It has been customary throughout the centuries to record events and all related information, notably the date of the event, in registers. Record-keeping has been an essential element in the development of organized human societies. Thus, already in ancient Rome, bankers chronologically recorded all deposit and withdrawal transactions in their registers. The same applied to auction records, trade records, and others. The Templars used similar registers in the 12th and 13th centuries and even created a secret code verification system that allowed pilgrims to travel without having to carry any belongings, goods or cash on their person. In the 9th century, the ancestor of the banknote, called "flying money" or "Fey-thsian", made its appearance under the Tang dynasty and involved a system of deposit registers and dated receipts. In 14th-century France, the Church established the use of parish registers, precursors of civil registries, in which baptisms, marriages and burials were recorded and dated and which were often used as evidence during trials.

 The practice of associating a date or even a time with an event or a document, also called “timestamping”, has its roots in the need to produce evidence to assert or confirm a right or an obligation during a dispute or litigation. Administrations often ask citizens to provide an extract of a birth certificate not older than three months. The reason for this request is not related to the birth as such, but to the person's status at the time of the request. Indeed, the birth certificate also mentions important events creating rights or obligations (marriage, divorce, civil partnership, guardianship, etc.). The affixing of the stamp and the date by a registrar on the extract provides this proof.

 But how do you verify the existence of electronic data? The digitalization of entire sectors of economic activity has led to the need for electronic timestamping, to verify both timing and content. In many areas such as intellectual property, personal data protection and IT, it has become essential to prove the existence of specific data at a specific date and time. In the absence of such proof, a person could be denied rights which are rightfully theirs and/or be wrongly penalised.

 In our previous article we briefly introduced you to the general principles of timestamping.  Today we are going to go deeper and guide you through the process of electronic timestamping; what it is, how it works and lastly, how it operates in a legal context.  On this last point, electronic timestamping raises many questions, notably as to the reliability of the process. The debate on the probative value of emails is still recent. Everyone knows how easy it is to change the local time on a computer or a computer system. Consequently, a new law had to be introduced to regulate electronic timestamping systems and thus set certain technical requirements to guarantee their reliability as evidence. 

All computer systems are equipped with a real-time clock which indicates the current date and time for various operations carried out on the device, such as creating a file or sending an email. These clocks keep accurate time even when the device is turned off, because not only are they powered by a battery located on the computer's motherboard, but they are also connected to the Internet. As such, this internal computer clock already provides a form of electronic timestamping, but it is unreliable. Not only can we manipulate the date and time within the software, but we can also tamper with the system clock to change the date and time associated with records in the event logs, the file system or in database transactions.

To achieve the same reliability as provided by a registrar stamping a certificate, the initial regulations called for the participation of a trusted third party in the electronic timestamping process.  Timestamping was defined for the first time in article 1 of the decree of 20 April 2011 as the “mechanism associating a representation of data at a particular time and attesting to the existence of the representation of this data at this instant by means of a timestamp token [which] includes a stamp from the electronic timestamping service provider established using the signature data of the timestamp token”. This definition of electronic timestamping therefore presupposes the use of a trusted service provider, which de facto excludes certain forms of electronic timestamping. 

A few years later, in 2014, the European Union regulation on electronic identification and trusted services for electronic transactions in the internal market, known as the eIDAS regulation, was adopted. It aims to allow the free circulation of timestamp tokens and therefore facilitate trade for more than 400 million people. In this regulation, electronic timestamping is defined more largely as "data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time".

In other words, electronic timestamping is a process whereby a date and time can be electronically bound to other data in electronic form to certify, either with or without the intervention of a trust service provider, of its existence or execution at a given moment and also to attest to its content at that precise time.

What are the two recognized types of electronic timestamping?

The eIDAS regulation mentions two categories of electronic timestamps: 

Non-qualified or simple electronic timestamping;

The regulation does not provide a specific definition for simple electronic timestamping. It is understood that a timestamping process that does not meet the conditions indicated in the eIDAS regulation is of the non-qualified type. 

Conversely, article 42 defines qualified electronic timestamping as fulfilling the following conditions:

It binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably;

It is based on an accurate time source linked to Coordinated Universal Time; and

It is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method.

