First of all, this is weeks old news. Secondly, it is no longer accurate. Cotten hasn't taken the passwords to his grave, because it is unlikely he is dead and there are no funds in the wallets anyway.

They managed to break in to Cotten's laptop, and discovered that Quadriga's cold wallets were all emptied months before his alleged death. Fake accounts with fake funds were create on the Quadriga exchange to buy real users' bitcoin, and that bitcoin was transferred out to these cold wallets, and later transferred to other exchanges to be sold. This was a massive money laundering scheme and/or exit scam.

Third parties being unable to access funds without knowing the private key/seed phrase/passwords isn't a flaw - it's a security measure (and a very attractive on at that). Crypto's biggest flaw continues to be users trusting third parties to look after their coins for them.