Hilton College matric student solves multi-billion dollar crypto puzzle

Homing in on one way in which crypto holders lost billions, Matthew Wilson came up with a solution.
Lose the phrase that opens your crypto wallet, and you lose whatever is in the wallet – a problem that has been solved with ingenuity and elegance by Matthew Wilson. Image: Supplied

Hilton College matric student Matthew Wilson got interested in cryptos back in the great boom of 2017, but it was during the hard lockdown of the Covid-19 pandemic of 2020 that he had the time and energy to research the reasons why so many crypto holders lost billions due to lax security.

“I studied numerous examples of crypto holders losing fortunes both big and small due to ignorance and neglect regarding safe storage of their cryptos,” he says.


“An initial idea was to create a traditional insurance product aimed at protecting people against these losses. It however quickly became apparent that this would be unrealistic and not financially viable.

“This led to a more practical and viable solution that sparked multiple family discussions around the new idea.”

Last week Wilson launched CRPT Secure, which solves a problem that has haunted crypto investors for the best part of a decade and accounted for losses running to billions of dollars.

It is reckoned that up to 3.7 million bitcoin worth about $159 billion (around R2.4 trillion) – out of a total 18.5 million minted so far – are lost and probably gone forever.

How investors literally ‘lost’ their crypto

A large number of these bitcoin were lost when the owners forgot, misplaced or accidentally threw away the recovery phrases they need to access their crypto wallets.

That’s the puzzle Wilson set out to crack.

When opening a crypto wallet such as MetaMask for the first time, you are required to create a recovery phrase – a 12-word phrase that is the key to your wallet. It should be written down and stored away from your computer (in case that gets hacked).

Many people ignore that advice and assume that if they cannot remember their recovery phrase, someone will be there to help them out.

Welcome to the dangerous world of cryptos.

Until now, no one would be able to help you over that hurdle – which explains why so many billions of dollars’ worth of cryptos have been lost forever.

Simple safeguard

Wilson’s solution is simple and practical, and leans on technology already in use by the banks.

Whenever banks issue a new credit card, the new PIN is inscribed using PIN-tab technology. The computer-generated PIN is revealed when you peel back a covering sheet.

CRPT Secure provides a disaster backup recovery plan for crypto investors by storing their 12, 18 or 24-word recovery phrases in a safe and confidential format.

The recovery phrases are stored on three or four pages (depending on the number of words), which are then stored at different physical and secret locations.

These pages are retrieved from the different locations and returned to the crypto owner, ensuring that their seed phrases can never be compromised, hacked or guessed at.

That may seem like an obvious solution to the problem, but the ingenuity and elegance of CRPT Secure suggests 18-year-old Wilson has a long career ahead of him in cryptos.

“Prior to this venture I was primarily invested in bitcoin with a smattering of altcoins such as Ethereum (ETH) and Cardano (ADA) making up a small portion of my portfolio. I have used all these funds in the building of this business, and so currently do not own any cryptos myself.”

With matric around the corner, Wilson is deeply buried in books, with economics and history his favourite subjects.



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


If there are countless other solutions that address this issue (including the simple act of writing it down), surely the problem has already been “solved”?

..and if not, why is this particularly solution different to all the others? Unless it alone has had widespread success in recovery of phrases, it isn’t..

This reminds one of the 2 “entrepreneurs” who re-invented the wheel in terms of reporting lost bank cards, and then demanded millions from the banks for re-inventing the wheel.

Oh come, remember your 12 word phrase cant be that hard…mothers maiden name, your first car, your dad rugby team, your second dog, your favourite ice cream etc etc. String those together and there you have your twelve words. If Trumpanzee can remember ‘Person. Woman. Man. Camera. TV’ with his sub 50 IQ, then surely someone with half a brain can remember their crypto password!

In my experience you don’t get to choose your seed phrase. The wallet provider gives you a 12 word phrase.

Not your keys not your coins. Dont give others your pin.

But forgetting your own seedwords is a problem =)

There have been many articles on this site about people losing access to their wallets, but I still have to reiterate that you need to keep your own wallet safe. If people are smart enough to hack exchanges, how can we be sure that company that charges exorbitant amounts can keep the information safe? We have all seen his face, he can be compromised.

