Bitcoin Custody Risk Assessment as Exposure Mapping

Mapping Exposure Across Custody Components

This memo is published by CustodyStress, an independent Bitcoin custody stress test that produces reference documents for individuals, families, and professionals.

What Risk Refers To

The assessment encounters the term 'risk' frequently in custody discussions. A custody system has risks. Inheritance involves risks. The risks are high or low. The word gets used without clarity about what it refers to.

The assessment sometimes encounters 'risk' used as if it implies prediction. The risk of failure is high. The risk of loss is low. These statements sound like forecasts. They suggest someone knows what will happen or how likely it is.

A bitcoin custody risk assessment does not forecast outcomes. It maps exposure. Exposure refers to areas where loss, blockage, or degradation could occur. The mapping identifies where vulnerability exists. It does not predict whether vulnerability will materialize.

This memo describes what custody risk assessment characterizes and what it does not characterize.

---

What Risk Refers To

Risk refers to exposure to something unwanted. In custody, the unwanted outcomes include loss of access, permanent lockout, partial recovery, delayed inheritance, and value degradation.

Exposure means the possibility exists. A custody system is exposed to key loss if a key could become unavailable. A custody system is exposed to coordination failure if recovery depends on multiple parties acting together. Exposure describes vulnerability. It does not describe certainty.

Risk exists before anything goes wrong. The exposure is present in the structure of the system. A house near a river is exposed to flooding. The house may never flood. The exposure exists anyway. Bitcoin inheritance risk exists in custody structures that could produce blockage under certain conditions. The blockage may never occur. The exposure exists anyway.

---

Exposure Versus Prediction

Exposure mapping identifies where vulnerability exists. Prediction claims what will happen. These are different activities.

Exposure mapping says: this custody system depends on a single device. If that device fails, access is blocked. The mapping identifies the dependency. It does not say the device will fail. It does not say when it might fail. It does not assign a probability.

Prediction says: there is a 30% chance the device will fail within five years. This statement claims knowledge about the future. It assigns likelihood. It forecasts an outcome.

A bitcoin custody risk assessment maps exposure. It identifies dependencies, concentrated points, and structural vulnerabilities. It does not predict which vulnerabilities will materialize or when. The future contains too many variables for reliable prediction.

---

Exposure Categories

Custody exposure falls into categories. Each category describes a type of vulnerability.

Key loss exposure: The custody system depends on keys. Keys can be lost, destroyed, or become inaccessible. Exposure exists wherever key availability is not assured.

Coordination exposure: The custody system depends on multiple parties. Parties can become unavailable, uncooperative, or unreachable. Exposure exists wherever recovery requires coordination that could break down.

Access decay exposure: The custody system depends on devices, software, and services. These components age. Devices fail. Software becomes incompatible. Services shut down. Exposure exists wherever time degrades access paths.

Dependency concentration exposure: The custody system routes through shared points. A single credential unlocks multiple components. A single person holds critical knowledge. A single service hosts critical data. Exposure exists wherever dependencies concentrate.

Knowledge gap exposure: The custody system requires knowledge to operate. Knowledge exists in the holder's mind. Knowledge may not transfer to heirs. Exposure exists wherever undocumented or untransferred knowledge is required.

---

Bitcoin Inheritance Risk Categories

Bitcoin inheritance risk reflects exposure categories that apply specifically to succession scenarios.

Holder absence exposure: Inheritance occurs after the holder is unavailable. The custody system was operated by the holder. The holder's absence removes knowledge, credentials, and real-time assistance. Exposure exists in everything the holder's presence provided.

Timing exposure: Inheritance involves delays. Probate takes time. Family communication takes time. Technical recovery takes time. During delays, devices age, services change, and people become harder to reach. Exposure exists in time-dependent components.

Successor capability exposure: Heirs vary in technical knowledge. The custody system may require capabilities the heir does not have. Exposure exists wherever heir capability does not match system requirements.

Legal-technical mismatch exposure: Inheritance operates through legal authority. Bitcoin custody operates through cryptographic keys. Legal documents do not produce keys. Exposure exists in the gap between what legal process grants and what custody systems require.

---

What Assessment Produces

A bitcoin custody risk assessment produces a map. The map shows where exposure exists. It identifies categories. It notes concentrations. It describes dependencies.

The map does not rank exposures by likelihood. Ranking implies prediction of future conditions. The assessment does not claim to know which exposure will materialize first or whether any will materialize at all.

The map does not score exposures numerically. Numerical scores imply precision that does not exist. A score of "7 out of 10" suggests measured probability. No measurement produces such precision for custody outcomes.

The assessment output presents exposure terrain. It shows where cliffs exist, where paths narrow, where bridges are weak. It does not say which cliff someone will fall from or which bridge will collapse. It shows the landscape of exposure.

---

Why Prediction Is Not Included

Prediction is not included because it is not possible with useful accuracy. Custody outcomes depend on future conditions that are unknowable.

