CustodyStress
Archive › Browse by dependency and custody › Institutional Cooperation Required — Exchange custody
Part of the CustodyStress archive of observed Bitcoin custody incidents
Institutional Cooperation RequiredExchange custody

Institutional Cooperation Required — Exchange custody

Cases where recovering exchange-held Bitcoin required active institutional cooperation that was unavailable, delayed, or denied. Represents the core structural failure of exchange custody under stress.

72% of all Exchange custody cases in the archive involve this structural dependency. The blocked rate among them is 59% — 10 points below the archive-wide blocked rate of 69%. The most common recovery path is exchange support.

Browse archive Archive statistics Scenarios Dependencies About
91
Blocked
55
Constrained
8
Survived
36
Indeterminate

95% of determinate cases resulted in blocked or constrained access.

190 observed cases
Blocked
91 (48%)
Constrained
55 (29%)
Survived
8 (4%)
Indeterminate
36 (19%)
DragonEx Singapore Exchange Compromised by Lazarus Group — User Funds Stolen March 2019
Exchange custody
Constrained 2019
DragonEx, a Singapore-based cryptocurrency exchange, suffered a critical security breach on March 24, 2019, when attackers gained access to internal systems and
BITPoint Exchange Hack — $23M Customer Cryptocurrency Stolen, July 2019
Exchange custody
Constrained 2019
On July 12, 2019, BITPoint, operated by Tokyo-listed Remixpoint Inc., discovered unauthorised outflows totalling approximately 3.5 billion yen ($32 million USD)
Block.io Dashboard Access Failure: User Unable to Move BTC Despite Holding Private Keys
Exchange custody
Indeterminate 2019
In September 2019, a Bitcoin user holding funds on Block.io encountered a critical access barrier. When attempting to log into the custodial wallet dashboard, t
MapleChange Exchange Collapse: $5M Missing, Hack Unverified, No Recovery
Exchange custody
Blocked 2018
MapleChange, a Canadian cryptocurrency exchange, announced on October 28, 2018, that it had suffered a security breach resulting in the loss of approximately $5
BitGrail Exchange Collapse: 17 Million NANO Stolen, 230,000 Users Frozen
Exchange custody
Blocked 2018
BitGrail, an Italian cryptocurrency exchange, announced on February 8, 2018 that approximately 17 million NANO tokens—valued at roughly $170 million at the time
Bitfinex Fiat Withdrawal Freeze: Crypto Capital Processing Delays October–November 2018
Exchange custody
Constrained 2018
Bitfinex paused fiat deposits in October 2018 and announced implementation of a new deposit system. The exchange had been routing USD withdrawals through Crypto
Blockchain.info Wallet Access Lost After Signup—Recovery Phrase Known
Exchange custody
Indeterminate 2018
On March 16, 2018, a user with the handle ilovegambling created a new Blockchain.info wallet to receive Bitcoin from an online betting platform. The user record
QuadrigaCX Exchange Collapse: C$100,000 Withdrawal Never Processed
Exchange custody
Blocked 2018
Eric Z., a QuadrigaCX customer, deposited C$5,000 into the Canadian cryptocurrency exchange around 2014 and grew his position to approximately C$125,000 through
Xitong Zou: QuadrigaCX Creditor During Exchange Collapse and Fraud
Exchange custody
Blocked 2018
Xitong Zou was a customer of QuadrigaCX, a Canadian cryptocurrency exchange that collapsed in late 2018. Like thousands of other users, Zou had cryptocurrency h
Cointed GmbH Exchange Collapse: Austria, 2018 — Customer Funds Disappeared
Exchange custody
Blocked 2018
Cointed GmbH, founded in 2016 in Kufstein, Austria, operated as a regional cryptocurrency powerhouse: a custodial exchange, mining operation, and operator of on
Coincheck Exchange Hack: 523 Million NEM Stolen, User Withdrawals Frozen
Exchange custody
Constrained 2018
On January 26, 2018, Coincheck, a Tokyo-based cryptocurrency exchange, discovered that attackers had stolen approximately 523 million NEM tokens valued at $530
Coinrail Exchange Hack — $40 Million Altcoin Loss, Partial Recovery
Exchange custody
Constrained 2018
On June 10, 2018, Coinrail, a South Korean cryptocurrency exchange, publicly confirmed a security breach affecting its hot wallet infrastructure. Attackers gain
Mt. Gox Account Access Permanently Blocked Following Owner Death and Credential Reset
Exchange custody
Blocked 2018
Mt. Gox ceased operations in February 2014 following the loss of approximately 850,000 Bitcoin. Users with dormant accounts on the platform faced an immediate c
MapleChange Exit Scam: 919 Bitcoin Lost, CEO Identified as Glad Poenaru
Exchange custody
Blocked 2018
MapleChange, a small Canadian cryptocurrency exchange, announced on October 28, 2018 that it had suffered a catastrophic hack. According to the exchange's Twitt
Bithumb $31 Million Hack — June 2018 Withdrawal Suspension
Exchange custody
