Developing a Recovery Plan

Download “Developing a Recovery Plan” as a PDF

Your company’s recovery plan is the most important document you can create to ensure your business will survive an emergency. If you operate a bitcoin, altcoin, or asset-token based business, a recovery plan isn’t nice to have – it’s absolutely necessary. A strong, well thought-out recovery plan can help to prevent opportunistic fraud and asset transfer mistakes by providing clear guidance during atypical events. Coin recovery should be just one part of your overall strategic operations and recovery plan. These guidelines are one tool that your company may use in building its recovery plan. The following list is meant to begin a discussion within your company about policies and procedures relating to recovery. It’s not meant to be an exhaustive list and your team should add concerns as they arise.

Vital Records:

What vital records are required for recovery of coins?

What vital records are required for the continuation of the business? (for example what data do you need of employees, clients, vendors, investors; accounting and payroll records; insurance policies; tax returns; contracts, etc.)

Where are they backed up?

How will they be accessed in case of emergency?

Who has authorization to access them?

Are they encrypted?

Who has the encryption passwords?

Who is responsible for records management?

Who is responsible to update the backup copies of these records and how often?

Where are insurance contracts located, if any?

Recovery Event Processes: (recovering funds from single addresses)

Who is responsible to initiate the recovery and under what circumstances?

Who must initially verify the request and what are the verification standards?

How is verification documented in an auditable way?

To what address will the recovery transaction sweep the funds?

Who created the address and how is customer/client control preserved?

Has the new address been tested?

Who will create the recovery transaction?

How will the recovery transactions be verified, as properly authorized and going to the correct address?

What methods are in place to eliminate opportunities for collusion/bad actors?

How will the verified transactions be transmitted to the recovery company?

What is the process for the recovery company to verify the validity of the recovery request?

What if the recovery company cannot verify the recovery request or if the recovery request was unauthorized?

If the recovery company provides signed transactions, who is responsible to broadcast them and under what circumstances, if any, should they not be broadcast? (This is particularly relevant in an entire tree recovery)


Recovery Event Processes: (recovering funds from HD or HDM trees)

Review the Recovery Event Process in terms of recovering an entire tree or all trees.

What changes?

Are there additional safeguards in place to prevent errors?

Who, within the company, will be responsible to oversee the recovery of trees?

In the event the company is no longer operational, who will be responsible to facilitate recovery?

Payment for Recovery:

Who will pay transaction fees for the recovery transactions?

How will transaction fees be paid (company hot wallet, pre-divided UTXO, customer)?

Will the transaction fees be chained, affecting confirmation of other recovery transactions?

Who will pay the recovery company’s fees?

If a fund has been set up to pay recovery fees, who manages/administers the fund?

If not, how will recovery companies be paid?


Who is responsible to communicate to customers/clients/employees/public about the recovery?

Are there communication policies in place that govern crisis communications?

If so, where can employees find the policies during a crisis?

Changes to the Recovery Plan:

How often is the plan reviewed and by whom? (must be at least annually)

Who is authorized to make changes to the plan and by what process are changes made?

Where is the recovery plan stored?

Are redundant copies stored securely off-site?

How will they be accessed in case of emergency?

Who has authorization to access them?

Are they stored encrypted?

Who has the encryption passwords?

Who is responsible to update the redundant plans and ensure the most current versions are properly stored?

Building a Key Compromise Policy:

Who are authorized signers and where are the primary keys stored?

Where and how are backup keys stored?

What is a key compromise? (examples include: system hacked, vulnerability identified on key generation or storage device, physical compromise of key storage location, authorized signer leaves the organization, incomplete chain of custody logs)

How will the company learn that one or more keys may have been compromised?

Who should be notified of possible compromise?

What steps should be taken (in succession) if a key may be compromised?

How will a compromise be confirmed or disproved?

Who should be notified if compromise is confirmed?

How will they be notified?

What is the process for investigating possible compromise?

What is the process for migrating funds if the company’s security is breached? if the third party’s security is breached?

What is the process for limiting damage?

What confidentiality policies, if any, are implemented during investigation of compromise?


Other Considerations:

Personnel: In the event of emergency, who will be responsible to coordinate company efforts and lead the Recovery Team? Who should be part of a Recovery Team?

Physical Locations: If you have a physical location, you should also consider physical evacuation procedures, employee communications, and business continuity plans for geographic natural disasters including fire, flood, etc.

Encrypted Communications: As a reminder, encrypting and signing communications whenever possible protects both confidentiality and authenticity (prevents man-in-the-middle and impersonation attacks).

Audited Standards: Companies should consider building systems compliant to industry best practices and standards, such as the CryptoCurrency Security Standard. (* disclosure, the author of this post is a board member of the non-profit organization hosting CCSS development -the CryptoCurrency Certification Consortium (C4)).

In addition to cold storage and complex multi-signature configurations, Third Key Solutions provides consulting services to help you develop a robust recovery plan, mitigate risks and comply with industry best practices. Contact Us to learn more.


Creative Commons License
Developing a Recovery Plan for Bitcoin and Altcoins by Third Key Solutions LLC is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.