Part of the CustodyStress archive of observed Bitcoin custody incidents
CS-00675
The attacker could not unilaterally spend but could block key rotation, leaving
ConstrainedCase description
An October 2019 forum case describes a Bitcoin DAO whose treasury multisig used smart contract-based key recovery. A Solidity vulnerability in the recovery contract was exploited, allowing an attacker to gain control of one key position. The attacker could not unilaterally spend (quorum was 3-of-5) but could block key rotation, leaving the DAO's treasury in a permanently constrained state.
Custody context
| Stress condition | Multisig quorum failure |
| Custody system | Mobile or software wallet |
| Outcome | Constrained |
| Documentation | Unknown |
| Year observed | 2019 |
| Country | Unknown |
Structural dependencies observed
What this illustrates
Access ran through a third-party platform. When that platform became unavailable, so did the Bitcoin. Whether full access was ultimately possible is unclear, but significant delay or outside intervention was involved.
Outcome interpretation
Access remained possible, but only with delay, dependence, or significant difficulty.
Source
Publicly Reported
Evidence type
Forum post
Evidence link
Related cases involving multisig quorum failure
77 cases involve multisig quorum failure
572 cases involve mobile or software wallet
View archive statistics →
This archive documents observed custody survivability failures. It does not attempt to document all Bitcoin losses or security incidents.
Submit a case
← All cases
Framework references
Where Bitcoin Custody Intersects Legal and Fiduciary Authority
Where custody creates gaps in estate planning, fiduciary duty, and professional responsibility.
Professional Scope Boundary Matrix
What each professional or product covers, what they do not, and where gaps form between them.
The Independent Assessment Layer in Bitcoin Custody
How independent diagnostic layers emerge when multiple parties depend on shared infrastructure.
Translate