Archive Methodology

The Bitcoin Custody Incident Archive documents observed cases in which access or recovery by a legitimate owner, heir, or authorized party became constrained, delayed, or blocked. This page describes how cases are selected, how outcomes are classified, and what the archive does and does not represent.

The archive documents custody survivability failures — situations where someone with legitimate authority to access Bitcoin encountered a structural barrier to doing so. It does not attempt to document all Bitcoin losses, thefts, hacks, or scams. A case enters the archive when the documented issue is failure of access or recovery by a legitimate party, not failure of security against an unauthorized party.

The archive currently contains 895 published cases. 389 cases (43%) have indeterminate outcomes — the custody failure is documented but whether access was eventually restored is unknown from available sources.

Cases are included when they meet the following structural criteria: a legitimate owner, heir, executor, or authorized party encountered a barrier to accessing Bitcoin they were entitled to access; the barrier is attributable to a custody structure failure rather than a security breach against an unauthorized actor; and sufficient public documentation exists to classify the stress condition, custody type, and outcome with reasonable confidence.

Cases are excluded when the documented issue is theft, fraud against the holder, exchange hack where the holder is the victim of unauthorized access, or market losses. Coercion cases are included because the access failure is structural — the holder is a legitimate party whose access is being forced — even though the mechanism involves an attacker.

Blocked — No path to authorized access was found or succeeded under the documented conditions. 348 cases (69% of determinate cases) in the current archive have a blocked outcome. Blocked does not mean recovery is impossible under all circumstances — it means no recovery was documented.

Constrained — Access was eventually possible, but required significant effort, outside assistance, legal proceedings, or time not built into the original setup. 69 cases have a constrained outcome.

Survived — Access was recovered without structural barriers preventing it, or was never lost despite the stress event. 89 cases have a survived outcome.

Indeterminate — The custody failure is documented but the final outcome is not known from available sources. 389 cases have an indeterminate outcome.

Cases are drawn from public reports, court filings, professional observations, and sourced user submissions. Each case is reviewed for structural relevance before inclusion. Source type is classified per case: news article, court filing, forum post, professional case, user submission, or academic paper.

The archive makes no claim to be exhaustive. It documents cases where sufficient public information exists to meet inclusion criteria. The absence of a case from the archive does not imply it did not occur. Statistics derived from the archive describe observed distributions within documented cases — they are not estimates of population-level Bitcoin custody failure rates.

Each case is classified by its primary stress condition — the structural factor that caused or enabled the access failure. The classification reflects the custody failure mechanism, not the proximate cause. A passphrase that was forgotten is classified as passphrase-unavailable; a passphrase that was never recorded is also classified as passphrase-unavailable but with trigger category passphrase-never-recorded.