QuadrigaCX: Using Cryptocurrency Forensics to Prove Fraud or an Exit Scam

Once Canada’s largest cryptocurrency exchange, QuadrigaCX has shut down apparently over their inability to access cryptocurrency assets held in ‘cold storage’. They claim they are no longer able to access these funds worth $250 Million CAD since their founder, Gerald Cotten, who apparently had sole access to these private keys passed away sudden on December 9th 2018. There is more and more evidence coming out suggesting this could be fraud. Blockchain and Cryptocurrency forensics can absolutely be utilized here to help determine if claims are fraudulent or if there is an exit scam or not.

Claims Made By QuadrigaCX

Almost all claims made by QuadrigaCX are disputed, including the purported death of the founder. Jennifer Robinson is/was the wife/widow of Gerald Cotten. The main claims made by QuadrigaCX are as follows:

  1. On January 15th, QuadrigaCX claimed Gerald died in India on December 9th 2018 as a result of Crohn’s disease, in India, while helping build an orphanage.
  2. Gerald was the sole bearer of private keys to all assets held in ‘cold storage’.
  3. The company has been unable to access assets held in cold storage since Gerald had sole access to them except those assets described in point #4.
  4. An independent consultant has  managed to obtain private keys to a very small & insignificant percentage of assets held that were previously inaccessible, but none that were on the ‘main computer’.
  5. QuadrigaCX provided death certificate supporting Gerald’s death published by a funeral home in Nova Scotia. The funeral home apparently verified on December 12th 2018. On February 5th, Coindesk obtain a death certificate from a government in India claiming ‘Gerald William Cottan’ (sic) died on December 9th 2018. The death certificate was issue December 13th.
  6. QuadrigaCX applied for creditor protection with a court in Nova Scotia on January 31st 2019 and on February 5th 2019 it was granted, and the court has appointed Ernst & Young as an independent monitor.
Problems with Quadriga’s Story
  1. Customers have had problems with both fiat and crypto withdrawals throughout 2018 and 2019. The problems became particularly apparent in the latter half of 2018 onward.
  2. CIBC had frozen business accounts worth over $20M since the start of 2018. Funds had been frozen by CIBC because Jose Reyes, the person in charge of fiat withdrawals at quadriga, attempted to transfer $2.3M worth of funds to his personal account.  The matter ended up getting resolved in court only a couple of weeks before Cotten’s death. The court had ordered the vast majority of the funds to be released.
  3. How is it that a single person was entrusted with all customer funds totaling approximately $250 Million CAD? Gerald also once stated in an interview that QuadrigaCX used multi-signature wallets.
  4. Gerald signed a will on November 27th 2018. In it he appointed Jennifer as the executor of his estate who he had just married a few months prior. He also outlined the distribution of his assets, including a plane, property, and $100,000 his two dogs.
  5. QuadrigaCX has failed to disclose their cold wallet storage addresses thus far. While these wallet addresses can be found, given the right time and effort through forensic analysis, disclosing the addresses upfront would make the process far simpler and would suggest they have nothing to hide. Once a cold wallet address is known, if funds are ever moved out of that address, it would indicate some type of fraud. But fraud from whom? Gerald (who might have passed away)? Jennifer? Select Quadriga employees? Or a combination thereof? Regardless, most of the cold wallet addresses are not known at this stage, not publicly anyways. Presumably, senior Quadriga employees and/or Jennifer know the public addresses, just not the private keys (or so they claim).
  6. It is not known where Gerald’s body is at this time. But if he really did pass away in India, there should be a body, obviously.
  7. The orphanage Gerald was helping to open appears to be legitimate. The organization, Angels House is a legitimate organization in India allowing people to sponsor homes for children. However, it’s not clear why Gerald would even travel to India as their website clearly states locals build the house and no involvement is needed from the sponsor besides money.
  8. It is rare for someone to die of Crohn’s at the young age of 30. It is even rarer for it to happen suddenly.
  9. Despite a death certificate provided by Jennifer, a search on the website of the funeral parlor in Nova Scotia returns no results for Gerald.
  10. India is known for an industry where individuals can acquire fake death certificates for a few hundred dollars.
  11. Quadriga had a second founder, Michael Patryn, who left in 2016. Mr. Patryn had apparently been working with digital currencies since 2002 (before bitcoin existed). However, it was discovered Mr. Patryn’s real name is Omar Dhanani, who was convicted as a member of the ‘shadowcrew’, that had trafficked stolen identities and credit cards via e-gold, a now-defunct digital currency that existed prior to Bitcoin.
  12. A report has suggested that there were never any cold storage reserves, and that the exchange never held more than 1000 BTC.
  13. Quadriga held fiat on other exchanges such as Kraken, who are already aware of some of Quadriga’s cold wallet addresses
  14. Many people used https://cryptocapital.co to fund and withdraw fiat currency to and from QuadrigaCX. Cryptocapital also works with a few other major exchanges, namely Bitfinex, Exmo, CEX and Coinapult. And it just so happens that all these exchanges are either insolvent as well or many people expect them to be insolvent, have major fiat and crypto withdrawal issues, and have prices that deviate far from the average market price to account for such issues and the likelihood they will collapse as well. Coincidence?
Why It Makes No Sense for Jennifer Robinson to Try and Commit Fraud

