Introduction

Imagine you are dealing with the loss of a loved one, and, to your horror, that loss is compounded by the realization that your loved one has not taken proper measures to ensure your family can access the assets they have left behind. While this can happen with any kind of asset, but when it comes to cryptocurrency investments, it’s unfortunately, a common occurrence.

For that reason, it is essential to understand the best practices surrounding crypto key management, especially in cases where an individual passes away and their family needs to recover their assets. This article outlines several key practices to ensure secure storage and potential recovery of crypto assets in case of loss.

There are several examples of millions of dollars irretrievably lost due to poor key management, in which the family or associates are unable to retrieve the assets because they simply can’t get hold of the keys.

Two of the most remarkable examples are Gerald Cotten, the CEO of the crypto-exchange QuadrigaCX, who died in 2018, taking all the keys to access more than 130 million dollars with him to the grave, and Matthew Mellon, who also died in 2018, with more than $500 million in crypto assets that were unable to be retrieved. Neither had taken sufficient steps to share the location of the digital keys needed to access their digital fortunes, which are quite probably lost forever.

Due to the pseudonymous nature of crypto and DeFi, there are no real statistics on the amount of wealth that is locked up through situations like these. We can, however, get a sense of what might be the case by looking at the top 100 dormant Bitcoin addresses, and examining those with no activity in at least a decade: this totals 397588 Bitcoin, or almost $40 billion at today’s prices.

Thinking about our future demise is never the most pleasant of activities, and so it is not surprising that many people put off the work and thought required to pass on their assets to their nearest and dearest. You may not have millions in crypto, but nevertheless, here are some recommendations and best practices to consider if you want to prevent any losses to your family’s inheritance.

‍

Present Care

Planning for the future includes planning for the present. There is no point in setting up a legacy if the inheritance is lost before you even die, and so careful key management should be the starting point.

Use Cold/Hardware Wallets: “Not your keys, not your crypto”

One of the fundamental principles of crypto security is to have complete control over your private keys. Our private keys are the key to your digital treasure chest. These keys unlock access to your cryptocurrency, making their security paramount. Cold wallets, such as hardware wallets like Ledger ones, offer an offline, secure solution for storing private keys. These devices are designed to keep the keys unconnected to the internet, thereby preventing them from potential hacking attempts or malware. By using a hardware wallet, you reduce the risk of unauthorized access to your crypto assets.

Employ Hardware Seed Phrase Storage

A seed phrase is a crucial component in recovering a crypto wallet. It consists of a sequence of words that acts as a backup to restore wallet access. Storing this seed phrase securely is vital. Hardware seed phrase storage solutions, like Cryptotag Zeus, provide a durable and secure option. These devices are resistant to fire, water, and other potential hazards, ensuring the long-term preservation of the seed phrase. By storing the seed phrase in a safe, you mitigate the risk of physical damage or loss.

Safeguard the Metamask or Any Other Wallet Seed Phrase on Hardware Storage

Metamask and many other blockchain wallets also rely on a seed phrase for wallet recovery. Just as with cold storage, it is advisable to store the seed phrase securely. Utilizing a hardware seed storage device can offer an additional layer of protection for the wallet seed phrase. By following this practice, you ensure that even if the computer or digital wallet is compromised (for example, if your phone or laptop is stolen), the seed phrase remains secure and accessible for asset recovery. With swift action, assets can be moved to a new wallet for safety.

Another option is to use a last will or dead man’s switch service like https://www.deadmansswitch.net/, where individuals can set up messages or instructions to access the keys in case a tragedy strikes. Please take into consideration that it wouldn’t be good practice to store the keys in these messages; instead, include instructions on how to find or retrieve the keys from another location. This is to prevent any potential leakage of information from these services

‍

Future Care

But in unfortunate cases where you are the family member or associate who needs to access the assets, here are some further tips to help you recover them:

Gain Access to the Individual’s Computer/Email/Phone

In the event of a person’s demise, accessing their computer, email, or phone becomes crucial for recovering crypto assets. By gaining access to these devices, you can retrieve important information such as passwords, private keys, and two-factor authentication (2FA) codes. Having access to the individual’s email account is particularly important for interacting with centralized exchanges (CEX) that use email-based login systems. If direct access is not possible, it is advisable to work with the relevant CEX on the specific case, as they should have established policies for such situations. If they do not, seriously consider moving to a different exchange.