Regarding this last condition, the eIDAS regulation leaves room for innovation and the development of a method ensuring a level of security equivalent to the advanced electronic signature or the advanced electronic seal. It is up to the trust service provider to demonstrate that its method meets the requirements set out in the eIDAS regulation.

Electronic timestamping (with use of a trust service provider) is a “process which links the representation of a data to a particular time". To apply a timestamp to data in electronic form (example: a contract, software source code, an invoice, an electronic medical prescription, a price indication, a ticked box on a form, access to an information system), a unique identifier must be generated through use of the hash function. This step is essential in order to create a reliable and unique representation of the data; that is, a virtual fingerprint. This is then transmitted to the timestamping service authority, which combines the digital fingerprint with the exact date and time based on Coordinated Universal Time (UTC). The reliability of this combination is guaranteed by means of a timestamp token, which is a type of signed certificate containing:

-          the digital fingerprint or representation of the data;

-          the UTC date and time;

-          the timestamp token seal. 

Under the French decree on electronic timestamping, the timestamp token seal allows the identification of “the electronic timestamping service provider that issues it and ensures a link with the timestamp token to which it is attached.” It is the combination of the timestamping authority’s private key and a public key, communicated to the user by means of an electronic certificate.

At the end of the timestamping process, the timestamping authority sends all these items to the user and also archives them. 

The legal admissibility of electronic timestamping as evidence

Timestamps, even when electronic, are admissible as evidence in the courts of the European Union.

Thus, a non-qualified electronic timestamp is admissible in court, in particular when evidence can be produced by any means. In point of fact, article 41§1 of the eIDAS regulation establishes a principle of non-discrimination as regards electronic timestamping, accepting it as evidence in court at the same level as manual timestamping, even if it does not meet the requirements of qualified electronic timestamping. The same holds true for non-qualified electronic registered delivery services. 

In Switzerland, the SCSE regulation of 2016 provides a legal framework that is similar to eIDAS.  Although SCSE does not provide specifications on the technical standards that need apply, the Swiss Federal Council recognizes as valid, processes that have been implemented in line with eIDAS standards.  As with eIDAS, SCSE grants a higher probative value to certificates issued by qualified trust service providers.

Presumption of reliability in favor of qualified electronic timestamps

Contrary to the simple electronic timestamp, a qualified electronic timestamp shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound (article 41§2 of the eIDAS regulation). This provides a significant advantage in the event of litigation or dispute, as it allows to reverse the onus of proof and the burden of proof can be shifted onto the party challenging the reliability of a qualified timestamping system. In this context, a part of the doctrine equates qualified electronic timestamping with the electronic version of the legal concept of "certain date".

By extension, in France, article L100 of the postal and electronic communications code states that electronic registered delivery is the equivalent of physical registered mail as long as it meets the requirements of article 44 of the eIDAS regulation, especially as regards the use of a qualified electronic timestamp. In this case, the data sent and received by means of a qualified electronic registered delivery service benefits, among other things, from a presumption as to the integrity of the data and the correctness of the date and time of sending and reception. In fact, an electronic timestamp applied to registered mail has an advantage over physical registered mail, because electronic timestamping not only certifies the date but also the content, which physical registered mail does not.

Thus, when Vaultinum, a trusted third party in the electronic timestamping process, timestamps electronic documents such as an invoice, a reference price or a deposit, the Vaultinum stamp both provides a certain date to the documents in question as well as attests to their content at the time of affixing the timestamp token. As such, this content cannot be altered.

Vaultinum has long been providing physical and electronic timestamping services as part of its activities as a trusted service provider, particularly for the deposit and archiving of digital assets or records.  Visit us at https://vaultinum.com/timestamping to learn more about our timestamping solutions.  

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

The practice of associating a date and time with an event, also called “timestamping”, has its roots in the need to produce evidence to assert a right during a dispute or litigation.  But how do you verify the existence of electronic data? The digitalization of entire sectors of economic activity has led to the need for electronic timestamping.  This article will review the ‘what’ and ‘how’ of electronic timestamping in the overall legal context.  

The practice of associating a date and time with an event, also called “timestamping”, has its roots in the need to produce evidence to assert a right during a dispute or litigation. S what is Electronic Timestamping and how does it work?

