Cryptocurrency revolutionises money because you no longer have to trust banks. Instead, you have absolute control of your funds, through an unhackable version of a password called a Private Key. Absolute control is, however, a double-edged sword, as theft or loss of the key can be terminal. There are simple ways to mitigate those dangers but how do you plan for the ultimate calamity - your death - without reverting to trusting someone or some institution? NGRAVE has a unique solution to the conundrum of crypto inheritance.
The morbid side of decentralised money was brought into dramatic focus by the death in 2018 of the CEO of Canada’s biggest bitcoin exchange who took the keys to his customers’ crypto to the grave.
We’ll unravel the story of Quadriga, and the mystery of Gerald Cotten’s untimely death, then walk through NGRAVE’s unique model for crypto inheritance. However, to make sense of both of those threads, we first need to take a little detour to explain more about the zero-sum nature of crypto custody.
The zero-sum nature of crypto custody
In order to spend the funds held by a cryptocurrency address, you need to connect to the blockchain - via the internet - and provide two signatures specific to that address. Those signatures come from a Public Key, that only specifies its location (address) and a Private Key, that enables any crypto associated with that address, to be actually spent.
As the name suggests, a Public Key is intended to be shared, while a Private Key - like a password - is for your eyes only and so must be protected at all costs.
This is where the word cryptocurrency comes from; money that is protected by cryptography. Mathematics enables crypto to function as decentralised money, free from a central authority - with all its associated problems.
But being ultimately responsible for your money, via Private Keys - or more commonly a string of 12-24 words called a Recovery Seed - presents a paradox.
It is near mathematically impossible to crack the cryptography used to generate Private Keys/Seeds, but theft, loss or death can each render your funds irretrievable.
To guard against theft you can employ security best practices; storing your funds offline in a cold wallet like the NGRAVE ZERO and maintaining a code of silence about your stash.
To guard against loss you can record a backup of your Private Key/Seed on a durable medium like the NGRAVE GRAPHENE and store it securely offline.
But following those golden rules can lead to a literal dead-end if you pass away without putting an inheritance plan in place. But that requires some level of compromise in relation to communication and trust.
Individual vs Collective Responsibility
The dynamics of sovereign money change where responsibility doesn’t just fall on a single person, but is a collective responsibility. For example, a business like an exchange enables its users to buy and sell cryptocurrency by holding their funds in custody. So they have ultimate control of the Private Keys of their customers.
Crypto exchanges are, therefore a compromise between security and convenience. Security because those Private Keys are a honey pot for hackers, and convenience because they must instantly meet the ongoing needs of customers and allow their service to run smoothly.
That compromise can be handled in a couple of ways:
1 - Segregate funds in different types of storage
To meet ongoing needs of withdrawals an appropriate proportion of funds can be kept in what is known as a hot wallet. Think of it as a cash float. It is still protected behind Private Keys, but the simple fact of being online by default raises the risk level because no system is 100% secure.
The remainder of funds will be kept in cold storage, offline by default, providing the highest level of security. This is what NGRAVE’s hardware wallets provide for individuals, the cutting-edge security of offline storage.
2 - Use Multi-Signature approval for withdrawals
In addition to balancing funds between hot and cold wallets, exchanges can increase security by ensuring that the moving funds from either location doesn’t have a single point of failure. Every transfer must be approved by signatures from multiple people - multisig for short.
Multisig protects against the risk of insider embezzlement, as all signatories would have to be in on the theft. It also dramatically increases the complexity of hacking, as several points would need to be compromised concurrently and discourages in-person attacks for the same reason.
Subscribe To The NGRAVE Blog
Get the latest insights on crypto, security, blockchain, and more.
Crypto custody & the case of Quadriga
Now if we turn to the case of QuadrigaCX, which at the time that it collapsed was Canada’s largest bitcoin exchange, we find that as a business Quadriga wasn’t properly segregating funds and wasn’t using Multisig.
CEO, Gerald Cotten, made himself the central point of failure and hadn’t put any plan in place to enable access to Quadriga’s wallet in his absence. Which became a huge problem when he died suddenly on holiday in India on December 9th, 2018.
In an affidavit, his wife, Jennifer Robertson, stated that at the time of her husband’s death he had sole control of the cold wallets for C$250 million in various cryptocurrencies belonging to 115,000 affected users.