Password Reuse and Brute-Forcing

Password reuse is, unfortunately, a common practice among many individuals. It can, however, be a potential avenue for asset recovery. In cases where the deceased person used a particular password for multiple accounts, their family might be able to generate a list of potential passwords to attempt during the recovery process. For example, if the person used a password for their Metamask wallet that was also used for other accounts, it is worth trying those passwords to unlock the wallet.

It is important to note that brute-forcing passwords is a time-consuming process and should only be attempted when there is a high probability of success. There is no point in mounting a brute-forcing attempt if the estimated time for success is a multiple of the age of the universe.

Review Paper Trails

Many people put critical information and credentials on physical documents to keep them safe from digital threats. During previous Red Team assessments, we saw that sometimes, the most critical information can be found in the most mundane places. Go through the deceased’s papers, notebooks, or other physical evidence to look for any information that might be helpful.

‍
Remember that a recovery seed phrase will typically be a sequence of 12 to 24 unrelated words. This may not immediately appear to be a vital key, but in the context of cryptocurrency, it could be just that.
‍

Additionally, some individuals might opt for steganography, the practice of hiding information within other non-secret text or data. It could be a poem where the first letter of each line combines to make up a password, a bookmark with a code, or a series of highlighted book passages forming a hidden message.

Lastly, safe deposit boxes, hidden compartments in furniture or clothing, or other secretive locations are also places where people may store such valuable information. It’s a process that requires patience and attention to detail, but turning over every proverbial stone could eventually lead you to the necessary information to access the digital assets.

Explore CEX Crypto Exchange Policies

CEX often serves as the primary point of interaction for many crypto investors. It’s important to remember that each exchange can have its own unique process and requirements. They will require proof of death (such as a death certificate) and proof of your relationship or legal authority to act on behalf of the deceased (like a will or court order).

The process usually involves these steps:

• Reach out to Customer Support: The first step is to contact the customer support team of the crypto exchange. Explain your situation, and they will guide you through the necessary procedures.
• Submit Necessary Documentation: As mentioned above, exchanges will typically require you to submit proof of death and legal authority. Some may also require additional documentation, like identification.
• Comply with Security Checks: Exchanges have robust security measures to prevent unauthorized access to users’ accounts. Even as a legally authorized representative, you may need to answer security questions or provide additional verification.
• Proceed with Asset Recovery: Once the exchange verifies your authority and all other necessary details, they will guide you through the process of recovering the assets. This could involve transferring the assets to another wallet or converting them to a traditional currency.

Patience is key here, as this process can take some time. While it can be a lengthy and potentially complex procedure, exchanges have these policies in place to protect the security and privacy of their users. The goal is to ensure that the right individuals gain access to the assets while maintaining the integrity of their services and the security of all users’ assets.

‍

Conclusion

Crypto key management and asset recovery after the death of an individual require careful planning and adherence to best practices. While those practices continue to evolve, there are a few simple yet effective measures that can be taken.

Using cold wallets, securely storing seed phrases using hardware wallets, or permanent physical records of the phrases kept in a safe, are among the best approaches to prevent losses.

If planning was insufficient, and you find yourself in the position of being an heir rather than a beneficiary, gaining access to relevant devices such as laptops, phones, and desktop computers is the first step. Consider examining password reuse to increase the chances of successfully recovering crypto assets, as it is likely that someone who is careless in planning for when they are deceased will also be lax when it comes to computer security.

Finally, it is essential to start now by educating ourselves and our family members or trusted individuals on these best practices to ensure the safe and efficient handling of crypto assets in the unfortunate event of a person’s passing.