Although things appear extremely sketchy, it still does not make sense why Jennifer and/or senior Quadriga employees would commit fraud here for a multitude of reasons:

  1. Most cryptocurrencies are transparent in nature, therefore allowing anyone to track any transaction that has ever occurred, or any transaction that happens in the future. Quadriga’s cold wallet addresses can be tracked with the right amount of effort. Given the number of wallets Quadriga likely has along the use of tracking software would be highly useful in expediting the process. Once cold wallet addresses are found, and they will be found one way or the other, if transactions ever occur from those wallets, it will be clear that there is fraud going on.
  2. If there is fraud, who is involved & complicit and the fraud?  And who isn’t? Jennifer Robinson filed an affidavit attesting to some of the claims mentioned in this article. If she’s found to be lying about anything, that’s perjury, which she can go to jail for, even if she wasn’t involved in the fraud in any other way.
  3. Let’s suppose Jennifer is committing fraud here. Is her plan to escape to India at some point and meet up with Gerry? If she ever leaves the country, it will be flagged immediately. Perhaps Gerry will try to attempt to come back to Canada under a fake ID and live as a (rich) hermit for the rest of life in secret? I think not; he was already quite wealthy, and associating with anyone who knows his identity (including Jennifer) risks him getting caught. So perhaps Gerry really did die in India, and Jennifer sees this as an opportunity? It still makes no sense because the cold wallets will be found sooner or later, and if she ever moves the funds, people will know. But let’s assume for the sake of argument that no one at Quadriga or Jennifer knows the addresses and they can’t be tracked via forensics (which is not true of course). Authorities will be watching Jennifer for the rest of her life. If she starts spending more money than she should have, it’ll be flagged and she’ll then need to identify the source of the funds, which she won’t be able to do. In all likelihood I believe Jennifer is, for her part, being honest based on what she knows. But she may not know the whole story.
  4. Employees at Quadriga must know at least some of the cold wallet addresses. As they deal with the hot wallets regularly, they would presumably need to request funds from the cold wallets periodically, and also deposit funds from the hot wallets to cold wallets when funds in the hot wallets get to high. Are ALL the people at Quadriga who knew the cold wallets ‘in’ on it too? Because if there’s even one of them that isn’t, they can easily blow the whistle.
Why it does not Make Sense for Senior Quadriga Employees to Commit Fraud
  1. So perhaps a senior Quadriga employee (or two) has access to the private keys, unbeknownst to Jennifer. This still doesn’t make a lot of sense since the cold wallets will be found sooner or later. There are likely already a few people who at least know what the public addresses. So if those funds ever move, it’ll be known that someone has access to them.
  2. If it was only a senior employee or two who is committing fraud, it still wouldn’t explain all the mysterious circumstances surrounding Gerald’s death.
What is the Most Likely Scenario?

I used to be of the opinion that in all likelihood there was no fraud and that Gerald really did die due to the available evidence at that time along with the fact that it’s such an audacious stunt no one would ever dare attempt it since they would certainly get caught. Given the weight of the evidence at this point, I don’t believe this to be the case any longer. I’m not entirely convinced it’s an exit scam just yet, but at the very least things it seems unlikely that things are as QuadrigaCX claims.

Gerald is Alive and Pulled This Scam on his own

The scenario that makes arguably the most sense at this point is if Gerald decided on his own accord to fake his death, including to his wife who he would leave to deal with the fallout of his ‘death’, and then at some point takes the funds from cold storage himself. This scenario makes the most logical sense based on the current evidence because:

  1. It would explain why Jennifer is claiming he is dead and has no access to the funds, because it’s true as far as she believes. Filing the affidavit is not a crime is she genuinely believes what she stated. This of course means that Gerry did this knowing he would never see his wife again, leaving her to think he’s dead; a very sinister move indeed. But they did just get married merely a couple of months ago. Maybe he just married her in an attempt to cover his tracks?
  2. It makes sense from a timing perspective to stage a fake death at this point, right after the will and CIBC ruling.
  3. Gerald wouldn’t need to care about whether people find the cold wallet addresses or not since it won’t prove where his location. It wouldn’t even prove Gerald is alive either since presumably someone else could have access to the private keys too.
QuadrigaCX has Little to no Funds in Cold Storage

Another plausible scenario is that QuadrigaCX has almost no cold storage reserves as zerononcence suggested. If Gerald was attempting to make more money by using customer funds to bet for example, then lost those funds, it could make sense for him to try to fake his death rather than be convicted of some type of white collar crime. However, Gerry could also have presumably decided to stay in Canada and then claim he ‘lost the private keys’. But this would still have brought on a never ending series of lawsuits and few would have believed him anyway. Perhaps faking his death in India was an easier option?