What is Electronic Timestamping and how does it work? 

Due diligence has become one of the buzzwords of the 21st century. And there is a good reason for it. After all, we live in an age of data explosion where information is easily available, but its veracity itself is in question. In such a situation, due diligence and due diligence mechanisms are essential tools in the digital economy.

 But what exactly does due diligence mean, and how it is it carried out? Are there different kinds of due diligence that apply in different situations? These are some of the questions that we'll attempt to answer today.

What Is Due Diligence And Why Is It Important?

Due diligence is a process that involves checking the validity of a position, action or status. It is the opposite of negligence, or the accepting of things at face-value. 

 The origins of the term "due diligence" can be traced back to US legislation that sought to protect investors against misinformed investments. Here, investment brokers were required to disclose all essential information about the business being invested in. In case they failed to do so, they could be held liable and faced prosecution.  However, brokers raised concerns regarding the fact that they themselves might not always have access to the required information, and in such cases, they should not be held responsible for withholding the same.  To protect brokers from wrongful lawsuits, the legislation was adapted such that so long as they exercised "due diligence" in their investigations, then they were not liable to be prosecuted for not disclosing any information they were not privy to.

 Due diligence plays an important role not just in business but, as you will see, in the overall proper functioning of the economy.  We will take a brief tour through a few of the areas that you may have encountered due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has in everyday life.

 The most obvious is in the context of employment; a reference or background check is an example of due diligence.  For example, a prospective employee claims that they graduated from a prestigious university and have extensive work experience in a certain area.  The employer would verify this information with the university as well as former employers.  This type of due diligence may also involve criminal background screening.  

 In some industries criminal background screening is compulsory.  The human resources department of the potential employer, for example, conducts due diligence in this respect so as to verify the criminal status of the candidate.  

 A bank also conducts due diligence for loan applicants to make sure that they have not defaulted on previous loans or that they are not over-stretched financially and at risk of defaulting.

 Another example is that of a client who conducts due diligence on potential suppliers to check that they will be able to perform the expected services or deliver the goods at the required quantity and quality levels.  This due diligence may entail verifying references or researching a supplier’s track record or their reputation in the market.

 But due diligence is not only directed at others. Introspective due diligence is also an important part of company management and operations.  A company who has set principles for sustainable growth would want these applied at all times and across the board.  In conducting its own due diligence, it will check that:

it has appropriate policies and processes in place to comply with regulations, grow the business in a healthy and sustainable manner, maintain a culture of ethical business dealings, show that it is serious about what it represents and expects in terms of ethics and behavior,

its policies and processes are properly implemented on an ongoing basis, and

relevant information about the organization is gathered and stakeholders are aware of any issues.

Company due diligence is also essential when dealing with other businesses.  For example, clients will often expect that their suppliers or subcontractors abide by the same kind of principles as they themselves adhere to.  Why define standards and principles if these are not applied consistently across the supply chain?  

 Another important aspect of due diligence is its status as a recognized defense in litigation.  For example, in the context of an Initial Public Offering (IPO), certain parties who participated in the preparation of the IPO documentation, including the registration statement, may be able to use a due diligence defense if the registration statement contains misleading information or material misinformation.  

 Underwriters, lawyers, accountants, officers, and directors will try to show that they conducted a reasonable investigation of the information contained in the registration statement and that it was their belief, following such investigation, that such document contained no material misinformation or misleading statements. Demonstrating that such due diligence was indeed conducted will enable them to avoid liability.  

Finally, due diligence is sometimes imposed by law, and failure to conduct effective due diligence in accordance with legal guidelines can trigger liability.  For example, the US Bank Secrecy Act requires financial institutions to adopt an anti-money laundering program which is basically a due diligence policy and process.  Financial institutions need internal systems and controls, including policies and procedures, designed to help employees detect and prevent money laundering activities, a compliance officer in charge of monitoring the implementation of the program, training and awareness raising exercises and certification for senior employees, independent third-party audits to check, with impartiality, that the program is fully implemented.

As you have seen from the various examples above, in today’s world, due diligence has become a necessary aspect of conducting any business transaction. Whether you're hiring a new employee or looking to acquire a company, due diligence is an essential part of the process.

