Many cryptocurrency exchanges elect to work with Chainalysis so they can avoid accepting ‘dirty’ money such as money from a hacked cryptocurrency exchange. Whoever is siphoning out funds from the wallets, if it’s even being done, is doing so knowing that sooner or later, it will be determined that someone with access to the private keys exit scammed.

Conclusion

The cold wallet addresses have not been conclusively identified yet because blockchain forensic analysis takes time. The investigation into Mt.Gox took Chainalysis two months. Likewise, it will take a few weeks at the very least for the cold wallets supposedly containing up to $190M to be found, if they even exist.

Note: Nothing in this article is to be construed as legal, financial, or tax advice.

About the author:

Paul Sibenik is the owner of CryptForensic Investigators in Vancouver, Canada. His firm focuses on tracking and assisting in the recovery of cryptocurrency assets for family law matters including divorce and child support.