The Role of Forensics Analysis

Forensic analysis is going to play a key role. Many are already attempting to conduct forensic analysis, but the situation is admittedly quite complex and more sophisticated than the cases we here at Cryptforensic Investigators primarily deal with; individuals attempting to hide assets in crypto in the event of divorce or bankruptcy in most cases.

Forensic analysis will help determine fairly conclusively what most (but not necessarily all) of the cold wallets are. If movement from those wallets is found after December 9th, there’s fraud plain and simple. The current forensic analysis done thus far has been done manually by amateur investigators, who have uncovered significant findings . A professional, thorough investigation is going to require forensic software to track the vast number of wallets and transactions. It could be done manually; it’s just not practical to do so give the sheer number of wallet addresses.

If at some point QuadrigaCX discloses its private wallets, forensic analysis can also be used to determine if the wallets are owned by Quadriga or if they’ve merely chosen a bunch of wallets with no activity since December 9th that have balances totaling roughly what they’ve claimed. Forensic analysis works through association. Many of Quadriga’s hot wallets are known and if the claimed cold wallets are too far away by association from the hot wallets, or if someone ever comes out claiming they own a wallet Quadriga claimed was theirs then someone at Quadriga is likely going to be on their way to prison.

Conclusion

In all likelihood, at the very least something fishy is going on but it’s too early to conclude just what. Forensic analysis is going to be a key tool utilized here to prove or disprove claims here; the blockchain doesn’t lie, and it’s available for all to see.

4 thoughts on “QuadrigaCX: Using Cryptocurrency Forensics to Prove Fraud or an Exit Scam

    • Paul Sibenik Post authorReply

      Just had a look at the transactions on that date in question. I could not find a transaction in that amount. It seems unlikely to me that Quadriga would like about something like that though. In all likelihood, there were multiple transactions from multiple wallets which is why I could not find a single transaction for the amount of 15.62074542 BTC

  1. Jack kester Reply

    Darker theory.
    He was murdered by some nefarious criminal org. They have the keys first then off him. It’s possible.
    That would be a serious mess.

  2. Cryptoinvest00221 Reply

    My guess is that Michael Patryn a.k.a “Omar Dhanani” has murdered him and set up the whole scam from the beginning.

    Michael Patryn a.k.a “Omar Dhanani” is the mastermind in QUADRIGACX Scam.

    Omar Dhanani aka Michael Patryn was one of 6 men arrested for internet ID theft and credit card conspiracy fraud back in 2005. They were operating Shadowcrew.com, a web mob of highly organized criminals. For more info google ShadowCrew.

    https://www.justice.gov/archive/opa/pr/2005/November/05_crm_619.html

    At the time ShadowCrew was busted by the US Secret Service Omar Dhanani was a resident of Fountain Valley, California. A search on Intelius lists Omar R. Dhanani from Fountain Valley, CA along with his relatives, Nazmin Dhanani and Nabatbibi Dhanani.

    http://www.intelius.com/people/Omar-Dhanani/Fountain%20Valley-CA/06DPMG23XKS

    Now here is where it gets interesting. Nazmin Dhanini and Michael Patryn have apparently registered several companies together, one of them being MPD Advertising:

    http://www.companiesofcanada.com/company/726420-8/mpd-advertising-inc

    Omar Dhanini relatives: Nazmin Dhanani and Nabatbibi Dhanani

    Michael Patryn: registered at least one company, MPD Advertising Inc with Nazmin Dhanini.

    Here is his interview talking about Quadriga: https://www.youtube.com/watch?v=b-3rFbcaYW4

    and here are his photos:

    https://s3.amazonaws.com/f6s-public/profiles/506409_original.jpg

    https://d1qb2nb5cznatu.cloudfront.net/users/675723-large?1439674629

    http://www.youngupstarts.com/wp-content/uploads/2018/08/Mike-Patryn.jpg

    Here is ona of the company which has been founded by Omar Dhanani’s aka “Michael Patryn”‘ & NAZMIN DHANANI:

    https://www.ic.gc.ca/app/scr/cc/CorporationsCanada/fdrlCrpDtls.html?corpId=7264208

Leave a Reply

Your email address will not be published. Required fields are marked *