And due diligence need not be restricted to business alone. In every aspect of life today, we need to exercise due diligence in order to ensure that the required safeguards are in place to protect our interests. Whether to secure investments, perform a security risk assessment, or undertake vulnerability tests, the appropriate due diligence processes must be used to ensure the veracity of the operation.

Here, the question arises: is all due diligence the same? The short answer is: yes and no. While the basics of conducting due diligence remain the same, the exercise takes on different meanings and objectives in different settings. In the following section, we're going to look into some of the common types of due diligence that can be performed in various business situations.

What Are The Different Types Of Due Diligence?

Are you looking to open a new bank account? Or maybe you're interested in digital investments? Whatever the case, due diligence is either required or useful. In the sections that follow, we're going to introduce you to the many types of due diligence that are required to get the task done appropriately.

Acquisition due diligence is necessary when one business entity is looking to take over another business. This is a matter of common sense. After all, if you're buying something as substantial as a large business, it is essential that you perform the required background checks.

 Acquisition due diligence involves investigating the financial as well as technical prospects and viability of the business you're looking to acquire. This itself has multiple dimensions, such as:

And this is just the tip of the iceberg. Mergers and acquisitions are complex processes that require caution on multiple levels. Not only do you, as the acquirer, need to be sure that you're making a sound investment, you also have to make the seller comfortable and get as much information as possible from them. Acquisition due diligence aims to help you do just that.

Everyone who has a bank account has, knowingly or not, experienced KYS or Know Your Customer due diligence.  When providing the bank with detailed and personal information in order to open an account, the customer is helping the banks to “check the box,” so to speak.  The information provided is required in order for the banks to comply with regulations and demonstrate to regulators that they have done their “homework” in performing effective due diligence.  Banks take the information provided and check it against databases of known criminals or sanctioned persons such as the UN, OFAC, AUSTRAC and EU. The KYC information is proof that they have been diligent in ensuring that they checked who their customers are.  

 KYC due diligence is good business practice but it is not voluntary.  

 In today's complex business landscape, it's not sufficient to know just the financial side of your dealings. You also need to keep a close watch on who you're dealing with. Not performing the right background checks on business partners and customers can expose some businesses to hefty fines and lawsuits.

 That's exactly where KYC due diligence comes into the picture. This is a process aimed  at ensuring that you're entering into a business transaction with the right person. Especially in the case of financial institutions such as banks and insurance firms, KYC due diligence takes on a vital role. KYC due diligence is usually performed by financial entities when opening a new account or investment portfolio. KYC due diligence lets you know more about the person you're dealing with, their past business records, and financial performance. All this information can come in handy when assessing whether a customer is indeed a reliable entity or a risk.

 However, KYC due diligence goes beyond mere regulatory requirements. It helps your business gain greater insights into the customer and their unique needs and requirements. In this way, you can better serve your customers and enhance your business in turn.

 Another type of due diligence that must be mentioned here is enhanced due diligence. It's a stricter form of KYC due diligence and involves deeper background checks.

Also known as pre-IPO due diligence, this is a form of due diligence that involves checking whether a business is ready for its Initial Public Offering. It's essential that a financial institution carries out complete, rigorous, and thorough due diligence in order to understand the maturity status of the market before a business launches its IPO.

In IPO due diligence, experts conduct a detailed analysis of the business's legal, financial, and tax-related status. The emphasis is  on operations, IT, and HR aspects. Seen in this light, IPO due diligence is similar to acquisition due diligence.

Further, in this form of due diligence, it's important to conduct a detailed analysis of the company's business model so as to understand its feasibility and long-term sustainability. The entire process also needs to take into account the competition levels, risks, and strengths. In other words, a thorough SWOT analysis.

IPO due diligence is an essential part of the IPO process, as it helps the business understand whether they are ready for the IPO or not. It's also important for proving to the regulatory authorities, such as the SEC, that the claims made by the business are legitimate.

This form of due diligence is vital for candidates who are about to accept a position on a company board of directors. While it's no secret that joining the board as a director is a massive responsibility, with commensurate professional returns, still in recent times, top executive roles have come under intense public and legal scrutiny. As a result, it's important for any candidate to the board to conduct the required due diligence into the background of the company they're joining.

