Part of the CustodyStress archive of observed Bitcoin custody incidents

2019 › Vendor lockout

2019 — Vendor lockout

Exchange and vendor lockout cases from 2019. QuadrigaCX's collapse — where the founder died holding sole custody of approximately $190M CAD in customer funds — dominates the institutional failure cases from this year.

40% of determinate cases from 2019 with this stress condition resulted in a blocked outcome — 21 points below the all-years average of 61% for this stress condition. This year accounts for 7% of all archive cases with this stress condition. The most common recovery path is exchange support.

Archive analysis — 14 cases

Outcomes

40% of determinate cases resulted in blocked access — 29 percentage points below the archive-wide average of 69%. Only 0% resulted in recovered access — one of the lower survival rates in the archive. 60% resulted in constrained recovery.

Recovery path

Exchange Support is the most documented recovery path (6 cases, 43% of subset).

Documentation

79% of cases had present and interpretable documentation — yet still produced a blocked or constrained outcome.

Scale

43% of cases involved large or very large holdings (10+ BTC).

Structural dependency

100% of cases carry a institutional cooperation required dependency tag — the most common structural factor in this subset.

Browse archive Archive statistics Scenarios Dependencies About

4

Blocked

6

Constrained

0

Survived

4

Indeterminate

100% of determinate cases resulted in blocked or constrained access.

14 observed cases

Blocked

4 (29%)

Constrained

6 (43%)

Indeterminate

4 (29%)

Pre-2014 Blockchain.info Wallet: Non-Standard Mnemonic Format Blocks Recovery

Exchange custody

Indeterminate 2019

In May 2019, a Bitcoin holder identified as pizzdaniel posted to BitcoinTalk describing a multi-year custody failure involving wallets created on blockchain.inf

Einstein Exchange Vancouver: $16M CAD Claimed Liabilities, Insolvent Collapse 2019

Exchange custody

Blocked 2019

Einstein Exchange, a Vancouver-based cryptocurrency platform founded by Michael Ongun Gokturk, marketed itself as Canada's fastest-growing digital currency exch

Upbit Exchange Hot Wallet Breach — 342,000 ETH Stolen, November 2019

Exchange custody

Constrained 2019

On November 27, 2019, the South Korean exchange Upbit discovered that 342,000 ETH—valued at approximately $49 million USD at the time—had been transferred from

Bitrue Singapore Exchange Security Breach — $4.2M Theft, Full User Refund

Exchange custody

Constrained 2019

On June 27, 2019, Singapore-based exchange Bitrue discovered a $4.2 million security breach affecting 90 user accounts. An attacker had exploited a weakness in

CoinBene Exchange Hack — $100M+ Stolen, Maintenance Cover-Up, March 2019

Exchange custody

Indeterminate 2019

CoinBene, a cryptocurrency exchange, abruptly went offline in March 2019 citing scheduled maintenance. Within days, blockchain analysts at multiple firms detect

QuadrigaCX Exchange Collapse: $190M Bitcoin Lost After Owner's Death

Exchange custody

Blocked 2019

QuadrigaCX was a Canadian cryptocurrency exchange that collapsed in 2019 following the sudden death of its founder and sole operator. The exchange held approxim

QuadrigaCX Exchange Collapse (April 2019): Mass Custody Loss

Exchange custody

Blocked 2019

QuadrigaCX, founded in 2013 and one of Canada's largest cryptocurrency exchanges, ceased operations on April 15, 2019, with approximately 115,000 users unable t

Bithumb $13M EOS Insider Theft April 2019: Platform Lockout and Third Security Breach

Exchange custody

Constrained 2019

On April 1, 2019, South Korean exchange Bithumb detected abnormal withdrawal patterns in its internal monitoring systems and halted all deposit and withdrawal s

Blockchain.info Hosted Wallet: Valid Backup Defeated by Email Authentication Failure

Exchange custody

Indeterminate 2019

In September 2019, a BitcoinTalk user identified as patparry reported a custody access failure involving a Blockchain.info hosted wallet. The account had remain

QuadrigaCX Exchange Collapse: CEO Death Blocks Access to $190M in Customer Cryptocurrency

Exchange custody

Blocked 2019

QuadrigaCX, founded in 2013 and operating as one of Canada's largest cryptocurrency exchanges, ceased operations in January 2019 following the death of CEO and

Cryptopia Exchange Hack and Liquidation: 960,000 Frozen Accounts, $400M Distributed Over 5 Years

Exchange custody

Constrained 2019

Cryptopia, a Christchurch-based cryptocurrency exchange serving 1.4 million registered users across approximately 900 trading pairs, suffered a critical securit

