Millions of Bitcoin, worth hundreds of billions, are permanently lost, locked in forgotten wallets, buried in landfills, or trapped by lost passwords. This staggering statistic from a 2020 Chainalysis report highlights what Ethereum co-founder Vitalik Buterin calls a “silent crisis” in cryptocurrency security that receives far less attention than headline-grabbing thefts.
“There’s plenty of people who have lost huge amounts of crypto to loss rather than theft,” Buterin wrote Tuesday on X. His post details how software bugs, forgotten passwords, lost devices, and even natural disasters have permanently severed owners from their digital wealth. The warning comes just days after the FBI attributed a $1.5 billion hack of cryptocurrency exchange ByBit to North Korean state actors.
Devastating Personal Losses Highlight Systemic Vulnerability
The human cost of crypto negligence is exemplified by James Howells, whose hard drive containing 8,000 Bitcoin—now worth hundreds of millions of pounds—was accidentally discarded by his ex-partner in 2013. The device presumably ended up in a Newport City Council landfill site, which is scheduled to close within two years.
“This battle is my 9 to 5—I won’t stop until I have my £620 million of Bitcoin back,” Howells stated after years of failed recovery attempts. He now weighs two final options: pursuing his case at the Court of Appeal or attempting to purchase the entire landfill site with investor backing.
While Howells represents an extreme case, recovery success stories remain exceedingly rare. Stefan Thomas spent 11 years unable to access 7,002 Bitcoin after forgetting the password to his IronKey hard drive. He eventually regained access with help from hacker Joe Grand and security researcher Bruno Requião da Cunha, who developed a novel approach to crack the password by analyzing the generation software.
Shame and Silence Complicate Understanding of Loss Scale
Unlike theft victims who often speak out to warn others or seek justice, those who lose crypto through personal errors frequently remain silent due to embarrassment or perceived self-blame.
“Because there’s no attacker to go after, victims don’t have a strong need to talk about it. And often because they see no one to blame but themselves, victims will be too ashamed to talk about it,” Buterin explained. “But it happens. Often.”
This silence creates an incomplete picture of cryptocurrency security challenges, potentially misdirecting industry resources toward theft prevention while neglecting equally important loss prevention measures.
Buterin has advocated for “social recovery” systems—wallet security solutions that allow users to designate trusted individuals who collectively can help restore access if the primary credentials are lost. This approach provides a middle ground between centralized recovery options (which create security vulnerabilities) and the current situation where a single point of failure can lead to permanent loss.
The timing of Buterin’s warning—days after the FBI announced that North Korean hackers stole $1.5 billion from ByBit in what they dubbed “TraderTraitor” activity—underscores the dual threats facing cryptocurrency holders. While ByBit managed to cover the stolen funds through loans, whale deposits, and Ether purchases, individual holders rarely have such recovery options.
