$14 700 000 USD

JUNE 2017

CANADA

QUADRIGACX

DESCRIPTION OF EVENTS

"Earlier this week, we noticed an irregularity with regards to the sweeping process of incoming Ether to the exchange. The usual process involved sweeping the ether into a ETH/ETC splitter contract, before forwarding the ether to our hot wallet. Due to an issue when we upgraded from Geth 1.5.3 to 1.5.9, this contract failed to execute the hot wallet transfer for a few days in May. As a result, a significant sum of Ether has effectively been trapped in the splitter contract. The issue that caused this situation has since been resolved." “In order to call a function in an Ethereum contract, we need to work out its signature. For that we take the HEX form of the function name and feed it to Web3 SHA3. The Web3 SHA3 implementation requires the Hex value to be prefixed with 0x - optional until Geth 1.5.6. Our code didn't prefix the Hex string with 0x and when we upgraded Geth from 1.5.3 to 1.5.9 on the 24th of May, the SHA3 function call failed and our sweeper process then called the contract with an invalid data payload resulting in the ETH becoming trapped.” “While this issue poses a setback to QuadrigaCX, and has unfortunately eaten into our profits substantially, it will have no impact on account funding or withdrawals and will have no impact on the day to day operation of the exchange. All withdrawals, including Ether, are being processed as per usual and client balances are unaffected.” “Data from EtherScan shows that the contract in question currently holds 67,317.25 ETH – an amount worth roughly $14.7m at current ether prices.”

It’s easy to forget the level of trust that Quadriga had in the market. The top upvoted comment reads “thank you for the statement and transparency and sharing all details”. Given failures and many hacking incidents, smart contracts should in general not be relied upon, and an exchange should always have redundancy and auditing checks built in for every single system. While some issues may be seen as inevitable, having an issue persist for 3 days without being noticed is troubling. While there are many steps which could have been taken to prevent or notice the issue sooner, and this incident did contribute to the depletion of reserves, it’s not the reason anyone ultimately lost their funds. This type of failure is very challenging to regulate, already in the best interest of the exchange to avoid, and rare compared to other types of failures which can occur. The exchange needs to transparently cover this shortfall, with the assistance of any hot wallet insurance.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.