Lose your password and lose out on millions? 

min readpublished onupdated on

You’ve probably seen the headlines: the loss of bitcoin passwords has resulted in the loss of cryptocurrency fortunes. How is this even possible and more importantly, how can it be avoided? But first, we will take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets.

Lose your password and lose out on millions? 
Lose your password and lose out on millions? 
Table of contents

The headlines are telling: “Lost Passwords lock millionaires out of their Bitcoin fortunes,”[1] “A crypto exchange may have lost $145 million after its CEO suddenly died.”[2] Whether you are a CEO of a crypto exchange, passive investor or new to the crypto market, we are all subject to the same human fallibility that is losing or misplacing one’s password and thus we are all equally at risk of financial loss. Lose your password and lose out on millions? The question arises of how we can safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded. 

In spite of the considerable consequences, the problem is a simple one and a simple solution exists. But first, in order to better understand what’s at work here, let’s take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets.

A crash-course in cryptocurrency 

In today’s world, assets are increasingly digital (“Digital Assets”). Bitcoin, Etherum, Litecoin, Cardano, Stellar – these are just a few of the more than 4,000 cryptocurrencies in existence as of January 2021[3]. We won’t delve too much into the background of cryptocurrency, there are plenty of articles and YouTube videos available that do an excellent job in that respect, but at its most basic cryptocurrency is the virtual or digital representation of currency in certain environments or situations, often taking the form of virtual “coins” or “tokens.” The latter of which is not limited to merely representing a currency but also functions as an investment tool to commodify digital creations.

The network 

The best known, and most widely used of these cryptocurrencies, is Bitcoin. This example of a Digital Asset, and those like it, are for the most part managed by a decentralized network of computers that use blockchain protocols and open-source software which all adhere to the same pre-defined rules concerning cryptocurrency. This software enables one to create a digital wallet where the so-called “keys” to the bitcoins are stored. 

To better explain the mechanism of crypto-keys, let’s take the analogy of a traditional bank, whereby you are provided a bank account number, a security pin and in today’s digital age, password protected access to an online account. As applied to cryptocurrency, instead of accounts, pins and passwords, we have keys and a seed.

The keys 

More specifically, there is a public key and a private key. The public key is like the bank account number, the receiver shares these coordinates with the sender so that they know where to send the money. The private key is akin to a bank pin number, or the series of numbers you enter to prove, for example, that the funds attached to the credit card you are using actually belong to you.

The seed 

Lastly, and what mostly concerns us today, is the password, or “seed”, which allows you to gain access to your digital wallet by unlocking, or ‘decrypting’, your private key. This password is made up of a sequence of 12 to 24 automatically generated words known only to the you, the owner. 

 So in our example of the traditional bank, if the public key is an account number and the private key is the pin number, then the seed is your password that ‘unlocks’ and gives you access to your online account. Except, unlike a normal online bank account, there is no option to re-establish a forgotten password. The password, or seed, if lost means that all is lost, including your millions!!

Cryptocurrency transactions via Digital Wallets 

As we said above, cryptocurrency, like any other currency, can be used to purchase products, services or effect other types of transactions. But since we are not dealing with cold hard cash, how does this work exactly? The typical practice for holders of cryptocurrency is to utilize cold wallets, hot wallets or a combination of both.

Cold Wallets for the security-first mindset 

Cold wallets, or ‘hardware’ wallets, live on tangible devices such as a USB stick. The device must first be connected to the internet, the password entered to decrypt the private key, and then it provides an in-device signature that allows one to make secure transactions. The private key never leaves the device so no malware in existence today can forge its signature. Trezor and Ledger are two popular brands of cold wallets.

While more secure, cold wallets, unlike hot wallets, require the intermediary step of connecting to the internet to make a payment, for example, and are thus considered less user-friendly.

Hot Wallets for transactions on-the-go 

Hot wallets are an online storage system, whether web-based, mobile or on a desktop, that contain both the private and public keys permitting easy access to the stored cryptocurrency in order to make exchanges between currencies, products or services on-the-go. Since hot wallets contain both keys and are always online, hence the ‘hot’, there is no need to connect a separate device to the internet in order to make a cryptocurrency transaction. MetaMask and Crypto.com are two examples of this kind of digital wallet. 

However, given the digitalized nature of the storage system, this form of wallet is, as you may have already guessed, vulnerable to malware, hacking and cyberattacks. 

