How to pass on your Bitcoin and Ethereum to your heirs

The problem unique to crypto: no bank, no recovery

When a traditional bank account holder dies, their heirs can present a death certificate, open probate, and eventually recover the funds. It takes time and paperwork, but there is a path. The institution exists, has records, and is legally obligated to cooperate with a properly filed estate claim.

Cryptocurrency does not work this way. Self-custody Bitcoin and Ethereum are controlled by whoever holds the private key (or more precisely, whoever holds the seed phrase that generates it). There is no institution to call. There is no records department. There is no recovery team. The Bitcoin network does not know or care about death certificates. The Ethereum blockchain has no customer service line.

The consequences are severe at scale. Chainalysis estimates that approximately 20% of all Bitcoin in existence (worth tens of billions of dollars at current prices) is permanently inaccessible, much of it lost through the deaths of holders whose heirs had no seed phrase. Ethereum, Solana, and every other self-custody blockchain face exactly the same problem. The coins still exist on-chain, frozen in wallets that will never move again, because the key died with the owner.

This guide is a complete inheritance plan for self-custody holders. It covers Ledger, Trezor, MetaMask, and any other wallet that puts you, and only you, in control of your keys.

Self-custody vs custodial: very different inheritance problems

Before going further, it is worth being clear about the distinction that matters most for inheritance planning.

Custodial accounts (Coinbase, Kraken, Binance, and other exchanges) hold your crypto on your behalf. They are legally similar to a bank: you have an account, they have records, and your heirs can file a claim with documentation. The process is slow, sometimes requires foreign legal filings if the exchange is incorporated abroad, and carries a real risk of your heirs not knowing the account exists or which email was used to register it. But there is a process, and funds are usually recoverable.

Self-custody wallets (a Ledger hardware wallet, a Trezor device, a MetaMask browser extension, a Phantom wallet) are a completely different situation. The seed phrase is the wallet. The words on that piece of paper or in that steel plate are the cryptographic root from which every private key is derived. There is no company holding a backup. Ledger does not know your seed phrase. Trezor does not know your seed phrase. MetaMask does not know your seed phrase. No one does except you, and whoever you choose to tell.

This guide focuses on self-custody, because that is where the permanent, unrecoverable losses happen. If you hold crypto only on Coinbase or Kraken, your main task is making sure your heirs know the account exists and can access your email. If you hold on a hardware wallet or software wallet, you need the full plan below.

The seed phrase is everything, and most people handle it wrong

A BIP-39 seed phrase is 12 or 24 words chosen from a fixed dictionary of 2,048 words. These words, in the correct order, mathematically reconstruct your private key from scratch. Whoever has them can restore your entire wallet (every address, every coin, every token) on any compatible device, anywhere in the world, in minutes.

• Most seed phrase storage advice is well-intentioned and practically flawed:
• Paper burns in a house fire, degrades in humidity, and can be found and photographed by anyone who enters your home. A curious family member, a cleaner, a contractor: any of them could discover it and drain your wallet before you ever know.
• Steel plates survive fire but share the same 'anyone who finds it owns it' problem. They also offer no delivery mechanism: the plate still has to be found by the right person at the right time.
• Splitting across locations ('words 1 to 8 in the safe, words 9 to 16 in the bank box, words 17 to 24 with my lawyer') sounds clever until you consider that your heirs may not find all three fragments, may not know to look for fragments at all, or may find one fragment without the others and have no idea what it means.
• Putting the seed phrase in your will is one of the most dangerous things you can do. Wills become public documents at probate. Your seed phrase, once submitted to a probate court, is readable by anyone who requests the file. A patient thief with access to probate records could drain your wallet months or years after your death.
• Emailing the seed phrase is obviously bad, but people do it. Email is not encrypted at rest on the server, is frequently breached, and lives in an account that your heirs may or may not be able to access.

None of these approaches solves the fundamental tension: you need the seed phrase accessible enough that your heirs can find it after your death, but secure enough that no one can access it before, including curious relatives, thieves, or anyone who simply happens to be in the right place.

The right approach: AES-256-GCM encrypted, verification-gated delivery

The solution to this tension is strong encryption combined with time-locked, verification-gated delivery. This is not a new concept in security, but it has not, until recently, been applied cleanly to inheritance planning.

Final Capsule encrypts your seed phrase using AES-256-GCM before storing it. It is never kept in plaintext. AES-256-GCM is authenticated encryption: not only is the content unreadable without the key, but any tampering with the ciphertext is cryptographically detectable. Final Capsule employees cannot read your seed phrase. If the server were breached, the attacker would find only ciphertext.

But encryption alone is not the whole plan. The other half of the problem is when the seed phrase is delivered. Deliver it too eagerly and a family dispute or a compromised account could hand it to the wrong person at the wrong time. Deliver it never and it is useless.

Final Capsule uses a multi-phase dead-man's switch: the system checks in with you every 30 days. If you confirm you are alive, the capsule remains sealed. If you stop responding, the system escalates: first additional check-ins to you, then verification requests to your designated SafeGuards. Only after that multi-phase process confirms you are gone is the capsule released to the Confidant you named. The content is protected with AES-256-GCM encryption and is never stored in plaintext. Not even Final Capsule can bypass this process or read what you wrote.

