In the days following the collapse of FTX, one of the most well-known crypto custodians in the world, more than 220,000 bitcoin, with a value in excess of $3.5 billion, were withdrawn from crypto custodians.1 As more crypto and blockchain-based assets (crypto assets) flow into self-custodied solutions, practitioners must understand how to plan for the succession of not only institutionally custodied crypto assets but also self-custodied crypto assets. Here’s what practitioners need to know to understand the necessary planning for the succession of these assets and reduce the chances that crypto assets are stolen, lost or misappropriated in connection with the death or incapacity of the owner, regardless of how they’re held.
Basics of Crypto
Practitioners don’t need to be experts on crypto assets to help clients plan for their succession. Nevertheless, a basic understanding of the technology and key terms will better position practitioners to assist clients in planning for the successful transfer of crypto assets, though it’s important to note that the specific characteristics of each crypto asset is dependent on the protocol on which it’s built.
Cryptography. The term “crypto” comes from the word “cryptography,” which is the process of transferring data from one party to another in a manner that makes it difficult for anyone other than the intended recipient to decipher. The cryptographic aspect of crypto assets is by far the most difficult to understand, but the takeaway is that the backbone of crypto assets is well-developed and broadly used cryptographic protocols. In many cases, crypto assets are built on the same technologies used by intelligence agencies, financial institutions and other sophisticated players to transmit data securely.
Distributed ledger. The easiest way to understand the concept of a distributed ledger is first to consider that a conventional bank account functions as a series of ledger entries. When you write a check (if you still do that) or swipe your debit card, you’re effectively asking the bank to confirm whether the ledger maintained by the bank reflects sufficient funds in your account to make the purchase.
Distributed ledgers work in the same way, except rather than a bank maintaining the ledger, thousands of independent but interconnected computers (called “nodes”) each maintain an identical ledger reflecting not just your account, but every transaction from every account in the world, from inception. A transfer from one account to another is confirmed as viable only when a majority of nodes maintaining the network reaches a “consensus,” agreeing that the transferring account has sufficient funds to fulfill the transfer.
Blockchain. The distributed ledger reflecting rightful ownership of crypto assets is often referred to as a “blockchain” because of how it’s created and maintained. Crypto transfers that are confirmed as viable by a consensus of the network of nodes don’t automatically make their way onto the permanent record of the distributed ledger. Instead, viable transactions are bundled into “blocks,” and these blocks are linked together in a series—a “blockchain” —through a competitive process whereby any network participant dedicating the necessary resources can win the right to add a block to the permanent record and with it, some type of financial reward. This competitive mechanism creates an incentive for a distributed network of parties, each acting in their own self-interest, to both create and maintain the permanent record of the distributed ledger on the blockchain.
Public and private keys. In addition to functioning as a permanent record of transactions on a protocol, a blockchain serves as the source of truth for ownership of all outstanding crypto at any given point in time. Every bit of crypto on a given protocol is associated with a “public key” on the blockchain, and, as the name suggests, this public key is observable by any individual with access to the blockchain. Although each public key is visible to the entire world, assets associated with a public key can be transferred only through application of an associated private key, which essentially functions as signatory authority over the public key. Due to the transacting power associated with the private key, it’s typically closely guarded.
At a technical level, a private key is nothing more than information, a jumble of letters and numbers that the holder can use to transact with crypto assets. For ease of use, most crypto protocols provide a means to convert (again through powerful, well-established cryptographic protocols) a private key into a list of 12 to 24 words, known as a “seed phrase.” When produced in the proper order, the seed phrase can be used to reproduce the user’s private key. For all intents and purposes, a seed phrase is a verbal representation of the private key and should be treated as equivalent to the private key.
A private key is a unique form of property in that it represents an absolute ability to exert control over assets without the approval or participation of any other party. The closest parallel to a private key might be a bearer bond, in which mere possession of an item (the bond certificate) is sufficient to exert control over the underlying value. But a private key takes these concepts a step further in at least two respects. First, instead of a bond certificate acting as the source of control over value, a private key is nothing more than information. A photo or recording of a bearer bond certificate wouldn’t be sufficient to transact its value, but a crypto protocol doesn’t examine how a private key was produced. Second, there’s literally nothing—no banking institution or banker—that stands between possession of a private key and an ability to transact the underlying value.
