The only person who knew the passwords to unlock their funds is dead.
First of all, this is weeks old news. Secondly, it is no longer accurate. Cotten hasn't taken the passwords to his grave, because it is unlikely he is dead and there are no funds in the wallets anyway.
It sounds extremely unlikely and terribly irresponsible for an exchange to leave all the funds to a single individual for obvious reasons.
They managed to break in to Cotten's laptop, and discovered that Quadriga's cold wallets were all emptied months before his alleged death. Fake accounts with fake funds were create on the Quadriga exchange to buy real users' bitcoin, and that bitcoin was transferred out to these cold wallets, and later transferred to other exchanges to be sold. This was a massive money laundering scheme and/or exit scam.
Honestly, even without these new developments, it was pretty clear that we've got an exit-scam on our hands here. I'm not buying the owner-died-and-took-the-keys-with-him in a thousand years. The fact that he 'supposedly' died in India makes it even fishier because he could've very well paid a very big sum for a fake death certificate and gotten away with it. The more I am thinking about it the more everything starts to fall in place. He (and possibly people around him) carefully planned this scam.
Third parties being unable to access funds without knowing the private key/seed phrase/passwords isn't a flaw - it's a security measure (and a very attractive on at that).
It really isn't. With the ability to transact freely and in a (pseudo) anonymous fashion comes great responsibility. If you are too lazy to take a couple of security measures and give in on convenience (in exchange for your freedom and excessive service fees), the jokes on you.
Crypto's biggest flaw continues to be users trusting third parties to look after their coins for them.
As of right now, it is, arguably, the biggest problem in crypto. As the infrastructure, that allows secure peer-to-peer transactions, starts to become available (and it will) this problem will fade very quickly. But until then, stay alert and remember folks:
"Not your keys, not your coins."