Alleged BTC Key Loss on Golix Re-Opens Crypto’s 'Custody Battle'

Tuesday, 05/11/2019 | 13:08 GMT by Rachel McIntosh
  • The recent saga surrounding custody issues on crypto exchange Golix have re-opened discussions around centralized custody.
Alleged BTC Key Loss on Golix Re-Opens Crypto’s 'Custody Battle'
FM

Just in case users ever forget that they should not be storing their coins on an exchange, it seems that the industry manages to provide some sort of a “reminder” every few months--for better or for worse.

Last Thursday, Zimbabwean news source iHarare reported that Tawanda Kembo, the founder and CEO Zimbabwean cryptocurrency exchange Golix, had lost the keys to one of the exchange’s cold wallets. According to the report, the wallet contained roughly 33 BTC, worth roughly $306,000 at press time.

A number of news outlets reported that Kembo had said that he had lost the keys all the way back in May of 2018--a particularly poignant time in Golix’s history, just as the exchange’s users were beginning to withdraw their funds following the Reserve Bank of Zimbabwe’s (RBZ) alleged decision to force the shut down of the exchange.

Many of the same reports claimed that users were having difficulties withdrawing their funds, or weren’t able to withdraw them at all.

Golix’s CEO has offered some clarification on the situation--sort of

Despite alleged plans to open exchanges in other countries following Golix’s alleged shutdown, CoinRivet reported on October 31st that Kembo “hasn’t been seen in public for months” and “is seemingly refusing to communicate with the outside world.” Kembo’s twitter feed hasn’t been updated since December of 2018; Golix’s Twitter feed hasn’t been updated since February of this year.

But on November 1st, Kembo contacted iHarare to share his side of the story. Regarding the loss of the Bitcoin wallet, Kembo said that while he “[couldn’t] say this is entirely untrue, it’s a statement that was taken completely out of context”; indeed, he had lost the password to a Bitcoin wallet, but it hadn’t a wallet associated with the exchange.

As such, “99% of the people who have attempted to make a withdrawal on Golix have seen in go through without a hitch,” he said. “[...] It’s the 1% of the cases that’s responsible for some of the misleading headlines you have been seeing lately.”

Another QuadrigaCX situation?

However, Kembo contradicts himself a few paragraphs later: “it is true however that over the last year we have mostly been unable to process any fiat withdrawals,” he wrote.

In other words--it seems that while Kembo may not have completely lost access to the exchange’s cold wallets, whatever is happening at Golix seems to have prevented users from withdrawing fiat from the exchange.

On its face, the situation seems to bear some similarities with the QuadrigaCX debacle, in which the CEO of a Canadian exchange suddenly died, allegedly taking the exchange’s cold wallet keys with him to the grave.

And indeed, while Golix’s situation may not be as severe or as large in scale as QuadrigaCX, the story has forced the industry once again to question how users can be assured that their funds are safe on a cryptocurrency exchange, and whether or not any cryptocurrency exchange should ever be trusted to hold its users’ funds.

”At the end of the day, in centralized exchanges, currency pooling is an inherent risk that, to some degree, will always occur, making defensive countermeasures of paramount importance.”

Kadan Stadelmann, CTO of Komodo, a multichain architecture project, sees the situation this way: By their very nature, a centralized exchange (CEX) requires that its users forfeit their cryptocurrency’s keys to a third party in order to trade,” he told Finance Magnates.

Kadan Stadelmann, CTO of Komodo, a multichain architecture project.

“With a lack of uniform rules and enforcement mechanisms as it relates to security, these exchanges often vary severely in terms of their operational quality and standards.”

“For organizational and efficiency purposes, CEXs often pool their currency stores together into a select few wallets. Unfortunately, this model turns exchanges into attractive targets for hackers and also amplifies embarrassing human errors thanks to security centralization,” he added.

Stadelmann added that regulation could improve the situation, but may not ultimately be enough to eliminate risks.

“It's certainly possible that regulation may be able to increase exchanges’ security standards, perhaps by requiring backups of sensitive data, enforcing a certain amount of reserves be kept in multisignature or cold wallets etc, or by even making mandatory some form of insurance to protect end users,” he said.

“However, at the end of the day, in centralized exchanges, currency pooling is an inherent risk that to some degree will always occur, making defensive countermeasures of paramount importance.”

“The risk of losing crypto in the custody of exchanges is all too real.”

Jitender Tokas, Co-founder and Chief Business Officer of Delta Exchange, agreed that this kind of centralized custodianship is inherently risky for users.