Wallets. Because private keys are such a unique and powerful form of control and authority over property, the most important determination to make when planning for the succession of crypto assets is how private keys are held. In crypto, the method by which one stores access credentials is referred to as a “wallet,” and there are two basic options. A “hosted wallet” is a solution whereby private keys are held by an institution, often a crypto “exchange,” rather than the user. Because an institution controls the entire means of access to the underlying value, hosted wallets function in much the same way a traditional financial account would. By contrast, a “self-hosted wallet” (sometimes referred to as an “unhosted wallet”) is an arrangement whereby the user directly holds private keys. Self-hosted wallets can be accessed through anything from a handwritten note with a seed phrase, to a mechanical device akin to a thumbdrive, to a computer program or smartphone application allowing for the secure storage of data.
The decision about whether to use a hosted or self-hosted wallet is a matter of balancing convenience and risk. On one hand, a hosted wallet is convenient, functioning much the same way a conventional financial account does. The user can generally gain access from any computer or smartphone. The user logs in with a username and passcode, and the institution maintaining the hosted wallet can accommodate a transfer of the assets at the user’s death in a relatively straightforward way.
On the other hand, when an individual uses a hosted wallet, they must trust the institution maintaining the wallet. The recent turmoil in crypto, and in particular the crisis of confidence for third-party crypto custodians and exchanges created by the bankruptcy of FTX, has raised significant concerns about hosted wallets as bankruptcy proceedings threaten to wipe out assets that users held on the platform. Self-hosted wallets eliminate reliance on any other party to exert control over crypto assets, which can be an attractive feature. However, holding a private key in a self-hosted wallet means assuming the responsibility of safeguarding a valuable string of data, which as discussed in further detail below, can be a task of its own.
Planning With Crypto Assets
There’s little doubt that crypto assets are property and their legal ownership can be directed in a specific legacy or left to be swept up in a residuary clause. Armed with an understanding of key concepts, terms and strategies, practitioners can help clients work through both the legal and mechanical succession of crypto assets.
Limitations of Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA). Most states, as well as the District of Columbia, have adopted RUFADAA, which to the untrained ear might provide an adequate framework for dealing with crypto assets because it nominally addresses “fiduciary access to digital assets.” Unfortunately, significant limitations exist to the application of RUFADAA to crypto assets.
RUFADAA was released when crypto was in its infancy, and while it refers to “natively electronic assets and liabilities,” its prefatory note suggests that it was primarily meant to address granting access to electronic communications, such as emails, and other items that might be associated with an online account, such as photographs or digital music. More importantly, RUFADAA is focused on providing fiduciaries with a means to access digital assets from a third-party custodian. Although this framework might be useful in accessing crypto assets held in hosted wallets, it’s of no help dealing with private keys held in self-hosted wallets because there’s no third-party custodian to grant access to a fiduciary.
Understanding how crypto assets are held. A critical aspect of advising on crypto succession is understanding whether a client’s wallet is hosted or self-hosted. Unfortunately, this isn’t always a straightforward exercise. Some popular self-hosted wallet solutions are easily identifiable; however, many companies that provide hosted wallets, including Coinbase, also offer self-hosted wallets, and many crypto enthusiasts use hosted wallets with exchanges to purchase or sell crypto assets while transferring assets to self-hosted wallets for long-term holding. Complicating matters further, while some users may be aware of the distinction between wallet types, others may be completely unaware that there’s a difference for planning purposes. Due to these many complicating factors, it may be best to advise the client on the planning considerations and concerns regarding both hosted wallets and self-hosted wallets.
Planning for hosted wallets. There’s very little practical difference between planning for succession of a hosted wallet and planning for an account held with a bank. Crypto assets in a hosted wallet are custodied and controlled by an institutional service provider, so in the event of the user’s death, the service provider has the ability to grant access to a duly appointed fiduciary. Indeed, the terms of service for the arrangement will almost uniformly spell out this fact. Additionally, because there’s a custodian for hosted wallets, RUFADAA should also apply, granting an additional avenue to access the assets.
Planning for self-hosted wallets. As a legal matter, there shouldn’t be any distinction between succession of crypto held in hosted and self-hosted wallets. But a successful transfer of beneficial ownership is meaningless unless fiduciaries and beneficiaries are able to access and control the transferred assets, and it’s this mechanical succession of self-hosted wallets that most often goes overlooked.
At a high level, planning for the mechanical succession of a self-hosted wallet is an exercise in balancing convenience with security. We previously described the private key/seed phrase as akin to possession of a bearer bond, and it’s helpful to think of it in that way for planning purposes. If the only way for a client to exercise control over their account is with a list of 24 words, but anyone in possession of those 24 words can also exercise control over the account, what’s the best way to pass on that set of words so that only an intended recipient can access the assets in the account?
