Crypto Asset End of Life Planning How to Protect your Bitcoin When You Die

How to Protect Your Crypto Assets When You Die

You can’t take bitcoin with you when you die. So where does your bitcoin go? How can you ensure your cryptoassets move on to your loved ones?

Making end of life plans around your cryptoassets can be challenging. You need to protect your cryptoassets from theft today, but you also need to ensure their value transfers forward when you die (assuming you want someone to get your bitcoin).

This is increasingly becoming a problem that needs to be solved in the bitcoin community. You can find plenty of guides online about planning your cryptoasset inheritance system.

Jameson Lopp, blockchain infrastructure engineer, recently published an article titled Fifteen Men on a Dead Man’s Switch: Crypto Asset End of Life Planning Complexities.

We talked about Lopp last week when he stress tested several different cold storage devices. He exposed these devices to high levels of heat, stress, and tension to determine which one legitimately stood the test of time. Now, Lopp is focusing on his crypto assets.

How do you protect your cryptoassets today while simultaneously ensuring they go to loved ones when you do? Let’s take a look at what Lopp found during his research – including how to setup a secure dead man’s switch for your cryptocurrencies.

Remember That Your Relatives May Not Understand Blockchain Technology

One of the biggest problems with cryptoasset inheritance planning is that you have to assume nobody understands how crypto works.

There may come a day when everybody understands bitcoin and how to transfer crypto between addresses – but we’re a long way away.

It’s easy to leave cash and other assets for relatives. Leaving cryptoassets, however, can be more complicated.

The Optimal Solution Is A Dead Man’s Switch

You want to access your cryptocurrency today. However, you also want to setup a dead man’s switch, allowing your cryptoassets to be transferred at your time of death.

The tricky part is making sure nothing accidentally triggers that dead man’s switch. You want to make sure hackers can’t trick the switch, for example.

You can often find dead man’s switches on heavy machinery and similar equipment. They’re safety devices designed to protect everyone else when the operator is incapacitated.

A digital dead man’s switch, however, is trickier to setup than, say, that thing you’re supposed to clip to yourself on the treadmill at the gym. With a digital dead man’s switch, you’re dealing with long timescales and the most uncertain thing we deal with: our own deaths.

There Are Two Digital Dead Man’s Switches

Lopp mentions that there are two popular dead man’s switches available to internet users today, including:

  • Stochastic Tech’s Dead Man’s Switch
  • Google’s Inactive Account Manager

The problem with these dead man’s switches is security. Would you trust your entire life savings to the security of these dead man’s switches? What happens if these switches are accidentally triggered? What happens if a hacker manages to flip the switch and transfer your life savings?

As Lopp mentions, your best option is to use multiple services:

“…the optimal scenario would be to use hundreds or thousands of these services to bring the odds of all of them failing or colluding against you close to 0.”

Unfortunately, this isn’t realistic either, as nobody wants to setup hundreds or thousands of dead man’s switches.

“Thus it looks like the optimal solution is not a practical solution, at least not at time of writing.”

Nevertheless, there are options outside from dead man’s switches, including setting up an effective cold storage solution and distributing shards among your executors. Lopp explains this system in detail next.

Setting Up Cold Storage For Your Heirs

Lopp recommends setting up a cold storage system for your heirs. Ideally, this cold storage system would use an unhackable system like the Glacier Protocol. However, if you don’t have the time and money to implement the Glacier Protocol, then Lopp has a slightly more accessible solution:

Step 1) Buy a cheap laptop to act as an airgapped computer (i.e. a computer that isn’t connected to the internet). Something in the $300 to $500 range should be fine, because all it needs to do is boot from a USB drive

Step 2) Disable Ethernet, Wi-Fi, Bluetooth, the microphone, and any data input or output hardware. You can do this in the operating system settings. Or, if you’re feeling extra cautious, you can open the laptop case, expose the motherboard, and physically remove or destroy those parts.