Jitender Tokas, Co-founder and Chief Business Officer of Delta Exchange.

“The risk of losing crypto in the custody of exchanges is all too real,” he told Finance Magnates.

“It can broadly bucketed into three categories: (a) access to exchange wallets is lost due to company incompetence, (b) company defrauds investors and (c) crypto in custody is lost due to hacking. A cursory look at the past incidents will reveal that hacking is the biggest risk.”

While Tokas said that “this risk in large measure can be mitigated by the combination of multi-sig wallets and manual reviews of all withdrawals,” (a “practical solution,” he added, for his own exchange), the old adage still rings true:

In other words, giving your private keys to any entity--even a trustworthy one--means that they are no longer in your control, and therefore are at the mercy of someone else’s discretion; and although someone else’s discretion may indeed be better than yours, that someone may be the target of hacks and other kinds of trouble that you wouldn’t.

Exchanges are increasingly moving away from custodial models

It is for this reason that Kadelmann seems to believe that exchanges are increasingly adopting non-custodial models. “Speaking idealistically, no custody is right, because custody is always based on trust, something that those in the DeFi and Blockchain spaces are trying to reduce,” he said.

“Those exchanges, like Binance, that are reducing their actual custody over coins during trading by playing around with decentralized technology, are setting themselves up as leaders for the next stage of crypto trading.”

“Over the next couple of years, as these problems continue, and users start to actual internalize the mantra not your keys, not your coins’, we fully expect decentralized exchanges (DEXs) to start scooping up market share of the crypto trading landscape,” he continued.

“Atomic swaps, a trustless smart contract technology that lets users trade Cryptocurrencies between each other without ever giving up control or ownership of their keys to a middlemen, is no longer a pipedream, and projects are rolling out DEX implementations left and right.”

“Though they haven’t caught on yet due to low trading liquidity and mixed user experience, Newer DEXs are mobile-ready, have access to shared liquidity pools, and are becoming increasingly accessible to lay consumers.”

However, in the meantime, Tokas said that users who rely on centralized exchanges for their trading needs should “should select the exchanges they trade at quite carefully. Only exchanges with good reputations, clean track records and professionally capable management should be in the consideration set of traders.”

And of course, “traders can further mitigate the risks they face by keeping their non-trading balances in their own cold wallets, instead of leaving them on exchanges.”

Finance Magnates reached out to Golix, but did not hear back before press time.

Just in case users ever forget that they should not be storing their coins on an exchange, it seems that the industry manages to provide some sort of a “reminder” every few months--for better or for worse.

Last Thursday, Zimbabwean news source iHarare reported that Tawanda Kembo, the founder and CEO Zimbabwean cryptocurrency exchange Golix, had lost the keys to one of the exchange’s cold wallets. According to the report, the wallet contained roughly 33 BTC, worth roughly $306,000 at press time.

A number of news outlets reported that Kembo had said that he had lost the keys all the way back in May of 2018--a particularly poignant time in Golix’s history, just as the exchange’s users were beginning to withdraw their funds following the Reserve Bank of Zimbabwe’s (RBZ) alleged decision to force the shut down of the exchange.

Many of the same reports claimed that users were having difficulties withdrawing their funds, or weren’t able to withdraw them at all.

Golix’s CEO has offered some clarification on the situation--sort of

Despite alleged plans to open exchanges in other countries following Golix’s alleged shutdown, CoinRivet reported on October 31st that Kembo “hasn’t been seen in public for months” and “is seemingly refusing to communicate with the outside world.” Kembo’s twitter feed hasn’t been updated since December of 2018; Golix’s Twitter feed hasn’t been updated since February of this year.

But on November 1st, Kembo contacted iHarare to share his side of the story. Regarding the loss of the Bitcoin wallet, Kembo said that while he “[couldn’t] say this is entirely untrue, it’s a statement that was taken completely out of context”; indeed, he had lost the password to a Bitcoin wallet, but it hadn’t a wallet associated with the exchange.

As such, “99% of the people who have attempted to make a withdrawal on Golix have seen in go through without a hitch,” he said. “[...] It’s the 1% of the cases that’s responsible for some of the misleading headlines you have been seeing lately.”

Another QuadrigaCX situation?

However, Kembo contradicts himself a few paragraphs later: “it is true however that over the last year we have mostly been unable to process any fiat withdrawals,” he wrote.

In other words--it seems that while Kembo may not have completely lost access to the exchange’s cold wallets, whatever is happening at Golix seems to have prevented users from withdrawing fiat from the exchange.

