Part of the CustodyStress archive of observed Bitcoin custody incidents

Institutional Failure — Exchange Era (2014–2019)

Institutional failure cases from the Exchange Era (2014–2019). Mt. Gox, QuadrigaCX, and the era's exchange failures define this category.

37 cases in this intersection. 50% of determinate cases resulted in a blocked outcome. The most common recovery path is exchange support.

Archive analysis — 37 cases

Outcomes

50% of determinate cases resulted in blocked access — 19 percentage points below the archive-wide average of 69%. Only 0% resulted in recovered access — one of the lower survival rates in the archive. 50% resulted in constrained recovery.

Recovery path

Exchange Support is the most documented recovery path (15 cases, 41% of subset). Of those with a determinate outcome, 93% resulted in recovered or constrained access.

Documentation

95% of cases had present and interpretable documentation — yet still produced a blocked or constrained outcome.

Scale

32% of cases involved large or very large holdings (10+ BTC).

Structural dependency

100% of cases carry a institutional cooperation required dependency tag — the most common structural factor in this subset.

Browse archive Archive statistics Scenarios Dependencies About

16

Blocked

16

Constrained

0

Survived

5

Indeterminate

100% of determinate cases resulted in blocked or constrained access.

37 observed cases

Blocked

16 (43%)

Constrained

16 (43%)

Indeterminate

5 (14%)

Pre-2014 Blockchain.info Wallet: Non-Standard Mnemonic Format Blocks Recovery

Exchange custody

Indeterminate 2019

In May 2019, a Bitcoin holder identified as pizzdaniel posted to BitcoinTalk describing a multi-year custody failure involving wallets created on blockchain.inf

Upbit Exchange Hot Wallet Breach — 342,000 ETH Stolen, November 2019

Exchange custody

Constrained 2019

On November 27, 2019, the South Korean exchange Upbit discovered that 342,000 ETH—valued at approximately $49 million USD at the time—had been transferred from

Bitrue Singapore Exchange Security Breach — $4.2M Theft, Full User Refund

Exchange custody

Constrained 2019

On June 27, 2019, Singapore-based exchange Bitrue discovered a $4.2 million security breach affecting 90 user accounts. An attacker had exploited a weakness in

CoinBene Exchange Hack — $100M+ Stolen, Maintenance Cover-Up, March 2019

Exchange custody

Indeterminate 2019

CoinBene, a cryptocurrency exchange, abruptly went offline in March 2019 citing scheduled maintenance. Within days, blockchain analysts at multiple firms detect

Bithumb $13M EOS Insider Theft April 2019: Platform Lockout and Third Security Breach

Exchange custody

Constrained 2019

On April 1, 2019, South Korean exchange Bithumb detected abnormal withdrawal patterns in its internal monitoring systems and halted all deposit and withdrawal s

DragonEx Singapore Exchange Compromised by Lazarus Group — User Funds Stolen March 2019

Exchange custody

Constrained 2019

DragonEx, a Singapore-based cryptocurrency exchange, suffered a critical security breach on March 24, 2019, when attackers gained access to internal systems and

BITPoint Exchange Hack — $23M Customer Cryptocurrency Stolen, July 2019

Exchange custody

Constrained 2019

On July 12, 2019, BITPoint, operated by Tokyo-listed Remixpoint Inc., discovered unauthorised outflows totalling approximately 3.5 billion yen ($32 million USD)

MapleChange Exchange Collapse: $5M Missing, Hack Unverified, No Recovery

Exchange custody

Blocked 2018

MapleChange, a Canadian cryptocurrency exchange, announced on October 28, 2018, that it had suffered a security breach resulting in the loss of approximately $5

BitGrail Exchange Collapse: 17 Million NANO Stolen, 230,000 Users Frozen

Exchange custody

Blocked 2018

BitGrail, an Italian cryptocurrency exchange, announced on February 8, 2018 that approximately 17 million NANO tokens—valued at roughly $170 million at the time

Coincheck Exchange Hack: 523 Million NEM Stolen, User Withdrawals Frozen

Exchange custody

Constrained 2018

On January 26, 2018, Coincheck, a Tokyo-based cryptocurrency exchange, discovered that attackers had stolen approximately 523 million NEM tokens valued at $530