…spot on ….don’t do crypto without a cold wallet (hardware wallet)

I have for years had a list “hidden” with usernames and passwords for various apps/etc.

When you invest billions surely you record the access method???

So whats new here?

Sounds like a publicity stunt.

Yup, spot on! (..so that he can earn FIAT money)

Why not use a encrypted password manager like KeyPass or something and keep the recovery keys somewhere else?

Nothing is better than a good anecdote to pitch your wares.

Solution? Storing parts of your phrase in four different places with one provider is still not a solution and still depends on how that provider will identify you in order to release your data back to you instead of a crook but still release it to the executor of your estate.

The primary security rule of passwords is that the password itself should not be saved, only something that will help you remember.

Tattoo a reminder on discrete place on your body. So if your phrase is first 12 words of US anthem, then reminder can be Born in the USA or whatever will help you remember what your phrase is. Problem if you have 74 different crypto phrases and run out of discrete body parts. Engrave them on back of a tomb stone then.

To get past that issue with others needing to know in case you get killed in car accident is the hardest problem. Your will would need to tell them where the crypto is and what the phrase is. And that is where the risk lies as now a lawyer has to know and the phrase must be written down. Maybe engrave the phrase on little stone and embed it under your skin and tell family in will about the stone. Hope that you don’t get chowed by a shark…the stone hopefully also survives your cremation.

Or invest in real assets. I have not heard of people’s Apple shares being stolen by their broker or hacked away by a kid in a basement in Russia.

Your comment made my day! 😉

johan, a friend of mine did exactly that,
but his girl friend does not like cryptos in her mouth .. … …

Speak for yourself Johan – I personally won’t run out of space for all the different passwords, hahaha!

Are you bragging that you can accommodate a 24 word phrase? Hope you have reading glasses and a good chiro for when you get older and stop hodling

This is honestly worse than a custodial wallet solution, your sharded key is being sent over the internet and even worse, all parts to a single entity!

Don’t get me wrong, key sharding is a fantastic way to safely store your keys but a single entity cannot be trusted with this process.

Not your keys, not your coin!

Self service approach:
Divide seed into three parts labeled 1, 2 and three.
Seed part 1 & 3 go one location
Seed part 1 & 2 a second location
Seed part 2 & 3 a third location

You need to know two of the locations to get the seed but if you are happening on one location by accident you will not get enough seed to use.

Shooting the gun there. Doesn’t matter SARS or the FSCA will make sure you dont get crypto.

Don’t store your import passwords online. The next afrycrypt right here. First of all anyone can hack anything. And passwords to crypto being out there on the web of a 12 year olds website is the scariest thing I have ever heard. Secondly this kid will rob you blind.

Wow ! Writing down your passwords and not storing on your computer.
Gee who would have thought of that !?1?

It’s simple: if you don’t like it, don’t use it ~ not that hard.

Yes, he might be someone who hasn’t even graduated yet, but at least he’s bringing solutions? I’d bet money that some of you are just mad that you didn’t come up with this solution before an 18 year old student. Stay mad.

If you haven’t used it and don’t plan to, I don’t see how slandering a student is gonna help your case. Again, no one’s forcing you to use it.

Every solution[proposed] always has critics.

We have SMS, who needs Mixit
We have MySPace, who needs Facebook
We have Blackberry messenger, who needs WhatsApp
Why update your daily live to strangers, who needs Twitter
German/Japanese car manufacturers are better placed for EV, who needs Tesla

After wide adoption of the solution, the critics more on the next thing.

Hi Matthew,

I agree with many others that the solution is not new, the article’s title is misleading and that it’s not very useful or significant.

Good luck with your studies.

I agree with you on the Tesla vs Japanese and German motor vehicle manufacturers.

I have huge respect for Ellon Musk and his effort to educate some very ignorant billionaires, but Tesla is overpriced in terms of product and share price.

Proud to be South African, we have great minds in this country.

There are many more secure and much cheaper solutions than this. R1000 per annum cost? Crazy!