On its face, the situation seems to bear some similarities with the QuadrigaCX debacle, in which the CEO of a Canadian exchange suddenly died, allegedly taking the exchange’s cold wallet keys with him to the grave.

And indeed, while Golix’s situation may not be as severe or as large in scale as QuadrigaCX, the story has forced the industry once again to question how users can be assured that their funds are safe on a cryptocurrency exchange, and whether or not any cryptocurrency exchange should ever be trusted to hold its users’ funds.

”At the end of the day, in centralized exchanges, currency pooling is an inherent risk that, to some degree, will always occur, making defensive countermeasures of paramount importance.”

Kadan Stadelmann, CTO of Komodo, a multichain architecture project, sees the situation this way: By their very nature, a centralized exchange (CEX) requires that its users forfeit their cryptocurrency’s keys to a third party in order to trade,” he told Finance Magnates.

Kadan Stadelmann, CTO of Komodo, a multichain architecture project.

“With a lack of uniform rules and enforcement mechanisms as it relates to security, these exchanges often vary severely in terms of their operational quality and standards.”

“For organizational and efficiency purposes, CEXs often pool their currency stores together into a select few wallets. Unfortunately, this model turns exchanges into attractive targets for hackers and also amplifies embarrassing human errors thanks to security centralization,” he added.

Stadelmann added that regulation could improve the situation, but may not ultimately be enough to eliminate risks.

“It's certainly possible that regulation may be able to increase exchanges’ security standards, perhaps by requiring backups of sensitive data, enforcing a certain amount of reserves be kept in multisignature or cold wallets etc, or by even making mandatory some form of insurance to protect end users,” he said.

“However, at the end of the day, in centralized exchanges, currency pooling is an inherent risk that to some degree will always occur, making defensive countermeasures of paramount importance.”

“The risk of losing crypto in the custody of exchanges is all too real.”

Jitender Tokas, Co-founder and Chief Business Officer of Delta Exchange, agreed that this kind of centralized custodianship is inherently risky for users.

Jitender Tokas, Co-founder and Chief Business Officer of Delta Exchange.

“The risk of losing crypto in the custody of exchanges is all too real,” he told Finance Magnates.

“It can broadly bucketed into three categories: (a) access to exchange wallets is lost due to company incompetence, (b) company defrauds investors and (c) crypto in custody is lost due to hacking. A cursory look at the past incidents will reveal that hacking is the biggest risk.”

While Tokas said that “this risk in large measure can be mitigated by the combination of multi-sig wallets and manual reviews of all withdrawals,” (a “practical solution,” he added, for his own exchange), the old adage still rings true:

In other words, giving your private keys to any entity--even a trustworthy one--means that they are no longer in your control, and therefore are at the mercy of someone else’s discretion; and although someone else’s discretion may indeed be better than yours, that someone may be the target of hacks and other kinds of trouble that you wouldn’t.

Exchanges are increasingly moving away from custodial models

It is for this reason that Kadelmann seems to believe that exchanges are increasingly adopting non-custodial models. “Speaking idealistically, no custody is right, because custody is always based on trust, something that those in the DeFi and Blockchain spaces are trying to reduce,” he said.

“Those exchanges, like Binance, that are reducing their actual custody over coins during trading by playing around with decentralized technology, are setting themselves up as leaders for the next stage of crypto trading.”

“Over the next couple of years, as these problems continue, and users start to actual internalize the mantra not your keys, not your coins’, we fully expect decentralized exchanges (DEXs) to start scooping up market share of the crypto trading landscape,” he continued.

“Atomic swaps, a trustless smart contract technology that lets users trade Cryptocurrencies between each other without ever giving up control or ownership of their keys to a middlemen, is no longer a pipedream, and projects are rolling out DEX implementations left and right.”

“Though they haven’t caught on yet due to low trading liquidity and mixed user experience, Newer DEXs are mobile-ready, have access to shared liquidity pools, and are becoming increasingly accessible to lay consumers.”

However, in the meantime, Tokas said that users who rely on centralized exchanges for their trading needs should “should select the exchanges they trade at quite carefully. Only exchanges with good reputations, clean track records and professionally capable management should be in the consideration set of traders.”

And of course, “traders can further mitigate the risks they face by keeping their non-trading balances in their own cold wallets, instead of leaving them on exchanges.”

Finance Magnates reached out to Golix, but did not hear back before press time.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 58 Followers
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.

More from the Author

CryptoCurrency