For some, the answer to this question is as simple as giving the seed phrase to a trusted individual, though this approach may put an executor or personal representative in a difficult situation if they aren’t this trusted individual. Others create an elaborate plan resembling a treasure hunt.
Key Components
Below, we’ve identified key components to consider when helping a client establish a succession plan for crypto assets held through self-hosted wallets. These components can be used together or separately in a plan that’s as simple or robust as the client desires.
Direct access by successor and primary succession concerns. The simplest solution is to provide successors direct access credentials for the wallet, for example by sharing the password or PIN code and location of a wallet or by providing the actual private key or seed phrase.
With this solution, and when planning for crypto succession generally, there are three primary concerns:
Stolen keys. As noted above, access credentials for crypto are effectively bearer instruments, so if an owner wants to keep succession as simple as possible by identifying a single successor with direct access, they must be aware that doubling the number of individuals with access to the private key also doubles the number of attack points bad actors might target to obtain the private key. For this reason, it will be important to make sure that the successor holds the credentials in a way that will limit unauthorized or unintended disclosure to others.
Lost keys. This is an issue that’s relatively specific to crypto. If private key information is lost or destroyed, it’s essentially impossible to gain access to the underlying value, making the permanent loss of access to crypto assets a very real possibility. If a user relies on passing their PIN code and the location of a cold storage device to their spouse and the device breaks or the spouse predeceases, no one will have the information necessary to access the underlying crypto assets. Similarly, if a seed phrase is shared with a trusted party and is later lost or destroyed, access to the assets will be lost.
Embezzled keys.Malfeasance isn’t crypto-specific, but due to the pseudonymous nature of crypto transactions (a public ledger allows you to identify the public key that receives crypto but not who owns the recipient wallet) and the proliferation of nefarious actors dealing in crypto, there’s a heightened focus on malfeasance within the crypto community. As is the case with any other asset, the best option for practitioners to address malfeasance concerns is talking to clients to ensure trustworthy successors are chosen. With respect to crypto, however, practitioners can also consider whether disaggregation of the private key (discussed below) makes sense.
Disaggregation. A popular technique for balancing the various concerns relating to the mechanical succession of self-hosted wallets is disaggregation, that is, breaking up critical information and having different pieces held in different places or with different individuals. For example, a client could hold half of their seed phrase in a vault at home and half in a safe deposit box. Or they could give half to one trusted advisor and half to another trusted advisor, while leaving separate instructions, perhaps in a letter of wishes, describing how to unify the information and gain control of the underlying assets.
As with any added complexity, disaggregation also increases the possibility that something goes wrong. If part of the seed phrase is lost for any reason, whether bad actors, human error or natural disaster, access could be lost permanently. Even safe deposit boxes aren’t completely safe, and the limited ability to insure the contents of a safe deposit box may give some clients pause in relying on them completely.
Redundancy. Another common technique for dealing with the mechanical succession of self-hosted wallets is redundancy. For example, rather than dividing a seed phrase between two trusted parties, the seed phrase might be divided among a larger group of people in a manner that allows various combinations to come together to produce the full seed phrase. This mixing and matching can be as complicated as a client dares to make it, but a simple example would be to divide a seed phrase in half and give the first half to two parties and the second half to two other parties. In that scenario, either of the two parties holding the first half can combine with either of the two parties holding the second half to generate the full key. This type of redundancy reduces the chances that one set of words is lost.
While redundancy decreases the likelihood of losing a part of the seed phrase, it may increase the possibility of stolen keys and embezzled keys. As noted above, the more individuals who have the information, the more points of vulnerability there are for a scammer to try to exploit. Additionally, due to the likelihood that a user needs to expand beyond their most trusted advisors to create redundancy, a fear of malfeasance due to the collusion of some of the trusted parties chosen is often cited as a concern by clients creating a succession plan.
Technological Solutions
A myriad of companies are working to provide technological solutions to the problem of self-hosted wallet succession, ranging from multi-signature solutions (requiring multiple people or devices to sign off on transactions) to digital vaults (to hold seed phrases or potentially a “treasure map”-type set of instructions to access the seed phrase). While many of these solutions have benefits, it’s important for clients and practitioners to construct a succession plan that considers the same basic questions around whether keys can be stolen, lost or embezzled.
Endnote
1. See“Bitcoin Exit From Crypto Exchanges Rises to 220K Over Past 10 Days,” Coindesk (Nov. 17, 2022), www.coindesk.com/business/2022/11/17/bitcoin-exit-from-crypto-exchanges-rises-to-220k-over-past-10-days/.