Combination Wallets for the savvy investor 

In simplistic terms, the difference between hot and cold wallets is like the difference between withdrawing cash from a bank teller or swiping your credit card – withdrawing cash requires physical presence and valid id, whereas a credit card while efficient and fast does not always require additional levels of security, like in the case of contact-less payments, and is more vulnerable to theft or misuse.

Some savvy cryptocurrency holders use a combination of the two, storing only a portion of their valuable asset on a hot wallet like a mobile device and the remaining, majority portion, on a cold wallet and making monetary transfers between the two as needed.

Lost Passwords and Inaccessible Wallets

If security is the priority, the best choice of digital wallet is hands-down a cold wallet. But even in this instance, what happens if you lose, misplace or forget your password? Or your hardware is damaged in a fire or corrupted while reformatting? Given cryptocurrency’s unusual nature, the consequence is finding yourself permanently locked out of your cryptocurrency investment and, in the majority of cases, having no recourse.

A poignant example is found in the case of Stefan Thomas, a German-born programmer living in San Francisco, who has a digital wallet in the form of a small hard drive - a cold wallet - that holds over 7,000 Bitcoin worth more than 200 Million USD at its height. This digital wallet gives users 10 guesses before locking them out permanently and leaving its contents encrypted forever. The problem is Mr. Thomas wrote his password down on a piece of paper and lost it years ago. Two more wrong attempts and he will permanently lose his ability to cash in on his Bitcoin investment. 

Lost passwords aren’t the only risk. A British man recently discovered that he had accidently tossed his Bitcoin hard drive wallet out with the trash and was offering the city 25% of the value, approximately 91 Million USD at the time, to excavate the landfill. His request was denied.

These are not cases of a few unfortunate or unlucky souls. According to the New York Times, using data compiled by the cryptocurrency data firm Chainalyis, of the existing 18.5 million Bitcoin, around 20 percent — at one point worth around $140 Billion USD — appear to be in lost or otherwise inaccessible wallets[4].

These examples bring us full circle to the question posed at the start: how can we safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded?

Protect your Digital Assets with the Crypto-Safe 

Many cryptocurrency experts advocate the old-school method of protection: a bank safety security box. But alas, even then, you have to keep track of the key. Let’s put it another way: it took seven years for Bitcoin to go from nothing to knighting newly minted millionaires. If you were just a passive investor at the time, where would you have stored a password for 7 years, not knowing in advance whether the cryptocurrency would ever come to something, let alone a million somethings? As the saying goes, modern day problems require modern day solutions. 

Enter, Vaultinum’s crypto-safe. Vaultinum, an independent third party dedicated to the protection of digital assets since 1978, has been investing to meet the challenges of new uses for repository services in an ever-changing world. Over 3,500 clients from around the globe have entrusted Vaultinum with the protection and security of their Intellectual Property as well as their strategic immaterial digital assets, such as know-how, laboratory notebooks, algorithms, trade-secrets, sales methods, private keys, etc.

Vaultinum, in a natural progression, took its secure Deposit solution that protects an individual or entity’s valuable digital assets and developed the crypto-safe to offer the same level of protection to holders of cryptocurrency, be it a copy of their password or cold wallet.

How do Deposits in Vaultinum’s Crypto-Safe work?

Deposits in the crypto-safe come in two forms: physical deposits, for example a USB stick, where the storage medium is sealed in a secure vault based in Switzerland, or online deposits using a secure VPN and military grade encryption. 

Once deposited, the Digital Asset is secured using asymmetric encryption based on blockchain algorithms, hash functions/fingerprint creation and electronic timestamping to guarantee the integrity of the transmitted elements. Vaultinum’s legal and technical experts then:

  • verify the content of the digital asset; 
  • attest to the depositor’s ownership;
  • record the content and creation dates; 
  • provide a Deposit certificate to the owner. 

 Regardless of the format, depositing your Digital Asset with Vaultinum is an essential step towards protecting your investment.

Accessing the Crypto-Safe to retrieve your Digital Asset 

When it comes times to retrieve your password or cold wallet, the process is simple but more importantly, it is secure.

After receiving the client’s request for access, Vaultinum’s Legal Commission confirms ownership of the deposit through a strict verification process, or in the case of a deposit escrow, the triggering event, permitting access to the deposit.

Once the Legal Commission has verified the deposit owner, the Chief Compliance officer designates 4 agents to make up the Access Commission who initiate the release as follows: 

crypto safe release process

In this way, no one agent acting alone could access the digital assets secure in the crypto-safe. Within 24 hours the Access Commission breaks the seal, a copy is made on a digital support and provided to the verified owner and the original resealed digitally.

