Bitcoin Custody Overlooked Risks

Commonly Overlooked Risks in Self-Custody

This memo is published by CustodyStress, an independent Bitcoin custody stress test that produces reference documents for individuals, families, and professionals.

Trusted Party Degradation

Standard custody guidance addresses common risks. Theft, lost keys, and exchange failures receive extensive coverage. But some risks receive far less attention despite affecting real-world outcomes. Bitcoin custody overlooked risks occupy the space between what guides typically discuss and what actually goes wrong. Holders who have addressed common concerns may remain exposed to threats they have never heard discussed.

Overlooked does not mean rare. Some neglected risks occur frequently but attract less discussion than dramatic scenarios. Others are rare but catastrophic when they occur. The common thread is that standard guidance underemphasizes these categories relative to their potential impact.

---

Trusted Party Degradation

Custody arrangements often depend on people—family members, advisors, or service providers. Guides address choosing these parties but rarely discuss how relationships and capabilities change over time. Trusted parties degrade as people age, move, become estranged, or develop problems that affect their reliability.

The family member holding a backup key today may be incapacitated, deceased, or estranged in ten years. Custody designed around current relationships assumes those relationships persist unchanged. When they change, the custody arrangement may no longer work as intended.

Advisors retire, die, or change firms. The attorney who understands the holder's bitcoin arrangements may not be available when needed. Their successor may know nothing about cryptocurrency. Professional relationships that seemed stable prove temporary.

Service providers can disappear, change their offerings, or become hostile. A company holding part of a multisig arrangement may go out of business, get acquired, or change its terms. Dependency on external parties introduces risks that outlast any single decision point.

---

Cognitive Decline and Memory Loss

Holders age. Memory fades. Cognitive abilities decline. Custody systems designed by a sharp mind may become inoperable by that same mind years later. This slow degradation receives less attention than sudden incapacity, yet it affects many holders gradually.

Passwords and passphrases rely on memory. The holder who remembers everything clearly today may struggle to recall details in fifteen years. What seemed unforgettable becomes inaccessible as cognitive function changes with age.

Understanding degrades alongside memory. The technical concepts that made sense during setup may become confusing later. A holder who once understood their system thoroughly may lose that understanding gradually, without clear recognition that capability has diminished.

Judgment changes too. Decision-making quality can decline before memory loss becomes obvious. A holder may make poor choices about their custody—sharing information inappropriately, neglecting maintenance, or falling for scams—without recognizing their judgment has changed.

---

Divorce and Family Conflict

Family relationships figure prominently in custody and inheritance planning. Plans assume cooperative family dynamics. Divorce, estrangement, or conflict can transform trusted family members into adversaries, making custody arrangements dangerous rather than helpful.

Shared information becomes weaponized in conflict. A spouse who knew about custody for inheritance purposes may use that knowledge adversarially during divorce. Information shared in trust can become ammunition when trust breaks down.

Children designated as key holders or beneficiaries may become estranged. Adult children fall out with parents. Siblings conflict after a parent's death. Family dynamics that seemed stable reveal fault lines under stress. Custody arrangements built on assumed cooperation fail when cooperation disappears.

Updating custody after relationship changes proves difficult. The holder going through divorce may not immediately think to remove their spouse's access or knowledge. By the time they consider it, the spouse may have already acted on information they should no longer have.

---

Environmental and Geographic Risks

Natural disasters, regional instability, and environmental changes affect custody in ways guides rarely discuss. Backup locations can become inaccessible. Geographic distribution meant to reduce risk can become liability when geography itself becomes problematic.

Flood zones expand. Fire seasons lengthen. Areas once considered stable become disaster-prone. A backup stored in a "safe" location a decade ago may now sit in an area with significantly elevated environmental risk. Geographic assumptions made at setup time may not hold.

Political and social instability can make locations inaccessible. A backup in another country provides redundancy—until travel becomes impossible, banks close accounts, or governments restrict access. International distribution introduces risks that domestic-only arrangements avoid.

Even local access can be disrupted. Evacuations, infrastructure failures, and civil unrest can make physically reaching backup materials impossible when they are most needed. The assumption of reliable physical access does not always hold.

---

Coercion and Duress

Physical threats to holders receive some discussion, but the nuances of coercion scenarios are often glossed over. Most holders lack real experience with duress and may not recognize how they would actually behave under threat. Plans that assume rational response to coercion may fail against real-world fear.