Step-by-step: setting up your Bitcoin and Ethereum inheritance plan

The setup takes less than an hour for most holders. Here is the complete sequence:

1. List every wallet and the chains it holds. Go through every device and app: your Ledger Nano X, your Trezor Model T, your MetaMask extension on Chrome, any Phantom wallet for Solana. For each one, note which blockchain(s) it covers and roughly what it holds. You do not need exact figures. The goal is a complete map, not a balance sheet.
2. Create a separate Final Capsule capsule for each wallet. One capsule per seed phrase. This is not bureaucratic tidiness: it gives you the flexibility to assign different Confidants and different instructions to each wallet. Your Ledger with Bitcoin may go to one heir; your MetaMask with Ethereum tokens may go to another.
3. Type the seed phrase directly into the capsule, in clear. Write the 12 or 24 words, numbered, in order. Do not obfuscate, abbreviate, or hint. The AES-256-GCM encryption is the protection. The words themselves should be complete and unambiguous. A hint that makes sense to you may be meaningless to a grieving heir under stress.
4. Add plain-language recovery instructions. Something like: 'Download the Ledger Live app from ledger.com. Connect the Ledger device labeled Main BTC using the USB cable. On first launch, choose Restore from recovery phrase and enter the 24 words below, one at a time, in order.' Write as if the reader has never touched a hardware wallet, because they probably haven't.
5. Name a Confidant who will actually use the wallet, or be willing to learn. A technically inclined friend is often a better choice than a close family member who is uncomfortable with technology. The Confidant does not need to be a crypto expert; they need to be willing to follow instructions carefully. You can always name both a technical friend and a family member.
6. Designate a SafeGuard. The SafeGuard is not the recipient. They are the person who confirms, in the worst case, that delivery should proceed. This is the multi-phase verification layer. Choose someone who would know if you had died: a close friend, a family member, a doctor.
7. Create a separate capsule for device location and PIN. The seed phrase restores the wallet from scratch, so your heirs do not technically need the physical device. But if you want them to use the device rather than restore to a new one, a separate capsule with the device location and PIN (for the same or a different Confidant) is a clean way to handle it. Keep the PIN and the seed phrase in separate capsules so that neither alone is sufficient.

What about Ethereum tokens, NFTs, and DeFi positions?

A single Ethereum seed phrase controls every address derived from it, which means every ERC-20 token (USDC, LINK, UNI, and thousands of others) and every NFT held on those addresses is accessible once the phrase is restored. Your heirs do not need to know about each token individually. Restoring the seed phrase restores everything.

• DeFi positions are a different consideration. If you have funds deposited in Uniswap liquidity pools, Aave lending positions, Compound deposits, or any other DeFi protocol, the funds are not sitting in your wallet. They are locked in smart contracts. Your heirs need to know:
• Which protocols you use (Uniswap, Aave, Compound, etc.)
• How to connect the restored wallet to each protocol
• How to withdraw or exit the positions before the market moves against them

Include this information in your capsule alongside the seed phrase. A short paragraph per protocol is enough to save an heir from losing funds to a liquidation they did not know was possible. For NFTs: if you hold anything with meaningful value, add the collection name, the approximate current value, and the marketplace where it is listed or where it should be sold. Your heirs cannot sell what they do not know exists.

Multisig and Shamir backup: only if your heirs can handle it

For technically sophisticated holders, two advanced options are worth knowing about. The strong caveat is that complexity is the enemy of reliable inheritance.

Gnosis Safe multisig splits control of an Ethereum wallet across multiple keys, requiring M-of-N signatures to authorize any transaction. A 2-of-3 setup, for example, means two of three designated keyholders must sign. This is robust against a single compromised key, but it requires your heirs to coordinate, to hold keys themselves, and to understand the mechanics of signing transactions. For most family inheritance situations, this is overengineering.

SLIP-39 Shamir Secret Sharing, supported by Trezor, splits a seed phrase into multiple shares such that M-of-N shares are required to reconstruct it. Again: technically elegant, and genuinely useful if you have multiple technically capable heirs who will reliably hold shares. But if a single heir loses their share, or does not understand what it is, reconstruction fails.

For most holders, a single AES-256-GCM encrypted capsule with the full seed phrase and clear instructions is the most reliable option. Reliability matters more than theoretical security in an inheritance context: a plan your heirs can execute under stress and grief is worth far more than a cryptographically sophisticated plan they cannot.

Your crypto inheritance checklist

1. List every wallet: Ledger, Trezor, MetaMask, Phantom, and any others
2. For each wallet, create a separate encrypted capsule with the full seed phrase
3. Write plain-language recovery instructions next to each seed phrase
4. Add DeFi positions and NFT holdings to the relevant capsule
5. Name a technically capable Confidant for each capsule
6. Designate a SafeGuard who would know if you had died
7. Optionally: create a separate capsule for device location and PIN
8. Tell your Confidant the capsule exists, not what it contains, just that it exists
9. For custodial accounts (Coinbase, Kraken, Binance): ensure your heirs know the account exists and which email you used