Take it one step further and consider leaving a legacy 

Vaultinum’s Deposit solution is more than just a secure repository for a valuable Digital Asset, Vaultinum can also act as a trusted third party in the context of escrow, whereby you can choose a beneficiary to receive the Deposit based on a pre-defined event.

Combination of Deposit and Escrow solutions 

At its most basic, depositing assets in escrow means entrusting the asset with a third-party who undertakes to safekeep and release it to another party upon the occurrence of a pre-defined event. A person or entity places the asset, or a copy thereof, in trust with a third-party (an “Escrow Agent”), who holds this for the Digital Asset owner until another person or entity (the “Beneficiary”), obtains access to the asset if certain conditions, agreed in advance with the Digital Asset owner, are met.

Deposit Escrow for an Individual

In practical terms let’s take, for example, parents who decide to invest in an as yet unprofitable cryptocurrency in the hopes that, twenty years later, their hunch pays off. First, they would make a secure deposit in Vaultinum’s crypto-safe of their password or other Digital Asset. Next, they could take advantage of Vaultinum’s certification as a trusted Escrow Agent to name a Beneficiary. 

In our example, the parents could name their child as Beneficiary to receive the Digital Asset upon their death or upon the occurrence of a pre-defined event. By doing this, they ensure the secure and verified release of the investment password to their child.

The same principle could apply to pledges. You could pledge access to a wallet that you have created to someone if a pre-defined event occurs. Vaultinum in these cases, in addition to safeguarding the Deposit and implementing the stringent process of releasing it securely will check the ID of the beneficiary and validate the existence of the triggering event. ID checking and event validation processes can be pre-defined by you in advance.

Deposit Escrow for a Company

Depositing Digital Assets in Escrow works for companies as well. Let’s take the case of Gerald Cotton, the CEO of the Canadian Digital Currency Exchange, Quadrigacx, whose sudden death also meant the loss of the password necessary to open the exchange’s digital vaults. As he was the only one to have access to it, thousands of crypto currency owners were left without the ability to collect their assets resulting in a total loss of approximately 145 Million USD.

Had he deposited his password in a crypto-safe with an escrow clause, it could have been released to Beneficiaries upon his death and enabled them to claim or distribute the assets as pre-agreed. 

As a result of these easily avoidable situations, the combination of deposit and escrow mechanisms are flourishing to both protect Digital Assets by storing them in crypto-safes and providing a secure way for potential Beneficiaries of such assets to access them. Blockchain technology and Oracles can also be used to validate the occurrence of a release triggering event.

Final Words

When it comes to cryptocurrency, the concept can be quite complex: keys and seeds, hot and cold wallets, lost passwords and inaccessible assets. But the end goal is the same as any other investment scenario, to protect the keys to your investment. 

In this respect, Vaultinum can be the perfect partner to help you out. We provide secure Deposits in our crypto-safe for the protection of your password or cold wallet. With 40 years of experience in protecting IP and Digital Assets we can help you protect against a faulty memory or an unforeseen event. 

We even combine our Deposit solution with our escrow services to cover all your bases. Using this service, you can choose a Beneficiary to receive the Digital Asset upon the occurrence of a pre-defined event, relying on Vaultinum, as Escrow Agent, to ensure a smooth and secure release. 

So, don’t trust your memory to an unknown future; contact us at Vaultinum today for a more secure tomorrow.

Disclaimer

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

[1] Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

[2] Shane, Daniel. “A crypto exchange may have lost $145 million after its CEO suddenly died.” CNN Business, 6 February 2019, https://edition.cnn.com/2019/02/05/tech/quadriga-gerald-cotten-cryptocurrency/index.html#:~:text=(CNN%20Business)%20%E2%80%94&text=Quadriga%2C%20Canada's%20biggest%20cryptocurrency%20exchange,Disease%20while%20traveling%20in%20India.

[3] Conway, Luke. “The Most Important cryptocurrencies other than bitcoin.” Investopedia, Dotdash Publishers, 19 January 2021, www.investopedia.com/tech/most-important-cryptocurrencies-other-than-bitcoin/

[4]Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

Philippe ThomasPhilippe is the CEO of Vaultinum. An expert in new technologies and high finance, and after 20 years in the international fintech industry, Philippe now heads Vaultinum.

Recommended for you