Reading Time: 2 minutes

The death of QuadrigaCx founder Gerald Cotten, has ignited a yellow signal in the crypto market. That’s because Cotten was the only one holding the customers’ private keys. The death was confirmed by Indian authorities in February of this year. So what? The brokerage owes about US$ 190 million to them. He also applied for credit protection in the court of Nova Scotia, Canada.

There are a number of security measures that a crypto firm can adopt to avoid the error committed by QuadrigaCx. The first step is to work with total transparency in the management of resources and access. “In the case of Transfero Swiss AG, for example, all executive members (five) have access to the company’s cold and hot wallet keys,” says CIO Márlyson Silva. “Besides this, it is not allowed for two directors and/or international partners to take the same flight, for example,” he adds.

Money management and crypto

The executive also says that Transfero does not manage and save money for customers. That is, for those who just want to buy cryptocurrencies, the firm validates the customer’s information, confirms and closes the purchase order, and sends the cryptos to his wallet. Likewise, in the case of investors wishing to buy crypto to invest in a portfolio, the company adopts the same measures (validation, confirmation, and closing) and sends the cryptocurrencies to the portfolios of the investor portfolio.

Besides this, when customers transfer their own resources in cryptocurrency to the company’s wallet, multi-signed portfolios are used. That is crypto wallets in which at least three people need to validate the operation. If the transaction is part of the daily operation, the Swiss firm uses an operating portfolio where customer resources are concentrated. For portfolios (management) cases, depending on the size of the investment, the management of the client’s resources is done in a separate portfolio but also multi-signed.

Backup and cloud

“Information security is guaranteed within the standards guaranteed by the service providers we use in cloud providers such as Amazon and Microsoft provided they are configured appropriately following the best practices and processes for their use,” said CIO Márlyson Silva.

“Internally our systems have strict authentication and authorization controls to ensure that only appropriate employees can have the degree of access and visibility of the information strictly necessary for the scope of their activities. Each action of access (reading), editing, or creation of a new record, whether it is a transaction or a new customer record, generate log information that we call audit. That is, even an access that does not change information in our database, such as a query, generates an audit record that identifies the employee who made this access, so we have the history of an eventual investigation into the access of our information, ” reinforces the CIO Márlyson Silva.