While this is important even outside of Bitcoin, Bitcoin itself almost requires that you set up a system or dead man's switch if you will that will let your family get access to your wallets in the event of your death. There's no centralized entity that your family can contact to gain access to your accounts. No beneficiaries you can set, etc.
So I would like to know: what system do you have in place so that your loved ones can both have access and even know how to access your Bitcoin wallets?
I'm starting to research this to see what the best approach is for me and would love to hear different approaches/suggestion. Thank you in advance.
The most simple solution: encrypt your seed(s) on a USB stick and give a copy to your loved ones. Keep the encryption key for yourself, and store it in a safe place, or write it in your will with instructions so that the seed can be recovered after your death.
Alternatively, you can use a SeedKeeper which is a smartcard that allows you to store your seed(s) securely inside a secure element and protected by a PIN code. SeedKeeper firmware is open-source
disclaimer: I am the developer behind seedkeeper.
reply
I can also recommend these steel sheets where letters can be stamped in. They might be more durable for long timeframes like e.g. human lifetimes. One must put them safe or hide them well on the other hand...
reply
Whatever you do, first make sure that at least one of your loved (and trusted) ones knows how to handle this stuff. If you don't and all they're left with are cryptic codes, chances are they will either never get to it or they might be scammed by someone they contact to help them retrieve the funds.
I'm thinking about this at the moment too, and I'm planning to do some practical exercises with a few loved ones, real-world exercises like:
1- here's a seedphrase, it has got 10K sats in there, find it 2- here's a seedphrase + passphrase, it has 50K sats in there, find it 3- here's a seedphrase + passphrase, it has 100K in a derived account somewhere, find it
Option number 2 & 3 are special, because this way I can create a hidden wallet within a known seed phrase, which I can just have written in my will or have it deliver after the fact somehow (finalmessage.io comes to mind) that will allow them to retrieve funds in a way they're already familiar with.
There are multisig setups also, but those might get more complicated.
reply
That finalmessage.io site is pretty cool! Not sure I would trust it with anything sensitive even if they claim it's encrypted locally before being sent to their server. Would love to find an open source alternative of finalmessage.io that I can audit and run on my own servers. That would be dope! Thank you for that link and for your exercises. Those are pretty cool and I may do that with some family members as a sort of treasure hunt to entice them to learn about bitcoin/lightning in a way that will reward them with sats at the end.
reply
There's a few factors that determine how to approach this:
  1. Are sats KYC'd or no-KYC?
  2. Do you need your solicitors involved?
  3. Do your beneficiaries understand Bitcoin?
The first feeds into a choice of mechanics; multi-sigs, passphrases, sharding, collaborative, custodial etc etc. It is also related to the last - do your beneficiaries understand Bitcoin and even what KYC/No-KYC means and implies?
The second probably mostly applies for those with KYC sats and who are older with other assets and families. Disputes post-death, bring lawyers and the courts into the conversation. In some jurisdictions, the flow of assets from the estate to the beneficiaries must pass through the executor's hands. In my experience:
  1. Lawyers are generally unencumbered by technical ability, and for professional risk management reasons, will be unlikely to be prepared to do so. So they will be as informed about key management as the founder of Creggcoin is - that is to say - clueless.
  2. Deaths in the family bring out both the best and the worst in people. YOU may be clear about what you want(ed) to happen, but those around you may see things differently, AND be prepared to raise legal cases/disputes etc. In the first, lawyers become part of the problem - that's ok just cater for it. In the second, lawyers can become part of the solution.. or not. Just be aware that it's a possibility.
The third is probably the least discussed amoungst bitcoiners imo. Do your beneficiaries understand Bitcoin? Do they at least understand what they are getting? Have you discussed that with them and what they may/may not do? Do you realise that once you're gone, all that goes out the window. Again, entirely personal set of circumstances for each individual thinking about this.
The one actionable piece of advice you should consider in the immediate term:
Whilst you think about those other points - make sure your family/loved ones have the contacts for someone you trust who will help them when the time comes.
Deaths of those you're close to are a massive shock to the system - huge stress and distress - memory, cognitive function, decision making .. all goes out the window for a while. Ensuring those left have a trusted friend to reach out to gives them a safe set of hands you trust.
reply
Thank you for the thorough response. In my case the answers to your questions are:
  1. nonKYC
  2. Not sure I understand this question.
  3. No one I know understands bitcoin lol I'm working on it but they're not interested enough in it to really take the time to learn it or listen to me talk in depth about it.
reply
Simplest one I see is just multisig with family lawyer.
Look into Mycitadel project for advanced schemes.
reply
I'd rather not have to involve any lawyers.
That said, MyCitadel looks VERY interesting. Surprised I've never heard of it. Thank you for that info! Posting a link here for others to use if they're interested: https://mycitadel.io/
reply
They released beta quite recently.
You are welcome)
reply
Our approach at Valera is likely going to be a 2 of 4 multisig system (once we get schnorr on LN so we can use FROST for threshold schnorr magic).
2 keys on users phone, one synced e2ee with their cloud provider and one in the mobile’s local storage (preferably HSM?) (or not, maybe both are e2ee synced)
Another held by Valera
Another held by user by not hot, only in their will, presumably in a safe manner like tamperproof bag, metal engraved plate etc.
If not the death certificate, maybe a signature from the key that was stored safely.
Then we’ll notify the owner’s device saying that the key has been accessed and that a wealth transfer is imminent (we will cooperate with the paper key unless we hear from the owner)
If we get a signed response from one of the other keys that only the original owner had (idk) before a timelock we won’t sign the wealth transfer, or something. Not 100% yet ofc. This requires trusting us to be available there.
There are a few mods to this strategy that could be used to achieve different goals too.
reply
Evolving this IRT
Instead of trusting us not to sign even if we get a signature to not cooperate, we keep a live set of death close txs on the user’s device that update when channel updates happen.
These deathclose txs would be fully signed and valid, and close channels directly into a timelocked contract. From this contract, one of the two keys on the user’s device could spend immediately, or the safety key kept away for death can spend after a certain (configurable?) time period.
These txs are then encrypted to the safety key’s public key, and published publicly. They are perfectly valid but can’t disrupt anything unless the safety key is activated, decrypts the tx and broadcasts it.
Now the original user’s device is completely aware of these transactions’ existence (it created them after all) so every time it periodically syncs transactions relevant to its UTXOs via Neutrino, which would pick up these deathcloses if ever broadcast. The device can then send a local emergency notification that the key has been activated and to open the app. Upon opening, user gets details of what’s happening and provides authorisation for the wallet to broadcast cancellations and reopens the channels.
Of course, it all gets a little more complicated when you introduce multi-device FROST signatures for the onchain savings account but that’s for another day lol
reply
Worth noting in this second one, the “multisig” layout works out as a normal 1-of-1 but with valid channel closures (deathcloses?) signed by that singular hot key to a recovery key that can redeem those funds as long as the initial key is not “alive”.
We don’t need schnorr for this method; this is doable now.
reply
Been speaking more with my family on this matter just in case actually just got my best student to get a cold card.
reply
Oh the depression of Sunday evening