Coinrail Exchange Hack — $40 Million Altcoin Loss, Partial Recovery

Exchange custody

Constrained 2018

On June 10, 2018, Coinrail, a South Korean cryptocurrency exchange, publicly confirmed a security breach affecting its hot wallet infrastructure. Attackers gain

Bithumb $31 Million Hack — June 2018 Withdrawal Suspension

Exchange custody

Constrained 2018

Bithumb, one of South Korea's dominant cryptocurrency exchanges handling billions in daily trading volume, discovered a security breach on June 19, 2018. Intern

Zaif Exchange Hack: 5,966 BTC Stolen, User Funds Frozen (September 2018)

Exchange custody

Constrained 2018

On September 14, 2018, the Zaif cryptocurrency exchange operated by Tech Bureau Corp suffered a significant hot wallet breach. Attackers gained unauthorized acc

Yapizon Exchange Hack (April 2017): 3,831 BTC Stolen, Socialised Loss Model Applied to All Users

Exchange custody

Blocked 2017

On April 22, 2017, Yapizon, a South Korean cryptocurrency exchange, suffered a security breach resulting in the theft of 3,831 BTC—approximately 37% of the exch

Blockchain.info Legacy Wallet Lockout: 17-Word Phrase Incompatible With Recovery Tool

Exchange custody

Indeterminate 2017

Between November and December 2017, multiple Blockchain.info users discovered they could not access legacy wallets created years earlier, despite possessing com

Cryptsy Exchange: 13,000 BTC Theft Concealed, Ponzi Operations, Founder Flight (2014–2016)

Exchange custody

Constrained 2016

Cryptsy, a Florida-based cryptocurrency exchange operated by Paul Vernon (online alias 'Big Vern'), suffered a critical security breach in July 2014 when attack

Cointrader Exchange Discovers Bitcoin Shortfall, Suspends Operations Indefinitely (March 2016)

Exchange custody

Blocked 2016

Cointrader operated as a Canadian cryptocurrency exchange with modest activity through early 2016, processing approximately 81 BTC in daily trading volume durin

Bitcurex Exchange Collapse: 2,300 BTC Lost, No Customer Database Backups

Exchange custody

Blocked 2016

Bitcurex launched in 2012 as Poland's first and largest Bitcoin exchange, processing over $50 million in BTC transactions during its final six months. The platf

Gatecoin Exchange: 250 BTC and 185,000 ETH Drained via Cold Storage Routing Compromise

Exchange custody

Blocked 2016

Gatecoin Limited operated as a Hong Kong-based cryptocurrency exchange from 2013, gaining credibility through backing by the Hong Kong Science and Technology Pa

796 Exchange — 1,000 BTC Stolen via Withdrawal Address Redirect (January 2015)

Exchange custody

Blocked 2015

796 was a Chinese cryptocurrency exchange offering spot and futures trading. In late January 2015, the platform discovered a security breach in which an attacke

Vircurex Withdrawal Freeze: Timothy Shaw's 12.85 BTC Locked Since 2014

Exchange custody

Blocked 2015

Timothy Shaw, a Colorado resident, executed a trade on Vircurex on March 24, 2014, converting his entire dogecoin balance into 12.85 BTC. That same morning, Vir

Vault of Satoshi Exchange Closure: Institutional Custody Dependency and Forced Withdrawal Deadline

Exchange custody

Constrained 2015

Vault of Satoshi, a Canadian cryptocurrency exchange launched in October 2013, announced permanent closure effective February 5, 2015. The platform had differen

Digital CC v. igot Exchange: $180,000 Bitcoin Claim, Australian Court Action

Exchange custody

Indeterminate 2015

Digital CC, an Australian digital currency company, accumulated approximately $180,000 in Bitcoin holdings or claims held on the igot exchange. Beginning in 201

MintPal/Moolah Exchange Collapse: 3,700 BTC Inaccessible After Ryan Kennedy's Exit Scam

Exchange custody

Blocked 2015

MintPal was a prominent altcoin exchange serving tens of thousands of users in 2014. Following a July 2014 hack that cost approximately $2 million in VeriCoin,

Institutional lockout — exchange custody, Australia (2015)

Exchange custody

Constrained 2015

igot, an Australian Bitcoin exchange operated by Remi Fabre under the digital.cc domain, entered a state of operational dysfunction beginning in August 2015. Us