Step 3) Wipe the computer, then install your favorite Linux distribution.

Step 4) Install VeraCrypt from a USB drive or other media

Step 5) Create an encrypted file container that you’ll use to store all of your seed phrases, private keys, and recovery data.

Step 6) Choose “standard VeraCrypt volume”

Step 7) Select your encryption options. Lopp recommends choosing an option that layers multiple algorithms, like a setup with AES(TwoFish(Serpent)).

Step 8) Choose the size of your container. Remember that private keys are relatively small. If you create a 100MB or 1GB container, then that should be plenty of room.

Step 9) Encrypt the container using a randomly-generated long passphrase. You can generate this passphrase by rolling device if you want to create your own randomization sequence. The passphrase should be 30 to 64 characters long. You can buy a 30-sided die. Or, use a normal 6-sided die paired with Diceware. The reason you’re rolling dice is simple: you want your randomness (your entropy) to be generated away from the computer.

Step 10) Format the file container as FAT. This will allow it to be compatible with all operating systems.

Step 11) Generate entropy in the window by moving your mouse around, then complete the creation of your file container. Close the creation wizard and mount the file container as a new volume.

Step 12) Copy all of your private keys, seeds, and recovery data into files on the newly mounted encrypted volume. Unmount the volume after all the data has been stored.

Step 13) Use Shamir’s Secret Sharing Scheme to split the decryption passphrase into your preferred setup. To decide how you want to split it, you’ll want to consider how many trusted friends and family you have. You’ll be sharing shards with each of these people. You’ll also want to leave enough overlap or redundancy to ensure the scheme doesn’t become useless if 1 or 2 members loses their data or cannot participate in the recovery ceremony.

Step 14) Not all Shamir’s Secret Sharing Scheme tools are compatible with one another. Lopp recommends using the ssss unix implementation or BlockStack’s Python implementation. However, those looking for a more user-friendly option can choose Ian Coleman’s github page, which uses a JavaScript library. All of these options can be saved to a USB drive or other media, then run offline on any airgapped laptop.

Step 15) Copy the encrypted file container onto USB drives and place one Shamir’s share on each drive.

Step 16) Type a note to each person to whom you’re giving the USB drives. Include instructions on what to do when you’re no longer around. Explain what you did, including the step by step processes. Consider adding a technical tutorial and a super-basic tutorial – particularly if you’re not confident in the tech skills of your friends. Save this information as an unencrypted plaintext file on each drive. You may want to avoid listing the people and places where you’ve stored the other USB keys. Consider keeping that with your last will and testament – say, with your attorney.

Step 17) Test your instructions to make sure they work as advertised. Ideally, you’ll run one of the executors through the tutorial. Make sure you can reconstitute the decryption passphrase and use it to mount the encrypted file container.

Step 18) Once you’re comfortable with your system, delete and destroy the master decryption passphrase. If you want to give yourself access to the vault in the future without accessing your friends and relatives, then create a new decryption passphrase and store it in a good password manager.

Step 19) Hand out USB drivers (Lopp actually recommends storing these drives in Faraday bags) to the executors of your will

Step 20) Update annually to protect against bit rot, a type of data degradation that will compromise data stored on the USB keys

Conclusion

Ultimately, after much deliberation, this was the best solution created by Jameson Lopp. It’s effectively a dead man’s switch secured by your friends and relatives, with no real points of failure in terms of someone cracking the encryption.

Alternatively, you can just leave a paper wallet tucked into your safe like the rest of us.

All credit for this tutorial goes to Jameson Lopp and his Fifteen Men on a Dead Man’s Switch post on Medium.

[FREE] Get Our Best Crypto Trading, Mining & Investing Hacks:

*Action Required* Enter Your Email To Get Insight For Trending Coin News & Reviews

I will never give away, trade or sell your email address. You can unsubscribe at any time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

5 × 1 =