On my last evening at the World Economic Forum in Switzerland a week ago, I encountered a man who picks locks for a living—digital locks, that is. I had overheard the Swedish safe-cracker discussing his work and its relation to cryptocurrency while dining in the barroom of the Hotel Chesa Grischuna in Klosters. (You don’t need FaceTime to eavesdrop!) I invited him to share a beer later that evening.
Robert Rhodin, CEO and founder of the blockchain security startup KeychainX, helps people reclaim lost cryptocurrency wealth. The longhaired man regaled me with stories about how he has helped people recover Bitcoins. (Perhaps you might recall that roughly 4 million Bitcoins have been lost forever.) He got into the business when a friend’s Ledger wallet, a device that stores people’s private keys, started malfunctioning. Rhodin fiddled with the hardware—the circuitry behind a bum button—until he regained access, he said. On another occasion, Rhodin’s brute-forcing programs helped an early investor unravel a forgotten password that had secured his digitial vault: “rebeccaissexy.” (“Rebecca,” whose name I changed, was the investor’s girlfriend.)
I was reminded of my conversation with Rhodin when I learned of a substantial mislaid bounty this week. The proprietor of QuadrigaCX, a Canadian cryptocurrency exchange, died suddenly, taking knowledge of his business’ recovery keys to the netherworld with him. Apparently, nobody—including the owner’s widow—has access to the $190 million in virtual currencies his business secured. The late entrepreneur, Gerry Cotten, who succumbed to complications from Crohn’s disease, “ran the business through his laptop, mostly at our home” in Fall River, Nova Scotia, the widow wrote in an affidavit. But his laptop is encrypted and, she claims, she doesn’t know the password. “Despite repeated and diligent searches, I have not been able to find them written down anywhere,” she said.
This is a major problem for traders who stashed their holdings with the exchange. Already, desperate customers and other rabble-rousers are drawing knives and peddling conspiracy theories on Reddit: “The DEAD MAN IS STILL ALIVE SOMEWHERE NOW and he ran away with our money,” wrote one pessimist. With her affidavit, the widow is seeking a stay of action from the courts, requesting they halt the proceedings of any potential lawsuits while she attempts to recover business records with the help of associates and security consultants. A glimmer of hope: One forensic investigator she hired “has had some limited success in recovering a few coins and some information from Gerry’s cell phones and other computer, but not yet from the main computer he used to conduct business.”
Such wealth-obliterating mishaps are bound to become more prevalent as cryptocurrency adoption grows, despite the recent market downturn. Plenty of cryptocurrency exchanges, such as San Francisco-based Coinbase, have processes in place to transfer the departed’s treasures to families and next of kin—but not all do, as this tragedy demonstrates. No doubt many individual investors, enamored with the potential to be one’s own bank, manage their keys and passwords themselves, giving little thought to a backup plan. It’s a disaster in the making.
Upon learning of the QuadrigaCX news, I messaged Rhodin to ask whether he believes there’s any hope for a hired hand to dig up the exchange’s elusive riches. “It’s worth a shot,” he said, noting that breaking a computer’s encryption “is usually much easier than a crypto wallet.” But he added a caveat: “of course depending on password length…”
Mortality, despite its inevitability, is often, regrettably, unexpected. What happens to your cryptocurrency, post-mortem, doesn’t have to be.
A version of this article first appeared in Cyber Saturday, the weekend edition of Fortune’s tech newsletter Data Sheet. Sign up here.