Constrained 2018
Bithumb, one of South Korea's dominant cryptocurrency exchanges handling billions in daily trading volume, discovered a security breach on June 19, 2018. Intern
Elvis Cavalic and QuadrigaCX: C$15,000 Withdrawal Lost to Exchange Collapse
Exchange custody
Blocked 2018
Elvis Cavalic of Calgary, Alberta was an active QuadrigaCX customer who had accumulated cryptocurrency holdings through trading on the platform. In October 2018
Zaif Exchange Hack: 5,966 BTC Stolen, User Funds Frozen (September 2018)
Exchange custody
Constrained 2018
On September 14, 2018, the Zaif cryptocurrency exchange operated by Tech Bureau Corp suffered a significant hot wallet breach. Attackers gained unauthorized acc
Xapo Mobile 2FA Lockout: User Without Smartphone Denied Account Access
Exchange custody
Blocked 2017
In August 2017, Xapo transitioned its hosted wallet platform to mandatory two-factor authentication via mobile application. A user (songdove) without a smartpho
Yapizon Exchange Hack (April 2017): 3,831 BTC Stolen, Socialised Loss Model Applied to All Users
Exchange custody
Blocked 2017
On April 22, 2017, Yapizon, a South Korean cryptocurrency exchange, suffered a security breach resulting in the theft of 3,831 BTC—approximately 37% of the exch
Youbit Exchange Bankruptcy: Second Hack Triggers 75% Fund Recovery Limit
Exchange custody
Constrained 2017
Youbit, operated by South Korean firm Yapian, experienced two significant security breaches during 2017. The first attack in April 2017 compromised approximatel
Kraken Account 2FA Lockout: Support Vanished After ID Verification
Exchange custody
Indeterminate 2017
In September 2017, a Kraken user (z1926) enabled two-factor authentication on their exchange account but encountered a system malfunction during the process. Th
Blockchain.info Legacy Wallet Lockout: 17-Word Phrase Incompatible With Recovery Tool
Exchange custody
Indeterminate 2017
Between November and December 2017, multiple Blockchain.info users discovered they could not access legacy wallets created years earlier, despite possessing com
Blockchain.info Wallet Access Blocked by Lost Wallet ID Despite Valid Recovery Phrase
Exchange custody
Indeterminate 2017
In December 2017, a Bitcoin holder discovered that custody of funds deposited in a Blockchain.info wallet created in early 2013 had become inaccessible despite
Blockchain.info Legacy Wallet Access Failure: 17-Word Recovery Phrase Incompatibility
Exchange custody
Blocked 2017
Beginning in late November 2017, multiple users including Ople, nwankwotech, and Boldos reported simultaneous access failures to Blockchain.info wallets created
Blockchain.info Hosted Wallet Recovery Attempt: Partial Password, No Seed Backup
Exchange custody
Indeterminate 2017
In October 2017, a BitcoinTalk user identified as Parodium reported being locked out of a blockchain.info wallet created years earlier. The user retained email
← Previous
123458
Next →
Browse by dependency and custody
Device-Dependent Access — Software wallet Undocumented Recovery Procedure — Software wallet Single-Person Knowledge — Software wallet Passphrase Dependency — Software wallet Shared Service Dependency — Exchange custody Single-Person Knowledge — Exchange custody Undocumented Recovery Procedure — Exchange custody Passphrase Dependency — Exchange custody Device-Dependent Access — Exchange custody Single-Person Knowledge — Hardware wallet (single key) Device-Dependent Access — Hardware wallet (single key) Legal Authority Required — Exchange custody Undocumented Recovery Procedure — Hardware wallet (single key) Passphrase Dependency — Hardware wallet (single key) Passphrase Dependency — Hardware wallet with passphrase Device-Dependent Access — Hardware wallet with passphrase Time-Sensitive Sequencing — Exchange custody Time-Sensitive Sequencing — Software wallet Recovery Materials Colocated — Software wallet Single-Person Knowledge — Hardware wallet with passphrase Undocumented Recovery Procedure — Hardware wallet with passphrase All cases
Related pages
Shared Service Dependency — Exchange custody Single-Person Knowledge — Exchange custody Undocumented Recovery Procedure — Exchange custody Passphrase Dependency — Exchange custody Device-Dependent Access — Exchange custody Legal Authority Required — Exchange custody Time-Sensitive Sequencing — Exchange custody
Terms guide
Outcome terms
Survived
Access remained possible under the reported conditions.
Constrained
Access remained possible, but only with delay, dependence, or significant difficulty.
Blocked
Access was not possible under the reported conditions.
Indeterminate
There was not enough information to determine the outcome.
Assessment terms
Survivability
The degree to which a custody system maintains the possibility of authorized recovery under stress.
Archive inclusion criteria

