Understanding Safe Deposit Box Security for Crypto Assets
Jan 31, 2025I'm a huge fan of monetary sovereignty and self-custody. After all, that's the essence of public blockchains and Bitcoin - the financial freedom we've all been waiting for (not everyone's been waiting for it, but they should have been).
Seed phrase backup fundamentals
When it comes to private key and seed phrase backup, there are many ways to get the job done and there is NO one right way but rather the way that is right for you. Creating and storing seed phrases offline is the one universal security best practice. However, how and where they are stored offline is where everyone's paths may diverge.
Advanced backup strategies: Multi-signature solutions
A multi-sig or multi-shared backup scenario like Trezor's Multi-share Backup is SatoshiLabs Improvement Proposal (SLIP39) can dictate what the backup security strategy looks like. The Trezor Safe 5 hardware wallet is capable of up to 16 shared seeds in an N/M scenario.
EXAMPLE
Bob buys a Trezor Safe 5 and sets up 2/3 seed sharing where any two of the three seeds can be used to recover the wallet. Now Bob has to choose where to store each of the 3 shared seeds. Bob could have set up his Trezor using a single seed, but he also has to choose whether to have more than one backup of the same seed phrase.
Geographic security options
Geographic security is achieved by storing your backup phrase in more than one location. There are two main ways to achieve this:
- A safe deposit box at a bank
- A private safe in your home or office
Bank safe deposit boxes: Pros and cons
It may seem ironic to use a safe deposit box at a bank for a strong self-custody model, but financial institutions know how to secure themselves and the penalty for committing a felony at a U.S. bank is extreme, at 25 years imprisonment. It's obvious these penalties are a strong deterrent to the risk of your safe deposit box getting compromised.
What other risk is there with renting a safe deposit box? The risk of safe deposit box robbery is low, but the risk of you screwing up your box rental is high. Nonetheless, the process tips in your favor.
Key Takeaway
Remember you are your own worst enemy in crypto. You are also the highest risk of all risks in crypto, to top it off.
NOTE: For some reason lots of people in the U.S. call a safe deposit box a "safety deposit box." It's NOT safety; it's safe. A safe deposit box is like a mini version of a safe in the form of a box inside a bank vault; hence the name "safe" in safe deposit box.
Case study: The Alice incident
Let's examine the anatomy of a safe deposit failure and where things can go wrong.
Alice opened a safe deposit box at TD bank to store her Bitcoin hardware wallet seed phrases. She put the annual rental fee on auto draft so wouldn't have to worry about paying the fee just once a year. After 3 years Alice started using Bank of America as her primary bank rather than TD Bank. The annual box fee bounced because Alice didn't keep enough money in the account. She also didn't get the late fee notice because she changed addresses, but didn't update the address with TD Bank. Are you starting to get the picture on the comedy of errors happening to Alice?
It would be very difficult to screw up safe deposit box management so badly that you'd lose access to your stuff. That's the good news. Let's take a look at what actually happens in the worst case scenario.
The timeline of safe deposit box failure
- The safe deposit box holder FAILS to pay the annual rental fee.
- The bank will send late notices for several months.
- Rental fees have to go about 1 year past due before "drill notices" are issued.
Key Takeaway
US banks do NOT have a spare key to your safe deposit box. Only you have the key so the only way to access a box without the key is to drill out the lock. Banks typically pay third-party vendors to drill locks when customers lose their key or when box fee is not paid. Banks don't want to drill a box because they have to pay for it on top of your unpaid fees.
The drill out process
- A drill notice is a final plea for a customer to pay their past due fee.
- The bank will send drill notices for several months.
- Banks do lock drill outs about 1-2 times per year (very infrequently).
- The time from rental fee due date to drill out can be about 18 months to 2 years.
- Drill outs trigger the bank to document box contents, seal them in a tamper-proof bag and lock the contents in the bank's "overflow box" within the bank vault.
- The bank will send "come and get it" notices after the drill out.
- The bank will also email and call customers to resolve the issue.
- This process is a headache for banks.
The unclaimed property process
- If you fail to resolve the issue for about 2 years the bank will file an unclaimed property report with the state treasury (and send the property to the state (Pennsylvania for example).
- The Bureau of Unclaimed Property may hold unclaimed property for an indefinite period, depending on the state.
- You have to make a claim with a Bureau of Unclaimed Property to reclaim your assets.
- This process could be extremely arduous and painful so avoid getting to this stage.
Key Takeaway
The process takes years before your assets funnel into the unclaimed property process and then there are potentially an unlimited number of years afterwards to reclaim your property. Don't let any of this happen to you.
While safe deposit boxes can be an excellent solution for securing your crypto assets, they require proper management and attention. Keep these best practices in mind:
- Always maintain sufficient funds in your linked account for annual fees.
- Update your contact information promptly when it changes.
- Consider setting up automatic reminders in your calendar for annual renewals.
- Keep your box keys in a home or office safe.
- Consider implementing a multi-location backup strategy.
- Physically check your safe deposit box one a year and confirm the fees are paid.
Key Takeaway
The security of your crypto assets ultimately depends on your diligence in maintaining your backup solutions, whether they're in a bank vault or elsewhere.