Thorough due diligence will help potential board members understand more about the role they are going to take on. It will also help them gain a detailed understanding of the company culture, business model, and general knowledge of how the board functions. Some important questions to ask include:

What is the experience level of the board, and what's their work culture?

How is the board's relationship with its investors?

Why are you being asked to join the board?

The very last question on the above list shows that the director's due diligence should not be focused only on the board but also on the candidate. Potential directors should perform a detailed self-assessment to understand how they can contribute to the board, what their limitations are, and whether they are ready to join the board at all. All this will help them to perform the role better.

Investment due diligence refers to the investigation that you should do in order to understand whether a particular investment instrument is right for you. Here, the potential investor needs to assess the product to understand its viability. This can include detailed steps such as reviewing the performance of the business in the long and short terms, taking stock of their financial records, and also public perception.

Investment due diligence is essential for corporate as well as individual investors, as it helps them understand whether to go forward with the investment. It also lets them get a clear idea of the returns they stand to gain in the short and long term. For digital investments, as well as any technology investment, due diligence is vital.

Investment due diligence, in the international context, will also involve looking at political risk and corruption issues.  

IP due diligence is usually conducted as part of acquisition due diligence. This involves assessing a business's intellectual assets before acquisition or investment. Particularly in tech-driven industries, a company's IP assets go a long way towards determining its value. These include copyrights, patents, and trademarks, among others.

This type of due diligence is vital in the context of today's environmental impact awareness. It involves assessing the health, safety, and environmental issues associated with the business. Other aspects that should be taken into account are environmental regulatory compliance, sustainability assessment, and contamination studies.

Apart from the above-mentioned types of due diligence, different industries may have additional and different forms of due diligence. Due diligence can also be divided into hard and soft due diligence.

Hard due diligence is where the entire exercise is dependent on factual and quantitative data. This is the kind of due diligence that's traditionally carried out, and the most significant portion of due diligence exercises fall under this bracket.

Soft due diligence, on the other hand, is more people-centric and concerns the human segments of a business. Recently, this has become an integral part of the due diligence process and looks at the cultural and organizational structure of a company.

Due diligence is no doubt one of the essential aspects of any modern business transaction. However, it requires expertise, experience, and insights that a regular team of professionals might not always possess. While it's always an enticing option to conduct due diligence yourself, the best and most objective results can only be obtained from an independent agency.

Companies specializing in due diligence services can help with background check screening, supplier checks, and credit checks.  

Vaultinum is a provider of a specific type of due diligence service.  As a technology company, Vaultinum has developed a due diligence platform to help:

private equity investors evaluate potential investment or acquisition targets,

Vaultinum’s Know Your Software (KYS) solution is a due diligence tool focused on helping clients to understand a digital asset from a variety of perspectives, including sustainability, corporate governance, software sustainability, IP protection and management, and security.  

With a dual expertise in IT and Legal, and over 40 years of experience, Vaultinum is here to help you with all your technology due diligence needs.    

Due diligence plays an important role not just in business but, as you will see, in the overall proper functioning of the economy.  This article will take you on a brief tour of the different types of due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has on our everyday lives.

What is Due Diligence and why is it important? This article explains the different types of due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has on our everyday lives.

The headlines are telling: “Lost Passwords lock millionaires out of their Bitcoin fortunes,”[1] “A crypto exchange may have lost $145 million after its CEO suddenly died.”[2]  Whether you are a CEO of a crypto exchange, passive investor or new to the crypto market, we are all subject to the same human fallibility that is losing or misplacing one’s password and thus we are all equally at risk of financial loss.  Lose your password and lose out on millions? The question arises of how we can safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded. 

In spite of the considerable consequences, the problem is a simple one and a simple solution exists.  But first, in order to better understand what’s at work here, let’s take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets. 