Quadriga morphed into a financial scandal worthy of international headlines when exhaustive blockchain analysis eventually showed those cold wallets to be empty. Remember blockchains are impossible to hack but easy to verify.
Worse still, the trail led from Quadriga to other exchanges where Cotten had been trading customers’ funds with leverage and losing, with disastrous consequences.
Disgruntled customers dug into Cotten’s personal life and found enough evidence to convince them that maybe he wasn’t dead after all.
Here’s a summary of the red flags that set Reddit alight:
Cotten changed his will just twelve days before his death, with detailed consideration for taking care of his two pet chihuahuas, but nothing about Private Keys
Cotten had a pilot’s license, suggesting he was capable of flying solo to a remote destination
Cotten had been involved in previous financial scams, as had Quadriga’s co-founder, Michael Patryn, who had previously served jail time for identity theft
Cotten’s name had a typo on the death certificate
Cotten died of complications from Crohn’s Disease which is rarely fatal
Cotten’s wife had changed her name three times
Cotten died in India where theorists believed it was easy to buy a fake death certificate
More than a month passed before Cotten’s wife posted news of his death on the Quadriga website
The Quadriga story had all the right ingredients to suggest Cotten had faked his death to pull off an exit scam. This idea continues to be debated and discussed in podcasts, documentaries and social media.
But if you put aside the speculation and circumstantial evidence, at its core Quadriga is a reminder of crypto’s central maxim - not your keys, not your coins - and the reality that without estate planning your crypto will die with you.
Not your keys, not your coins
Though the Quadriga scandal has generated endless column inches debating whether Cotten is sipping cocktails on a remote beach with a new face and identity, the exchange’s customers are left dealing with real financial loss.
The sad truth is that despite the theft of $190million in customer funds, Quadriga doesn’t even make the top 10 crypto hacks. Exit scams are just one of several exploits that can put your crypto at risk when your Private Keys are not in your control.
Even when you retain that control, the simple fact of storing crypto in a hot wallet - online by default - common practice in DEFI, dramatically increases the risk of becoming another crypto crime statistic.
Crypto-related crime was estimated to have hit $14bn in 2021 and the problem isn’t going away. It is becoming something of a cliche but in terms of the development of the blockchain-based economy, ‘we are early’. There is an ongoing battle between innovation, regulation, education and criminal opportunists - some of latter being state-sponsored groups.
Right now, the best way to protect your crypto is cold storage, using a secure hardware wallet like the NGRAVE ZERO and following best practice to store your Seed (highlighted above). And if you don’t want your crypto to die with you, there are some steps you can take to pass it on.
How to manage crypto inheritance - Dead Man’s Switch
It might sound like a title from the Pirates of the Caribbean franchise, but A Dead Man’s Switch describes a safety trigger for machinery that is triggered when the operator is incapacitated, or at worst, dead. NGRAVE has combined this concept with their own unique system for storing the perfect key generated by the ZERO cold wallet.
When combined with two other key elements the Dead Man’s Switch concept can provide a means to bequeath crypto without the need for trust.
The last part is critical. Crypto is money that functions without trust, so we’re assuming that if you want a solution for crypto inheritance, it retains that trustless quality, otherwise it is self-defeating.
If not, then you can simply leave your Private Key/Seed in your will and trust the executors to do the right thing, but crypto crime stats give us 14bn reasons why traditional estate planning is a sub-optimal solution.
The Dead Man’s Trigger approach to crypto inheritance is based on NGRAVE’s cold storage devices and Chainlink, a decentralised oracle provider. It can be divided into three components:
Effective Storage of the Seed/Private Keys - This should follow the ‘your eyes only’ principle with no one else able to access it.
A means of proving identity - A KYC provider will provide proof of the original identity of the Seed/Key owner, as well as the intended beneficiaries but have only partial access to information that can reconstruct the Seed/Key.
The Dead Man’s Trigger - In order for the trigger to be decentralised, it needs to be blockchain-based, but blockchains cannot interact directly with data from the outside. Oracles - like Chainlink - provide this messaging layer to feed Smart Contracts, digital agreements that can be automated to execute specific actions based on the data they receive. In this case, data proving someone’s death, with the action being to release the other part of the Seed/Key.
To make sense of NGRAVE’s procedure for crypto inheritance it will help to understand the following terms:
GRAPHENE - consisting of two stainless steel plates - resistant to temperatures up to 1375°C (2507°F), water, corrosion damage and shocks. The steel sheets are used to physically imprint NGRAVE’s Perfect Key.
