Stefan Thomas is a smart guy. He's a cryptocurrency expert, and served as the chief technology officer at Ripple (XRP -1.04%) for five years. He was getting paid in crypto when you and I had never heard of crypto.
One time, he did some work where he was paid in Bitcoin (BTC -0.78%). Specifically, Thomas was paid 7,002 bitcoins. At the time, a single bitcoin was worth a few dollars. Thomas put all his bitcoins in a digital wallet. And then he lost the password.
image source: Getty Images
Thomas kept his password in three different places. The first two are completely lost. His last hope is an IronKey, an encrypted flash drive. Nobody can break into an IronKey. Even the company that makes the IronKey, Kingston Technology, can't break into an IronKey. That's the way it's designed. It's military-grade hardware, impervious to all attacks. You're only allowed 10 attempts to guess the password of an IronKey. After that, the encryption key is automatically erased and the information is lost forever.
Fast forward a decade. The value of Bitcoin has skyrocketed, from a few dollars to $38,000. And Thomas still owns his 7,002 bitcoins. At that price, his coins are worth around $265 million. The password to all that money is on the IronKey flash drive. The problem is that he can't remember what password he used for that drive.
You can get an IronKey flash drive for $128 on Amazon. And that little sucker is rugged. Thomas has made eight attempts to unlock the device. He's 0-for-8. Two more wrong attempts, and the IronKey wipes all the information on it. If that happens, the password to Thomas' digital wallet (and his money) are lost forever.
With $280 million at stake, it's possible that one day some brilliant hacker might be able to outwit that little device. So far, that $128 jump drive is holding strong.
He's not the only one
Back in 2013, the BBC reported that James Howells had thrown out a hard drive that he hadn't used in three years. All his information was on newer computers, so he tossed it in the trash can. Unfortunately the password to his virtual wallet was on that hard drive, and only that hard drive.
A couple of months after he realized what he had done, Howells ran to the landfill to try to recover his hard drive. He was hopeful that it had been sorted out into a technology pile and maybe he could find it. Unfortunately his computer was "compressed" and "buried" along with the rest of the trash.
He had the password to 7,500 bitcoins on that device, bought in 2010, when bitcoin was very cheap. Forget about trying to find sunken treasure. You might want to go digging in a landfill in Wales. The value of the drive if you can find it? $300 million.
How much Bitcoin is lost money?
20% of the Bitcoin supply hasn't moved in five years or more, according to cryptocurrency analysis company Chainalysis. The company refers to this horde of bitcoins -- 3.7 million coins, worth $148 billion -- as "lost."
While that's a shocking number, consider that a substantial amount of dollars are lost all the time. Several years ago, CNN reported that states, federal agencies, and private organizations are holding $58 billion in unclaimed cash and benefits.
So it stands to reason that a lot of Bitcoin assets acquired on the cheap many years ago might be abandoned, lost, or forgotten today. Indeed, as an internet currency that requires password protection, Bitcoin is far more complicated than holding cash in your wallet. Most of us would be stressed out at the idea of holding millions of dollars in our house, or on our person. And while cryptocurrency assets are held on the internet, your password access is held by you.
Protecting your cryptocurrency
One way the cryptocurrency industry has responded to this fear is by offering custodian services, like a bank. An institution wanting to trade Bitcoin, or some other form of cryptocurrency, might engage with a brokerage like Coinbase (COIN 4.68%) or Gemini to hold the coins. These 3rd party custodians provide solutions like "hot" wallets (online computers) or "cold" storage (offline computers). Here's how Gemini describes the process.
Online solutions are capable of greater speed and liquidity, as the use of a network connection enables automated access to the system. Being networked, however, means that they are more vulnerable to attacks delivered through the network, resulting in the creation of unauthorized transfers or the potential compromising of the signing keys. Possession of a signing key is the only requirement to move funds.
Offline solutions are generally slower to execute on customer instructions because their key-storage systems can only be accessed at their physical locations. However, this solution design significantly lowers the risk of unauthorized transfers...
The nice thing about 3rd party custody solutions is that it's not the end of the world if you forgot your password. Coinbase has a whole page for people who need a new password. So if you want to buy cryptocurrency, and you're bad with passwords, I would definitely suggest that you allow your broker to hold the cryptocurrency for you.
Cryptocurrency assets are not guaranteed by the government, of course, and so you might be out of luck if a brokerage is hacked or robbed. Part of the allure of cryptocurrency is that it is a lot safer than cash or credit card transactions. It's encrypted, which makes it a lot harder to hack. But it's not impossible.
When I think of a "bank," I think of money sitting in vaults. And "bank robbers" are masked men wearing guns. But theft -- like the rest of our society -- is moving online. It's estimated that cybercrime will do $6 trillion worth of damage in 2021. It may be that cryptocurrency -- and the blockchain -- will reduce that number.
Cryptocurrency has been concerned with security from the very beginning. After all, that's why Thomas and Howells lost access to their cryptocurrency. The security protocols kept them out. So it may be that one day cryptocurrency -- that currency maligned as dangerous -- will be a safer online currency than the dollar, the euro, or the yen.