When will the holder die? Unknown. What will the heir's technical capability be at that time? Unknown. Will the software still be compatible? Unknown. Will the key person still be reachable? Unknown. Will the service still operate? Unknown.

Each unknown compounds with others. The holder might die in two years or twenty. The heir might learn more or forget what was learned. The software might update smoothly or become incompatible. The combinations multiply. Prediction in this context lacks stable informational grounding.

Assessment acknowledges this uncertainty. It identifies what is exposed without claiming to know what will happen. Exposure is observable now. Outcomes are not.

---

Exposure Without Failure

Exposure exists even when no failure occurs. A custody system can operate successfully for decades while exposure remains present.

The holder uses the system without difficulty. The keys remain accessible. The devices continue working. The software stays compatible. No failure occurs. The exposure was present the entire time. The conditions that would have triggered failure simply did not arise.

Assessment identifies exposure regardless of outcome history. A system that has worked for years may still have concentrated dependencies. A system that has never failed may still have undocumented knowledge gaps. Past success does not eliminate present exposure.

Exposure is structural. It exists in how the system is built. Failure is situational. It occurs when circumstances intersect with exposure. The assessment maps structural exposure independent of situational outcomes.

---

Multiple Exposures

Custody systems typically have multiple exposures. More than one category applies. More than one vulnerability exists.

A system may have key loss exposure and coordination exposure and knowledge gap exposure simultaneously. The exposures are not exclusive. They can overlap. They can interact.

Assessment maps all identified exposures. It does not reduce them to a single number or a single category. The map shows the full terrain, not a simplified summary.

Multiple exposures do not mean failure is certain. They mean multiple areas of vulnerability exist. None may materialize. Some may materialize. The assessment describes the exposure landscape without predicting which areas will produce actual blockage.

---

What Changes Over Time

Exposure changes over time. Assessment captures a moment. The moment passes. The exposure landscape shifts.

New dependencies form. The holder adds a service. The service becomes a dependency. New exposure appears.

Old dependencies weaken. A device ages. A person becomes less available. Existing exposure intensifies.

Some exposures resolve. Documentation is created. Knowledge is transferred. A backup is added. Existing exposure diminishes.

Assessment is time-bound. A bitcoin custody risk assessment describes exposure at the time of assessment. The description does not remain accurate indefinitely. The system changes. The exposure changes. The map ages.

---

Identifying Exposure Does Not Imply Prevention

Identifying exposure does not imply that exposure can be eliminated. Exposure may be structural. It may be inherent to the custody approach. It may exist because of choices that serve other purposes.

A custody system uses a single hardware wallet for simplicity. The single device creates dependency concentration. Identifying this exposure does not mean the exposure can be removed without cost. Adding devices adds complexity. The trade-off is structural.

A custody system relies on the holder's knowledge. The knowledge gap exposure exists. Transferring knowledge fully is difficult. Some knowledge is implicit. The exposure may persist despite effort.

Assessment maps exposure. It does not claim that mapped exposure is avoidable. Some exposure can be reduced. Some cannot. Assessment describes what exists without promising what could exist.

---

Exposure and Inheritance

Bitcoin inheritance risk concentrates where custody meets succession. The custody system was designed for the holder. Inheritance requires operation by someone other than the holder.

Exposure accumulates at this boundary. The holder's knowledge is exposed as a gap when the holder is absent. The holder's credentials are exposed as blocked when they cannot be located. The holder's relationships are exposed as dependencies when coordination is required.

Inheritance-specific exposure exists separately from operational exposure. A system that works well for the holder may have substantial inheritance exposure. The two are different questions. Assessment examines both.

---

What Assessment Does Not Provide

A bitcoin custody risk assessment does not provide certainty. It does not guarantee outcomes. It does not promise that identified exposures will or will not materialize.

Assessment does not provide rankings. It does not say which exposure is most dangerous or most likely. Such rankings would require predictive knowledge that does not exist.

Assessment does not provide solutions. It identifies exposure. What happens with that information is separate from the assessment itself. The assessment maps terrain. It does not build roads.

Assessment does not provide permanence. The map is valid for the moment of assessment. Time changes the territory. The map becomes historical.

---

Conclusion

A bitcoin custody risk assessment characterizes exposure categories without predicting outcomes or ranking likelihood. Risk refers to exposure—areas where loss, blockage, or degradation could occur. Exposure exists in custody structures before any failure materializes.

Exposure categories include key loss, coordination breakdown, access decay, dependency concentration, and knowledge gaps. Bitcoin inheritance risk adds holder absence, timing, successor capability, and legal-technical mismatch. Assessment maps these exposures without claiming to forecast which will materialize.

Identifying exposure does not imply prediction or prevention. Assessment describes structural vulnerability at a moment in time. The exposure landscape changes. The map ages. Assessment provides description, not forecast.

---

System Context

Examining Bitcoin Custody Under Stress

Bitcoin Setup Minimum Requirements as Context-Dependent Thresholds

Bitcoin Custody Maturity Level as an Imported Framework

← Return to CustodyStress