In today’s world, assets are increasingly digital (“Digital Assets”).  Bitcoin, Etherum, Litecoin, Cardano, Stellar – these are just a few of the more than 4,000 cryptocurrencies in existence as of January 2021[3].  We won’t delve too much into the background of cryptocurrency, there are plenty of articles and YouTube videos available that do an excellent job in that respect, but at its most basic cryptocurrency is the virtual or digital representation of currency in certain environments or situations, often taking the form of virtual “coins” or “tokens.”  The latter of which is not limited to merely representing a currency but also functions as an investment tool to commodify digital creations.

The best known, and most widely used of these cryptocurrencies, is Bitcoin.  This example of a Digital Asset, and those like it, are for the most part managed by a decentralized network of computers that use blockchain protocols and open-source software which all adhere to the same pre-defined rules concerning cryptocurrency.   This software enables one to create a digital wallet where the so-called “keys” to the bitcoins are stored.   

 To better explain the mechanism of crypto-keys, let’s take the analogy of a traditional bank, whereby you are provided a bank account number, a security pin and in today’s digital age, password protected access to an online account.  As applied to cryptocurrency, instead of accounts, pins and passwords, we have keys and a seed.   

More specifically, there is a public key and a private key.  The public key is like the bank account number, the receiver shares these coordinates with the sender so that they know where to send the money. The private key is akin to a bank pin number, or the series of numbers you enter to prove, for example, that the funds attached to the credit card you are using actually belong to you.   

Lastly, and what mostly concerns us today, is the password, or “seed”, which allows you to gain access to your digital wallet by unlocking, or ‘decrypting’, your private key. This password is made up of a sequence of 12 to 24 automatically generated words known only to the you, the owner.   

 So in our example of the traditional bank, if the public key is an account number and the private key is the pin number, then the seed is your password that ‘unlocks’ and gives you access to your online account.    Except, unlike a normal online bank account, there is no option to re-establish a forgotten password.  The password, or seed, if lost means that all is lost, including your millions!!

Cryptocurrency transactions via Digital Wallets 

As we said above, cryptocurrency, like any other currency, can be used to purchase products, services or effect other types of transactions.  But since we are not dealing with cold hard cash, how does this work exactly?  The typical practice for holders of cryptocurrency is to utilize cold wallets, hot wallets or a combination of both.   

Cold Wallets for the security-first mindset 

Cold wallets, or ‘hardware’ wallets, live on tangible devices such as a USB stick. The device must first be connected to the internet, the password entered to decrypt the private key, and then it provides an in-device signature that allows one to make secure transactions.  The private key never leaves the device so no malware in existence today can forge its signature. Trezor and Ledger are two popular brands of cold wallets.   

 While more secure, cold wallets, unlike hot wallets, require the intermediary step of connecting to the internet to make a payment, for example, and are thus considered less user-friendly.  

Hot Wallets for transactions on-the-go 

Hot wallets are an online storage system, whether web-based, mobile or on a desktop, that contain both the private and public keys permitting easy access to the stored cryptocurrency in order to make exchanges between currencies, products or services on-the-go.  Since hot wallets contain both keys and are always online, hence the ‘hot’, there is no need to connect a separate device to the internet in order to make a cryptocurrency transaction.  MetaMask and Crypto.com are two examples of this kind of digital wallet. 

 However, given the digitalized nature of the storage system, this form of wallet is, as you may have already guessed, vulnerable to malware, hacking and cyberattacks. 

Combination Wallets for the savvy investor 

In simplistic terms, the difference between hot and cold wallets is like the difference between withdrawing cash from a bank teller or swiping your credit card – withdrawing cash requires physical presence and valid id, whereas a credit card while efficient and fast does not always require additional levels of security, like in the case of contact-less payments, and is more vulnerable to theft or misuse.   

 Some savvy cryptocurrency holders use a combination of the two, storing only a portion of their valuable asset on a hot wallet like a mobile device and the remaining, majority portion, on a cold wallet and making monetary transfers between the two as needed.  

Lost Passwords and Inaccessible Wallets 

If security is the priority, the best choice of digital wallet is hands-down a cold wallet.  But even in this instance, what happens if you lose, misplace or forget your password?  Or your hardware is damaged in a fire or corrupted while reformatting? Given cryptocurrency’s unusual nature, the consequence is finding yourself permanently locked out of your cryptocurrency investment and, in the majority of cases, having no recourse.    

