BTC £50,000 ● OFFLINE3,700,000 BTC lost£160K added today
Case Study

7,002 Bitcoin Locked Behind a Forgotten Password

7,002 BTC · 2011 · 2 Attempts Remaining
EncryptedIronKeyPassword

The Event

In 2011, an early Bitcoin enthusiast asked programmer Stefan Thomas to create an explainer video about how Bitcoin works. The video, titled “What Is Bitcoin?”, became one of the most widely shared introductions to cryptocurrency in the early days of the movement. Thomas was paid 7,002 BTC for the work.

At the time, Bitcoin was trading at roughly a few dollars per coin. The payment was generous but not life-changing by conventional standards. Thomas stored the private keys to his Bitcoin wallet on an IronKey USB drive — a military-grade encrypted device designed to resist tampering. The IronKey has a built-in security feature: after 10 incorrect password attempts, the device permanently encrypts its contents, making them irretrievable.

Thomas wrote down his password on a piece of paper. Then he lost the paper.

The Aftermath

Over the following years, Thomas tried eight different passwords. None worked. Each failed attempt brought him one step closer to permanent lockout. With only two guesses remaining, he stopped trying.

The psychological weight of the situation was considerable. As Bitcoin’s price climbed from single digits to tens of thousands of dollars, Thomas found himself sitting on a fortune he could see but not touch. The wallet address was visible on the blockchain. The balance was public. But the keys were sealed behind a password he could not recall.

“I would just lay in bed and think about it.”

Thomas has spoken publicly about the toll it took on his mental health. The constant awareness that hundreds of millions of dollars were accessible — in theory — but permanently out of reach in practice created a unique form of torment.

Current Status

As of 2025, Thomas has not made any further password attempts. The IronKey remains in his possession with two tries left. Various cryptographic researchers and hardware security firms have approached him with proposals to crack the device, but the IronKey’s tamper-resistant design makes this extraordinarily difficult. Any physical attempt to bypass the password mechanism risks triggering the self-destruct protocol.

Thomas went on to co-found Coil, a web monetisation startup, and later became CTO of Ripple. He has said publicly that he has come to terms with the situation and no longer agonises over it daily. But the coins remain untouched — 7,002 BTC sitting in a wallet that has not recorded a transaction in over a decade.

Lessons

The Thomas case highlights one of the most counterintuitive aspects of cryptocurrency security: the very features designed to protect your coins can also lock you out permanently. The IronKey did exactly what it was supposed to do — prevent unauthorised access. The problem was that the authorised user could no longer prove he was authorised.

For Bitcoin holders, the lesson is twofold. First, never rely on a single point of failure for accessing your funds. Second, the security of your backup matters as much as the security of your wallet. A password written on a single piece of paper is not a robust backup system. Consider Shamir’s Secret Sharing, multi-location storage, or a solicitor-held backup.

Thomas’s 7,002 BTC remain frozen in cryptographic limbo — too valuable to abandon, too dangerous to guess at.

Share This Article
Share on X Share via Email
💡
Quick check: Does anyone in your family know you own Bitcoin?

Don't become the next entry in the graveyard.

Take the 2-minute Bitcoin Inheritance Risk Score to find out if your family could access your Bitcoin.

Check Your Inheritance Risk →