One plate is a blank piece of stainless steel, while the other is a grid consisting of 64 columns, each with 16 character options (0-9 & A-F) and holes, for a total of 1,024 positions.
The grid plate fits exactly onto the blank sheet, and the user punches the Seed generated by the ZERO during set-up, through the corresponding holes in the upper plate, embossing the Seed onto the lower plate.
A pen is provided featuring a click-mechanism that automates the physical power exertion required to “punch” the hole in the lower GRAPHENE plate without damaging the upper one.
NGRAVE’s Seed the ‘Perfect Key’ - a 64 character pattern - the equivalent of a traditional mnemonic phrase Seed - generated from a combination of number and letters generated by the NGRAVE ZERO during the setup process.
KYC - Know Your Customer, shorthand for identity and address verification.
Beneficiary - The person who you want to give access to your crypto funds after your death
Chainlink - An oracle service that relays data to blockchains from the outside world e.g confirmation of someone’s death.
Safety beyond the grave through Chainlink and NGRAVE
A dead man switch powered by the private key backup hardware of NGRAVE and Chainlinks’s decentralized oracle network.
Here are the steps to NGRAVE’s approach to crypto inheritance in full:
Step 1: Engrave & store your Seed on the NGRAVEs GRAPHENE plates
The NGRAVE ZERO - our flagship cryptocurrency hardware wallet - generates a “Perfect Key”, the hexadecimal version of a 24-word Recovery Seed.
Back up the Perfect Key on the NGRAVE GRAPHENE, using a punch pen that makes holes in the lower plate through the overlay holes in the top plate. Only when both plates are placed on top of each other will they reveal the key.
Securely store the plates separately.
As part of the GRAPHENE product package, you will receive a unique recovery ID to request an identical top plate configuration replacement from NGRAVE.
Step 2: Using a third party KYC provider and Chainlink for recovery of the Lower Plate
To assign a Beneficiary, both you and the intended Beneficiary need to do KYC via a third party KYC provider. That connection can include a message sharing the location of the Lower Plate
When the Beneficiary wants to get access to the LP location, they will have to prompt the third party KYC provider, ideally with a death certificate.
The KYC provider will then prompt Chainlink’s oracle function to confirm with a relevant obituary. With validation received from Chainlink, the KYC provider can release the location message, to the Beneficiary.
Step 3: Using NGRAVE for Top Plate recovery
Every Top Plate shipped by NGRAVE as part of the GRAPHENE product contains a unique recovery ID. You can safely give this ID to your Beneficiary, as it will be useless on its own, who can send it to NGRAVE requesting a replacement in the unfortunate circumstances of your death.
Note that NGRAVE doesn’t keep a direct link between the Top Plate configuration and the recovery ID, instead it combines the latter with a dedicated NGRAVE key (not to be confused with the Perfect Key). The two “codes” together result in the Top Plate configuration. This adds additional security for NGRAVE’s part.
There are variations on the Dead Man Trigger approach that NGRAVE offer which provide a little more convenience but compromise on potential risk.
For example, NGRAVE can, on request, keep specific KYC data so that it can ultimately link one or more Top Plate configurations to your identity.
For the most security-conscious you can opt-out from NGRAVE holding any information at all leaving no viable recovery option beyond what you put in place yourself.
The future of crypto inheritance
NGRAVE are constantly reviewing the technology used within our products and across computing and information security. As they evolve the options for crypto inheritance will change.
Alternatives might include managing the entire process via Smart Contract, though these are exposed to the hot wallet risk mentioned above, and don’t currently offer a robust way to trustlessly store and validate identity.
Another interesting option is Trusted Execution Environments (TEE). Essentially a sealed off black box within a computer’s CPU can function as a Dead Man’s Trigger with the secure exchange of encrypted messages; Intel Software Guard Extensions is an example.
The TEE could receive an encrypted incoming trigger confirming death, and send an outbound message to trigger the release of Beneficiary details.
The whole area of crypto inheritance will have to evolve through sheer necessity, as in the next few decades the first generation of crypto owners will start approaching the end of their natural lifespan.
No one likes to contemplate their own mortality, but the idea that the crypto you spent your life protecting and growing, might simply die with you should be enough to consider the options for passing your stack on to your chosen heir when you mine your life’s final block.