 A poignant example is found in the case of Stefan Thomas, a German-born programmer living in San Francisco, who has a digital wallet in the form of a small hard drive - a cold wallet - that holds over 7,000 Bitcoin worth more than 200 Million USD at its height.  This digital wallet gives users 10 guesses before locking them out permanently and leaving its contents encrypted forever.  The problem is Mr. Thomas wrote his password down on a piece of paper and lost it years ago.  Two more wrong attempts and he will permanently lose his ability to cash in on his Bitcoin investment. 

 Lost passwords aren’t the only risk.  A British man recently discovered that he had accidently tossed his Bitcoin hard drive wallet out with the trash and was offering the city 25% of the value, approximately 91 Million USD at the time, to excavate the landfill.  His request was denied.   

 These are not cases of a few unfortunate or unlucky souls.  According to the New York Times, using data compiled by the cryptocurrency data firm Chainalyis, of the existing 18.5 million Bitcoin, around 20 percent — at one point worth around $140 Billion USD — appear to be in lost or otherwise inaccessible wallets[4].  

 These examples bring us full circle to the question posed at the start: how can we safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded? 

Protect your Digital Assets with the Crypto-Safe 

Many cryptocurrency experts advocate the old-school method of protection: a bank safety security box.  But alas, even then, you have to keep track of the key.  Let’s put it another way: it took seven years for Bitcoin to go from nothing to knighting newly minted millionaires.  If you were just a passive investor at the time, where would you have stored a password for 7 years, not knowing in advance whether the cryptocurrency would ever come to something, let alone a million somethings?  As the saying goes, modern day problems require modern day solutions.   

 Enter, Vaultinum’s crypto-safe.  Vaultinum, an independent third party dedicated to the protection of digital assets since 1978, has been investing to meet the challenges of new uses for repository services in an ever-changing world.  Over 3,500 clients from around the globe have entrusted Vaultinum with the protection and security of their Intellectual Property as well as their strategic immaterial digital assets, such as know-how, laboratory notebooks, algorithms, trade-secrets, sales methods, private keys, etc.   

 Vaultinum, in a natural progression, took its secure Deposit solution that protects an individual or entity’s valuable digital assets and developed the crypto-safe to offer the same level of protection to holders of cryptocurrency, be it a copy of their password or cold wallet.   

How do Deposits in Vaultinum’s Crypto-Safe work? 

Deposits in the crypto-safe come in two forms: physical deposits, for example a USB stick, where the storage medium is sealed in a secure vault based in Switzerland, or online deposits using a secure VPN and military grade encryption. 

Once deposited, the Digital Asset is secured using asymmetric encryption based on blockchain algorithms, hash functions/fingerprint creation and electronic timestamping to guarantee the integrity of the transmitted elements. Vaultinum’s legal and technical experts then:   

verify the content of the digital asset;  

attest to the depositor’s ownership;  

record the content and creation dates; 

provide a Deposit certificate to the owner.  

 Regardless of the format, depositing your Digital Asset with Vaultinum is an essential step towards protecting your investment.  

Accessing the Crypto-Safe to retrieve your Digital Asset 

When it comes times to retrieve your password or cold wallet, the process is simple but more importantly, it is secure.   

 After receiving the client’s request for access, Vaultinum’s Legal Commission confirms ownership of the deposit through a strict verification process, or in  the case of a deposit escrow, the triggering event, permitting access to the deposit.   

 Once the Legal Commission has verified the deposit owner, the Chief Compliance officer designates 4 agents to make up the Access Commission who initiate the release as follows: 

In this way, no one agent acting alone could access the digital assets secure in the crypto-safe.  Within 24 hours the Access Commission breaks the seal, a copy is made on a digital support and provided to the verified owner and the original resealed digitally.   

Take it one step further and consider leaving a legacy 

Vaultinum’s Deposit solution is more than just a secure repository for a valuable Digital Asset, Vaultinum can also act as a trusted third party in the context of escrow, whereby you can choose a beneficiary to receive the Deposit based on a pre-defined event.   