This archive documents cases where a legitimate owner, heir, or authorized party encountered barriers accessing or recovering Bitcoin due to a failure in the custody arrangement. The central question for inclusion is: did the custody structure fail a legitimate access or recovery attempt?

Inclusion requirements

A case must satisfy all three of the following to be included:

  1. Legitimate access attempt. The person attempting to access or recover the Bitcoin was the owner, a designated heir, an executor, a legal authority, or another party with a legitimate claim — not a thief, attacker, or unauthorized third party.
  2. Custody structure failure. The failure was caused by a property of the custody arrangement — missing credentials, structural dependencies, documentation gaps, knowledge concentration, legal barriers, or institutional constraints — not market conditions, individual-level fraud or theft, or protocol-level issues. Platform-level failures that block legitimate user access are in scope regardless of their cause.
  3. Documentable outcome or access constraint. The case must have a stated or inferable outcome: access blocked, access constrained, access delayed, or access eventually achieved through a recovery path. Cases with entirely unknown outcomes are included only where the structural failure is documented and the constraint is unambiguous.
In scope
  • Owner death or incapacity — Bitcoin held in self-custody that becomes inaccessible to heirs or designated parties because credentials, documentation, or operational knowledge were not transferred
  • Passphrase loss — BIP39 passphrase forgotten or unavailable, blocking access to a funded wallet even where the seed phrase is present
  • Seed phrase or wallet backup unavailable — no independent recovery path existed or the backup was destroyed, lost, or never created
  • Device loss without independent backup — hardware wallet, phone, or computer lost or destroyed with no recovery path outside the device
  • Documentation absent or ambiguous — heirs or executors cannot determine that Bitcoin exists, which wallet holds it, or how to access it
  • Knowledge concentration — only one person knew the procedure, passphrase, or access method; that person is dead, incapacitated, or unreachable
  • Multisig quorum failure — a threshold signature arrangement cannot be completed because signers are unavailable, uncooperative, incapacitated, or have lost their keys
  • Legal authority / access mismatch — a court order, probate ruling, or power of attorney establishes legal entitlement but provides no technical path to access
  • Institutional custody barrier — exchange or platform hacks, insolvency, regulatory seizure, or operational failure that caused a access constraint or failure for legitimate users, whether temporary, prolonged, or permanent. The failure of the custodian to remain available or solvent is itself the in-scope event.
  • Forced relocation or geographic constraint — physical access to a device or location required for recovery is blocked by displacement, border restrictions, or political circumstances
  • Coercion — the holder was compelled under threat to transfer Bitcoin or disclose credentials during an access event
  • Hidden asset discovery — heirs or executors locate a wallet or account but cannot access it due to missing credentials or operational knowledge
Out of scope
  • Market losses, investment losses, yield scheme losses, or Ponzi scheme losses
  • Hacks or theft targeting an individual's personal security (phishing, SIM swap, social engineering, malware) where the custody architecture itself did not fail
  • Unauthorized transfers where the holder's custody system was not the cause of the failure
  • Ordinary transaction mistakes — wrong-address sends, fee errors, mistaken amounts
  • Protocol-level failures — cryptographic vulnerabilities, consensus bugs, firmware integrity failures
  • Deliberate burns or tribute burns
  • Cases where the stated loss is unverifiable and no structural custody failure is described
Source and verification

Cases are drawn from public sources including forum posts, news reporting, court documents, academic research, and direct submissions. Each case is reviewed against the inclusion criteria above before publication. Source material is retained and available on request for documented cases.

The archive is observational and descriptive. It does not attempt to document all Bitcoin custody failures — only those meeting the criteria above with sufficient documentation to describe the structural failure and its outcome.