Key Takeaway
Stefan Thomas didn't lose his Bitcoin because he was reckless. He lost it because the only person who knew how to find the password was a younger version of himself, and that version is gone. Most digital wealth disappears the same way — quietly, between two people who forgot they hadn't actually had the conversation. The fix is small, repeatable, and unfashionable: write down where the access lives, somewhere a person who isn't you can follow it. Today is fine. Next year is too late.
Stefan Thomas keeps a small encrypted hard drive somewhere in San Francisco. We don't know exactly where. He's never said. What we do know is that the drive holds 7,002 Bitcoin — about seven hundred million dollars at the moment you're reading this — and that Stefan, the only person on Earth who could open it, can't remember the password.
He had ten attempts. He's used eight.
The drive is an IronKey, a particular model of secure storage that takes its job seriously. Eleven wrong tries and the contents encrypt themselves into mathematical noise — not corrupted, not erased, just permanently sealed in a way that no government, no exchange, no recovery service can undo. The Bitcoin will still exist on the blockchain. Anyone in the world will be able to see them sitting at his wallet address, untouched, forever. They simply will not be reachable. Not by him. Not by anyone.
The whole story has a tidy, almost literary quality to it, and that's part of why it became the most photographed cautionary tale in crypto. It's also the reason almost nobody draws the right lesson from it.
Stefan got the coins in 2011 for a short educational video he made called What is Bitcoin? — the kind of thing that ran a few minutes long and tried to explain a strange new currency in plain English. Someone in the early Bitcoin community liked it enough to send him 7,002 BTC as a thank-you. At the time those coins were worth about seven thousand dollars. Decent freelance money for a video. Not life-changing. He moved them onto the IronKey, wrote the password on a piece of paper, and got on with his life.
That life turned out to be unusually successful. By 2017 he was Chief Technology Officer at Ripple. He helped build the architecture of how value moves between blockchains. He's the chair of the Interledger Foundation today. He is, by any measure, one of the most technically literate people in the entire industry. And somewhere between 2011 and the moment he sat down at his desk to actually use those coins, the piece of paper went missing.
He told The New York Times in early 2021, when his story first broke into the mainstream press: "I would just lie in bed and think about it. Then I would go to the computer with some new strategy, and it wouldn't work, and I would be desperate again." He'd tried hypnosis. He'd hired memory consultants. He'd stared at the ceiling for nights running, hoping the password would surface the way an old phone number sometimes does after years of dormancy. It never did.
A few years later a small cybersecurity firm called Unciphered figured out a way to crack IronKey devices. They reached out to him. He turned them down — he'd already shaken hands, verbally, with two earlier teams who hadn't managed it, and he didn't want to break those agreements. As of this writing the drive is still locked. Two attempts remain.
It's tempting to read all of this and feel the mild relief of distance. That's a Stefan Thomas problem. He had seven hundred million dollars in Bitcoin. I have a Vanguard account and a few photos in iCloud. And it's true that the dollar number is theatrical in a way that makes the story easy to share at dinner parties. But the dollar number is also what's hiding the real lesson, which is much smaller and much closer to home.
The real lesson is this. Most digital wealth that disappears doesn't disappear because somebody got hacked or robbed or scammed. It disappears in a quiet, ordinary way — between two people who never quite got around to having the conversation.
A father passes. His widow knows there's a brokerage account somewhere, but she's never logged in. Their son thinks Dad mentioned crypto once at Thanksgiving but he can't find anything that looks like a wallet. There's a laptop on the desk in the study; nobody knows the password. There's a phone, also locked. There's a small fireproof safe in the basement, and inside it: a USB stick, a spiral notebook with twelve random English words written on the first page, and a yellow Post-it that just says Trezor — bedroom drawer. Nobody in the family knows what a Trezor is. The notebook gets dropped into a banker's box labeled Dad's stuff — sort later. Six years go by. The box gets donated to a thrift store during a move. The twelve words on that page were the seed phrase to a cold wallet holding $180,000 in Ethereum.
That's the version of the story that doesn't make The New York Times. It happens, in small variations, in tens of thousands of households a year, and the families involved usually never even learn that anything was lost. You can't grieve what you didn't know existed.
Crypto exchanges quietly estimate that somewhere between three and four million Bitcoin are permanently inaccessible at this point. Over three hundred billion dollars at current prices. A handful of those coins are in landfills — there's a famous case of a man in Wales who has been petitioning his local council for over a decade to be allowed to dig through the dump for a hard drive he threw away in 2013. But the largest single category, by a wide margin, is people who passed away without leaving instructions a non-technical person could follow.
Sovereign money sounds romantic in a manifesto. Be your own bank. What the manifesto leaves out is that being your own bank means there is no support desk to call when you're no longer here. There's no helpful agent who will look up the death certificate, freeze the account, and walk a grieving spouse through reactivating it. The blockchain is indifferent. The coins sit there, perfectly preserved and perfectly unreachable, and the indifference is part of the architecture, not a bug.
Now, the response most people have to this — and I had it too the first time I really sat with Stefan's story — is to make a private resolution to just tell my spouse the password. That's not the fix, though it sounds like the fix.
A password by itself is a useless object. To be useful, your spouse also needs to know which exchange the account is on, that the account exists at all, where the laptop is, what the laptop password is, what 2FA is, where the backup codes are kept, what to do once they're inside, who to call if the screen says something they don't recognize, and how to handle the resulting tax mess. A handwritten paper that says Coinbase / MyDog2019! is essentially noise to a sixty-seven-year-old widow who has never logged into Coinbase, has never typed a six-digit code from an authenticator app, and cannot guess that MyDog refers to the dachshund who passed in 2009.
The instruction has to be readable by someone who isn't you. That sentence is the entire game, and the IronKey on Stefan's desk is just the unusually expensive version of it. He failed to leave instructions for his future self. Ordinary families fail to leave instructions for one another. The failure looks small from the inside, the way a lot of important failures do, because it lives in the gap between I'll get to that and the moment when getting to it is no longer something you have the option of doing.
Stefan, for what it's worth, has made a sort of peace with his version. In one of his more recent interviews he said something I've been thinking about for weeks. "I've moved on. The most useful thing about losing seven hundred million dollars is that you find out, very precisely, what money was actually doing for you in your life — and what it was not."
That's a beautiful line and I hope he means it. But it's also, gently, the wrong takeaway for almost everyone who reads his story. Because almost nobody reading this is in a position where they can afford to move on from their own version of it. The savings, the small house with the deed somewhere in a filing cabinet, the photos of grandchildren on a tablet under the bed, the modest 401(k), the four thousand dollars of crypto that someone bought in 2017 and forgot about — those are the everyday Stefan Thomases that don't make the front page. They go quietly into the box labeled sort later, and later doesn't come.
The question worth holding onto, the one that does the work of all the bullet points and three-step plans you'll find on every estate-planning blog, is much simpler than any of those:
If your family had to rebuild your digital life starting tomorrow, with only what you've already written down — how far would they get?
That's it. That's the whole thing. If the honest answer makes you uncomfortable, the discomfort is the point, and the only useful response is to do something small about it before you close the tab and forget. Open one document on your computer. Write down where one important account lives, and how a person who is not you would find their way into it. Tell one person where that document is. You don't have to fix everything tonight. You just have to stop being the only person in the room who knows.
Stefan Thomas had two more attempts when The New York Times called him in 2021. As far as anyone outside his immediate circle can tell, he still has two. The drive is still on his desk. The Bitcoin is still there. The version of him who wrote down the password isn't.
Most of us are not him. But the gap — between the person who knew, and the people who'll be left to figure it out — that part is the same.
Related reading