Combination of Deposit and Escrow solutions 

At its most basic, depositing assets in escrow means entrusting the asset with a third-party who undertakes to safekeep and release it to another party upon the occurrence of a pre-defined event.  A person or entity places the asset, or a copy thereof, in trust with a third-party (an “Escrow Agent”), who holds this for the Digital Asset owner until another person or entity (the “Beneficiary”), obtains access to the asset if certain conditions, agreed in advance with the Digital Asset owner, are met. 

In practical terms let’s take, for example,  parents who decide to invest in an as yet unprofitable cryptocurrency in the hopes that, twenty years later, their hunch pays off.  First, they would make a secure deposit in Vaultinum’s crypto-safe of their password or other Digital Asset.  Next, they could take advantage of Vaultinum’s certification as a trusted Escrow Agent to name a Beneficiary. 

In our example, the  parents could name their child as Beneficiary to receive the Digital Asset upon their death or upon the occurrence of a pre-defined event.  By doing this, they ensure the secure and verified release of the investment password to their child.

The same principle could apply to pledges.  You could pledge access to a wallet that you have created to someone if a pre-defined event occurs.  Vaultinum in these cases, in addition to safeguarding the Deposit and implementing the stringent process of releasing it securely will check the ID of the beneficiary and validate the existence of the triggering event.  ID checking and event validation processes can be pre-defined by you in advance.

Depositing Digital Assets in Escrow works for companies as well.  Let’s take the case of Gerald Cotton, the CEO of the Canadian Digital Currency Exchange, Quadrigacx, whose sudden death also meant the loss of the password necessary to open the exchange’s digital vaults. As he was the only one to have access to it, thousands of crypto currency owners were left without the ability to collect their assets resulting in a total loss of approximately 145 Million USD.  

Had he deposited his password in a crypto-safe with an escrow clause, it could have been released to Beneficiaries upon his death and enabled them to claim or distribute the assets as pre-agreed. 

 As a result of these easily avoidable situations, the combination of deposit and escrow mechanisms are flourishing to both protect Digital Assets by storing them in crypto-safes and providing a secure way for potential Beneficiaries of such assets to access them. Blockchain technology and Oracles can also be used to validate the occurrence of a release triggering event.

When it comes to cryptocurrency, the concept can be quite complex: keys and seeds, hot and cold wallets, lost passwords and inaccessible assets.  But the end goal is the same as any other investment scenario, to protect the keys to your investment.  

 In this respect, Vaultinum can be the perfect partner to help you out. We provide secure Deposits in our crypto-safe for the protection of your password or cold wallet. With 40 years of experience in protecting IP and Digital Assets we can help you protect against a faulty memory or an unforeseen event.   

 We even combine our Deposit solution with our escrow services to cover all your bases. Using this service, you can choose a Beneficiary to receive the Digital Asset upon the occurrence of a pre-defined event, relying on Vaultinum, as Escrow Agent, to ensure a smooth and secure release.  

 So, don’t trust your memory to an unknown future; contact us at Vaultinum today for a more secure tomorrow.  

[1] Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

[2] Shane, Daniel. “A crypto exchange may have lost $145 million after its CEO suddenly died.” CNN Business, 6 February 2019, https://edition.cnn.com/2019/02/05/tech/quadriga-gerald-cotten-cryptocurrency/index.html#:~:text=(CNN%20Business)%20%E2%80%94&text=Quadriga%2C%20Canada's%20biggest%20cryptocurrency%20exchange,Disease%20while%20traveling%20in%20India.

[3] Conway, Luke. “The Most Important cryptocurrencies other than bitcoin.” Investopedia, Dotdash Publishers, 19 January 2021, www.investopedia.com/tech/most-important-cryptocurrencies-other-than-bitcoin/

[4]Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

You’ve probably seen the headlines; the loss of bitcoin passwords has resulted in the loss of cryptocurrency fortunes.  How is this even possible and more importantly, how can it be avoided?  But first, we will take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets. 

The loss of bitcoin passwords results in the loss of cryptocurrency fortunes.  How is this even possible and more importantly, how can it be avoided?

Lose your password and lose out on millions? 

Protect your innovations and investments

Protecting and Securing your Digital Universe

They trust Vaultinum

Our safety

Latest articles

What is Electronic Timestamping and how does it work?

Why Is Due Diligence Important?

Lose your password and lose out on millions?