DragonEx Singapore Exchange Compromised by Lazarus Group — User Funds Stolen March 2019

Exchange custody

Constrained 2019

DragonEx, a Singapore-based cryptocurrency exchange, suffered a critical security breach on March 24, 2019, when attackers gained access to internal systems and

BITPoint Exchange Hack — $23M Customer Cryptocurrency Stolen, July 2019

Exchange custody

Constrained 2019

On July 12, 2019, BITPoint, operated by Tokyo-listed Remixpoint Inc., discovered unauthorised outflows totalling approximately 3.5 billion yen ($32 million USD)

Block.io Dashboard Access Failure: User Unable to Move BTC Despite Holding Private Keys

Exchange custody

Indeterminate 2019

In September 2019, a Bitcoin user holding funds on Block.io encountered a critical access barrier. When attempting to log into the custodial wallet dashboard, t

2015 — Vendor lockout 2014 — Vendor lockout 2013 — Vendor lockout 2017 — Vendor lockout 2018 — Vendor lockout 2022 — Vendor lockout

This archive documents cases where a legitimate owner, heir, or authorized party encountered barriers accessing or recovering Bitcoin due to a failure in the custody arrangement. The central question for inclusion is: did the custody structure fail a legitimate access or recovery attempt?

A case must satisfy all three of the following to be included:

Legitimate access attempt. The person attempting to access or recover the Bitcoin was the owner, a designated heir, an executor, a legal authority, or another party with a legitimate claim — not a thief, attacker, or unauthorized third party.
Custody structure failure. The failure was caused by a property of the custody arrangement — missing credentials, structural dependencies, documentation gaps, knowledge concentration, legal barriers, or institutional constraints — not market conditions, individual-level fraud or theft, or protocol-level issues. Platform-level failures that block legitimate user access are in scope regardless of their cause.
Documentable outcome or access constraint. The case must have a stated or inferable outcome: access blocked, access constrained, access delayed, or access eventually achieved through a recovery path. Cases with entirely unknown outcomes are included only where the structural failure is documented and the constraint is unambiguous.

Owner death or incapacity — Bitcoin held in self-custody that becomes inaccessible to heirs or designated parties because credentials, documentation, or operational knowledge were not transferred
Passphrase loss — BIP39 passphrase forgotten or unavailable, blocking access to a funded wallet even where the seed phrase is present
Seed phrase or wallet backup unavailable — no independent recovery path existed or the backup was destroyed, lost, or never created
Device loss without independent backup — hardware wallet, phone, or computer lost or destroyed with no recovery path outside the device
Documentation absent or ambiguous — heirs or executors cannot determine that Bitcoin exists, which wallet holds it, or how to access it
Knowledge concentration — only one person knew the procedure, passphrase, or access method; that person is dead, incapacitated, or unreachable
Multisig quorum failure — a threshold signature arrangement cannot be completed because signers are unavailable, uncooperative, incapacitated, or have lost their keys
Legal authority / access mismatch — a court order, probate ruling, or power of attorney establishes legal entitlement but provides no technical path to access
Institutional custody barrier — exchange or platform hacks, insolvency, regulatory seizure, or operational failure that caused a access constraint or failure for legitimate users, whether temporary, prolonged, or permanent. The failure of the custodian to remain available or solvent is itself the in-scope event.
Forced relocation or geographic constraint — physical access to a device or location required for recovery is blocked by displacement, border restrictions, or political circumstances
Coercion — the holder was compelled under threat to transfer Bitcoin or disclose credentials during an access event
Hidden asset discovery — heirs or executors locate a wallet or account but cannot access it due to missing credentials or operational knowledge

Market losses, investment losses, yield scheme losses, or Ponzi scheme losses
Hacks or theft targeting an individual's personal security (phishing, SIM swap, social engineering, malware) where the custody architecture itself did not fail
Unauthorized transfers where the holder's custody system was not the cause of the failure
Ordinary transaction mistakes — wrong-address sends, fee errors, mistaken amounts
Protocol-level failures — cryptographic vulnerabilities, consensus bugs, firmware integrity failures
Deliberate burns or tribute burns
Cases where the stated loss is unverifiable and no structural custody failure is described

Cases are drawn from public sources including forum posts, news reporting, court documents, academic research, and direct submissions. Each case is reviewed against the inclusion criteria above before publication. Source material is retained and available on request for documented cases.

The archive is observational and descriptive. It does not attempt to document all Bitcoin custody failures — only those meeting the criteria above with sufficient documentation to describe the structural failure and its outcome.