← Previous

1 2

Browse by trigger and era

Physical Coercion — Coercion Era (2023–present) Seed Never Recorded — Coercion Era (2023–present) Seed Never Recorded — Maturation Period (2020–2022) Physical Coercion — Maturation Period (2020–2022) Institutional Failure — Maturation Period (2020–2022) Seed Never Recorded — Exchange Era (2014–2019) Device Loss Without Backup — Exchange Era (2014–2019) Forgotten Passphrase — Exchange Era (2014–2019) File Deleted — No Backup — Exchange Era (2014–2019) Device Discarded — Exchange Era (2014–2019) Passphrase Never Recorded — Exchange Era (2014–2019) Forgotten Passphrase — Early Bitcoin (2009–2013) Device Discarded — Early Bitcoin (2009–2013) Institutional Failure — Early Bitcoin (2009–2013) File Deleted — No Backup — Early Bitcoin (2009–2013) All cases

This archive documents cases where a legitimate owner, heir, or authorized party encountered barriers accessing or recovering Bitcoin due to a failure in the custody arrangement. The central question for inclusion is: did the custody structure fail a legitimate access or recovery attempt?

A case must satisfy all three of the following to be included:

Legitimate access attempt. The person attempting to access or recover the Bitcoin was the owner, a designated heir, an executor, a legal authority, or another party with a legitimate claim — not a thief, attacker, or unauthorized third party.
Custody structure failure. The failure was caused by a property of the custody arrangement — missing credentials, structural dependencies, documentation gaps, knowledge concentration, legal barriers, or institutional constraints — not market conditions, individual-level fraud or theft, or protocol-level issues. Platform-level failures that block legitimate user access are in scope regardless of their cause.
Documentable outcome or access constraint. The case must have a stated or inferable outcome: access blocked, access constrained, access delayed, or access eventually achieved through a recovery path. Cases with entirely unknown outcomes are included only where the structural failure is documented and the constraint is unambiguous.

Owner death or incapacity — Bitcoin held in self-custody that becomes inaccessible to heirs or designated parties because credentials, documentation, or operational knowledge were not transferred
Passphrase loss — BIP39 passphrase forgotten or unavailable, blocking access to a funded wallet even where the seed phrase is present
Seed phrase or wallet backup unavailable — no independent recovery path existed or the backup was destroyed, lost, or never created
Device loss without independent backup — hardware wallet, phone, or computer lost or destroyed with no recovery path outside the device
Documentation absent or ambiguous — heirs or executors cannot determine that Bitcoin exists, which wallet holds it, or how to access it
Knowledge concentration — only one person knew the procedure, passphrase, or access method; that person is dead, incapacitated, or unreachable
Multisig quorum failure — a threshold signature arrangement cannot be completed because signers are unavailable, uncooperative, incapacitated, or have lost their keys
Legal authority / access mismatch — a court order, probate ruling, or power of attorney establishes legal entitlement but provides no technical path to access
Institutional custody barrier — exchange or platform hacks, insolvency, regulatory seizure, or operational failure that caused a access constraint or failure for legitimate users, whether temporary, prolonged, or permanent. The failure of the custodian to remain available or solvent is itself the in-scope event.
Forced relocation or geographic constraint — physical access to a device or location required for recovery is blocked by displacement, border restrictions, or political circumstances
Coercion — the holder was compelled under threat to transfer Bitcoin or disclose credentials during an access event
Hidden asset discovery — heirs or executors locate a wallet or account but cannot access it due to missing credentials or operational knowledge

Market losses, investment losses, yield scheme losses, or Ponzi scheme losses
Hacks or theft targeting an individual's personal security (phishing, SIM swap, social engineering, malware) where the custody architecture itself did not fail
Unauthorized transfers where the holder's custody system was not the cause of the failure
Ordinary transaction mistakes — wrong-address sends, fee errors, mistaken amounts
Protocol-level failures — cryptographic vulnerabilities, consensus bugs, firmware integrity failures
Deliberate burns or tribute burns
Cases where the stated loss is unverifiable and no structural custody failure is described

Cases are drawn from public sources including forum posts, news reporting, court documents, academic research, and direct submissions. Each case is reviewed against the inclusion criteria above before publication. Source material is retained and available on request for documented cases.

The archive is observational and descriptive. It does not attempt to document all Bitcoin custody failures — only those meeting the criteria above with sufficient documentation to describe the structural failure and its outcome.