Your last will and testament used to focus on things like physical property and cash in the bank. Now in a world of digital assets, that’s all changing. Jennifer Robertson should know.
She was the partner of Canadian cryptocurrency entrepreneur Gerald Cotten. Cotten, who founded cryptocurrency exchange QuadricaCX, passed away in India in early December due to complications from Crohn’s disease.
Cotten stored over CAD$180m of crypto assets in a cold wallet without giving the password to Robertson or anyone else. Cold wallet storage houses cryptocurrency addresses and the private keys to access them. Unless the forensic investigator that she hired is able to hack Cotten’s laptop or a separate encrypted USB key to get back the password, that money will go to the grave with the exchange’s founder.
The cryptocurrency addresses stored in these wallets aren’t pointers to value; they are the value. How can people protect this new class of precious information while being sure that it reaches the right people after their death?
The most obvious choice is to tell your heirs the password to the wallet. That’s enough for many people, who trust their significant other or their children. But can you trust them not to be compromised? What if someone steals your spouse’s password, or holds a gun to their head?
Mark Nunnikhoven, vice present of cloud security at Trend Micro and a 2018 SecTor keynote speaker, says that putting your crucial secret in a safety deposit box is the way to go. Then, leave a key in your will with your executor, which should be a solicitor.
Sure, but what if someone burgles the bank, or what if a rogue solicitor’s employee plunders the box?
“It puts two known, well-respected and well-monitored regulated pieces into play,” Nunnikhoven explains. Breaking a bank or a solicitor is more difficult than compromising a family member. It may not eradicate the risk entirely but it certainly mitigates it.
Others aren’t convinced. “It can take weeks or months to get access to that box even if the solicitor has the ability to go there,” explains Pamela Morgan. An attorney and author of Cryptoasset Inheritance Planning: A Simple Guide for Owners, she focuses on helping people manage crypto assets after their death.
She agrees that it’s important to distribute trust between multiple third parties rather than relying on a single point of failure. However, she prefers multi-signature (multi-sig) accounts.
Multi-sig spreads access to a crypto-asset between various private keys. A bitcoin address may not have one key, but a handful. Sending bitcoins from that address may require a proportion of those keys (for example, three of four) to be used together.
Doesn’t splitting signatures between people make it difficult for a person to control their own cryptocurrency? Not necessarily, says Morgan. Instead of distributing the keys between people, you could store them on devices under your control.
For example, one key could be on a Trezor hardware device, and another on a Digital Bitbox. Yet another could be on your phone. Each of these should be protected by a passphrase which you can easily remember. You could combine all of these yourself when transacting.
To make it possible for others to recover the assets after your death, you’ll still need to have a backup of each key. “The family needs to know where to find the backups of the seeds and put them together,” Morgan says.
Each member of the family could have a backup of the private key, along with the password to access that key on the hardware device in question. In the event of your death, those people could combine their keys to access the cryptocurrency addresses.
Wouldn’t it be possible for those other people to collude and steal your coins? Yes, theoretically, but it will be harder to arrange than if a single person held the only key.
You can also take measures to protect yourself based on the risk level, Morgan says: “People choose people from different sides of the family who don’t know each other or talk.”
There are still possibilities for collision and compromise in all of these scenarios, but every step you take makes it easier to recover your funds after death, and harder for others to steal them.
If you’re looking for a mathematically-provable problem that takes this risk entirely out of the equation, as I originally was, you’ll probably be disappointed. Bitcoin expert Andreas Antonopoulos, author of several books on cryptocurrency who has helped audit bitcoin exchanges, sums it up:
“This is not a problem that is solved by technology (alone), as the problem is not technical – it’s mostly a people-problem,” he says.
Unlike mathematical concepts, people are squishy. They forget things, hold personal grudges, and function in complex bureaucracies with rules that they then sometimes break.
Getting rid of that squishiness and uncertainty would mean eliminating people from the equation, but they hold and inherit the crypto-assets, so that isn’t realistic.
At its heart, crypto-inheritance is a key management problem that takes extensive social and legal planning. But one thing we have learned from Cotten’s unfortunate example is that keeping a cryptocurrency secret locked away and giving no one the key is not the way to go.