Coercion can be subtle. Manipulation by family members, pressure from business partners, or exploitation of vulnerable states—these forms of duress may not involve physical threat but can still compromise custody. Not all coercion looks like movie robbery scenes.

Plausible deniability measures often fail under real pressure. The holder who planned to reveal only a decoy wallet may not maintain that deception when actually threatened. Theoretical strategies collapse when adrenaline, fear, and real consequences enter the picture.

Extended duress differs from acute situations. Someone held under long-term pressure—domestic abuse, organized crime involvement, or corrupt authority—faces ongoing coercion that one-time security measures do not address. Time allows coercers to find weaknesses in defenses.

---

Software Supply Chain Vulnerabilities

Holders trust the software they use. Wallets, verification tools, and operating systems all represent dependencies. Compromises in software supply chains—malicious updates, hijacked downloads, or corrupted dependencies—affect users regardless of their personal security practices.

Hardware wallet firmware updates create trust moments. The holder who updates their device trusts that the update is legitimate and benign. If the update process is compromised, careful users are affected alongside careless ones.

Verification software can be the target. The tool used to verify authenticity of other software may itself be compromised. This creates a bootstrap problem where there is no trusted starting point for verification.

Open source does not eliminate these risks. The theoretical ability to audit code does not translate to actual auditing by the typical holder. Most users trust that someone else has verified the software they use, which may or may not be true.

---

Documentation Compromise

Instructions and documentation for heirs create a security tension rarely addressed. Adequate documentation for inheritance may be inadequate protection against adversaries who obtain that documentation. The same information that enables heirs can enable theft.

Physical security of documentation receives less attention than physical security of keys. A seed phrase backup in a safe deposit box may be carefully protected while the instruction document in a desk drawer is not. Attackers may target the easier target.

Digital documentation creates copies. Emails, cloud storage, and digital files can be accessed remotely, copied silently, and exploited without the holder knowing. The documentation needed for inheritance may be accessible through means the holder did not anticipate.

Death makes documentation more vulnerable. After the holder dies, access controls relax. More people handle documents. The heir seeking necessary information may not maintain the same security the holder would have. The transition period between death and completed inheritance represents elevated documentation risk.

---

Technical Obsolescence

Technology changes. What works today may not work in twenty years. Holders rarely consider whether their custody arrangements will remain functional across technology generations. Compatibility assumptions made today may prove false in the future.

File formats become unreadable. Media becomes inaccessible. The digital backup created today may require hardware that does not exist in the future. A floppy disk from the 1990s illustrates this risk—formats that were ubiquitous become historical curiosities.

Hardware wallet manufacturers may not exist forever. If the company disappears, support and replacement parts disappear with it. Proprietary devices become unsupported. Recovery depends on hardware that may not be available.

Bitcoin itself evolves. Address formats change. Transaction structures change. Wallets that work with today's network may require updates or replacement as the network evolves. Long-term custody must accommodate a protocol that continues to develop.

---

Inheritance Executor Limitations

Plans often designate someone to execute inheritance—finding materials, following instructions, distributing assets. The capabilities and constraints of this executor receive less attention than they warrant. A designated executor may not be able to do what the plan requires.

Executors have limited time. Estate administration demands attention across many assets and obligations. The executor may lack capacity to learn unfamiliar systems while handling everything else. Bitcoin may receive less attention than it needs.

Legal constraints bind executors. They may face fiduciary duties, court oversight, and regulatory requirements that affect how they can handle cryptocurrency. Flexible responses that a family member might take informally may not be available to a formal executor.

Executor conflicts of interest emerge when the executor is also a beneficiary or has relationships with other beneficiaries. These conflicts can distort how inheritance is handled. Plans that assume neutral execution may encounter biased execution.

---

Outcome

Bitcoin custody overlooked risks occupy the gap between standard guidance and actual failure modes. Trusted party degradation, cognitive decline, family conflict, environmental risks, and coercion scenarios all receive less discussion than their impact warrants. Software supply chain vulnerabilities, documentation compromise, technical obsolescence, and executor limitations extend the list further.

Overlooked does not mean unimportant. These risks cause real losses to real holders. Their neglect in standard guidance creates blind spots that holders may not recognize until failures occur.

Addressing overlooked risks requires first recognizing they exist. The holder who knows about these categories can consider whether they apply to their situation. Awareness enables assessment; assessment enables appropriate response.

---

System Context

Examining Bitcoin Custody Under Stress

Bitcoin Estate Protection Options

When You Know Bitcoin Exists But Cannot Prove It

← Return to CustodyStress