In early 2025, a UK judge halted James Howells’ latest attempt to excavate a Newport, Wales landfill in search of a hard drive he says contains the keys to thousands of bitcoins. Howells’ years-long search has become a cautionary tale in crypto risk. It was not about a hack or a market crash, but about how one misplaced device can separate an owner from a fortune. “Unlike your bank, there are very limited password recovery options with Bitcoin,” the Bitcoin.org guide on security states. In short, it can be the worst form of human error possible.
What makes this story resonate among both niche and mainstream crypto users is the scale of adoption and the growth in value. CoinLaw, which aggregates adoption indicators across the industry, estimates global active crypto wallets to exceed 820 million as of 2025, with non-custodial wallets being preferred by 59 percent of users. Howells’ discarded drive contained around 8,000 BTC mined in 2009. It had negligible value at the time, but reached at least $1 billion at the peak of Bitcoin’s valuation.
It’s challenging to determine the total amount of Bitcoins lost to inaccessible wallets, as there are also holdings that have been put in “cold” wallets that barely see movement for years. However, it is estimated that around 3.7 million BTC, or around 19 percent of the supply, might never see circulation. “When discussing how many Bitcoins are lost, it’s important to understand that these are coins rendered permanently unspendable due to forgotten private keys, destroyed storage devices, or abandoned early wallets,” David Kemmerer writes on CoinLedger.
This brings us to different models in maintaining and securing cryptographic wallets and their part in keeping crypto wallets secure.
Custodial and non-custodial models address different challenges
The custodial model concentrates wallet management in an exchange or licensed provider. The main advantages are usability and recoverability. If a user forgets a password, there are familiar resets, support workflows, and sometimes insurance structures that apply to regulated institutions. The cost is counterparty exposure and governance risk. Users must trust that the platform will remain solvent, will not freeze access unexpectedly, and will safeguard their assets appropriately.
Non-custodial custody places control and responsibility directly with the owner. That can reduce reliance on any single intermediary and improve resilience against platform failures. There is also flexibility in terms of where to store cryptographic keys or seed phrases, which are a sequence of 12 or 24 random words used to generate private keys for one’s wallet address.
This can be stored on hard drives, on thumb drives, on the cloud, or it can even be physically printed and stored on paper. Some even manufacture hardware wallets for the purpose of saving these keys offline. The cost is finality. If keys or seed phrases are lost, there is no universal customer support desk that can override cryptography. What exists instead is a set of specialized techniques that may work in some circumstances and will fail in others.
Self-custody grew in popularity after high-profile platform failures exposed the consequences of entrusting assets to intermediaries without sufficient transparency or controls. In the aftermath of FTX’s collapse, investigators and the new management described customer assets being commingled with Alameda Research and used in ways that left customers exposed to massive losses, for instance. In that incident, between $1 billion and $2 billion in client funds vanished from the exchange and were unaccounted for.
For many users, that period reinforced the appeal of having custody over their own crypto assets. The tradeoff is that self-custody turns key management into a personal security and operations function.
Dealing with wallet loss involves not just tech but trust
Recovery is meant to regain cryptographic access through lawful possession of the necessary artefacts, such as an encrypted wallet file, a hardware device, partial password knowledge, or imperfectly recorded seed words.
This involves a broad range of workflows. Some cases are simple, such as reconstructing a passphrase pattern the owner partially remembers. Some are forensic, such as imaging a failing drive to preserve data before attempting decryption. Some are constrained by design, such as hardware wallets with limited PIN retries. A credible provider will not promise certainty. They will explain probabilities, limits, timelines, and the evidence needed to proceed.
This is also where scams can be a risk. MetaMask, for instance, warns that its representatives will never ask for one’s Secret Recovery Phrase (SRP), even in customer support scenarios, because anyone who has it can control the wallet: “Sharing your SRP with someone would be like handing over the PIN code to your bank card, or the keys to your house. It would give that person the ability to access and transfer all of your funds.”
If you lose access to your crypto wallet, treat it like any other cybersecurity incident. The most common secondary loss happens after the initial mistake. People panic, click “recovery” links, or share seed phrases with impostors.
Start with controlled triage. Identify the wallet type (software, hardware, or exchange account), the app version, and what artefacts remain. This can include the seed phrase (full or partial), password hints, backup files, or the original device. Write details down offline. If there is any chance the device is compromised, take it off the network and avoid repeated attempts that could trigger lockouts or overwrite recoverable data.
Next, decide whether you can stick with the official means of recovery. If you still have the seed phrase, many “recoveries” are simply a clean restore using vendor documentation. If you do not have the seed phrase and the wallet is encrypted, DIY options shrink quickly, and the risk of making things worse rises.
When professional recovery becomes the rational path
Professional help becomes relevant when the task moves beyond standard restoration. Think of it as password reconstruction, damaged media, or complex legacy setups. At that point, your selection criteria should look like cybersecurity procurement.
A serious provider should offer a written scope, a transparent fee model, and a clear definition of success. Avoid anyone who guarantees recovery, asks you to “verify” by sending seed phrases, or requests you transfer funds to prove ownership. Ask how data is handled, who can access it, and what documentation you receive at the end.
“Wallet recovery requires a professional-grade approach because trust, documentation, and process matter just as much as technical capability,” says Poramin Insom, a co-founder of Clavis, a wallet recovery solution for digital assets in Southeast Asia. Insom is also the founder of Satang, Thailand’s first regulated digital asset trading platform, which was acquired by Kasikornbank for $103 million, as well as cryptographic privacy coin Firo.
He argues that disciplined security processes are essential in recovering software and hardware wallets affected by lost passwords, seed phrases, or PINs. “Managing expectations responsibly and being transparent about who stands behind the work is what transforms a technical recovery effort into a trusted process.”
Recovery as part of design
For fintech and digital asset businesses, the longer-term lesson is that recovery is becoming a product expectation. New wallet models, such as multi-party computation (MPC), social login recovery, and policy-based access controls, aim to reduce single-point-of-failure risk while preserving self-custody principles. For enterprises, the equivalent is governance: role separation, documented procedures, and recovery drills that validate assumptions before a real incident forces improvisation.
Howells’ hard drive may never be recovered. Yet the story will remain relevant because it captures a stark reality for any other user with digital assets. In a system built on self-sovereignty, recovery should not be an afterthought. It is a risk that requires preparation, given the stakes involved.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Featured image: Unsplash