HOw do you explain to SARS that you lost your keys/password and that you lost your crypto? Do you still pay tax on what you dont have/lost?

Good question. I think SARS will say you were “unconditionally entitled” in earning your crypto in the first instance (that was later lost). SARS will also use the “accrual” word.

Like tax on interest on a fixed deposit:
Taxpayer: “Why SARS tax me on my FD interest, as it already matured earlier in tax year? That’s not fair!”
SARS: “Sorry, the interest ACCRUED to you, while invested. Sorry, pay us now” 😉

Disposal for CGT can be voluntary or involuntary, you lose it they can still come after you for the tax.

SARS cannot access your wallet, they can only pick it up via your nbank account when you monetise the currency. If you cant acccess it then they SARS cannot see how much you have. And you can always open a foreign bank account ina c ountry with no tax agreement with SA.

Agree they cannot access your crypto wallet (just too many) and neither do they know you have a crypto wallet (Crypto Exchange and Crypto wallet can be separate).

Which countries have a no tax agreement with SA?

Just some observations:
So in the news I heard FNB stopped flows from their bank accounts into Crypto accounts. So they definitely tracking Crypto Accounts.

The SARB , SARS has no visibility in local accounts, Only the banks do. The Guptas and State Capture are perfect examples.

SARB, SARS do not have the infrastructure to monitor local accounts, only the banks do.

The BANK reports to the SARB and reveal any suspicious transactions and transactions over a certain amount.

SARS can request info from BANKS… and BANKs provide that info to SARS.

The best question yet! Still laughing…thank you!

Tell me your dad has shares in moneyweb without telling me your dad has shares in moneyweb…

Why is this news?

Let’s go back to that question of how banks identify you in the event that you’ve forgotten your pin or lost your card. Walk up to the teller, show your ID, smile for the camera, take a few a fingerprints, sign some paperwork. Some biometrics on the phone? How much of this can be transferred to the world of crypto coins? Somewhere in the world some organisation is probably already keeping your data. Why not another one?

Not anymore you need your phone now or else they wont see you. You need to call the manager if you just have a greenbook

So here we have a bunch of losers who take the time out from their day to slam an 18 year old. I hope you lot feel great about yourselves.

From Sideways to Matthew, go for it young man, the world is your oyster.

You need a sword for the world to be your oyster. Educate yourself fool. Anyways. Yeah let a 2 year old hold the passwords to your potential fortune. Lend him your car and have him look after your house for the weekend and baby sit your daughter while you at it.

Its the idea and that counts, every invention has to start somewhere. I feel sorry for people like you who spend your lives anonymously posting on internet message boards finding time to slag a kid off…….just wonderful. I will think of you this afternoon over a raki…loser.

I’m supposed to feel bad because a whimsical drunk with his head in the clouds calls me a loser? I got time to waste not time to lose.

Anyways is not actually a word. The word is Anyway.


Oh come on! Lesson number one as an IT entrepreneur: if you are going to fail, fail hard and fail quickly. Nothing worse than spending years chasing an idea that was never going to make it.

I have been in crypto since the inception of ETH and have been storing my keys like this since forever.

I also would not share my keys with another person, especially not a company able to retrieve it when lost.

They might as well not recover the key and keep the crypto.

Also how would they be held liable when for instance they lose the keys, hacked or forced by government to give up the info?

Hopefully you don’t get Alzheimer’s before selling your coin!!!!

Oh come, remember your 12 word phrase cant be that hard…mothers maiden name, your first car, your dad rugby team, your second dog, your favourite ice cream etc etc. String those together and there you have your twelve words. If Trumpanzee can remember ‘Person. Woman. Man. Camera. TV’ with his sub 50 IQ, then surely someone with half a brain can remember their crypto password!

….I did not even know there was a “puzzle to be solved” *lol*

And here, like my credit card PINs, I also write my crypto-key in permanent-marker pen on the back of my physical BTC coin.


The vibe in the article seems like his dad is in insurance and he’s helping his son create a name for himself.

I wonder how much this kid’s dad paid Ciaran to have an article written and published about his wunderkind (was using the kid’s pic an extra fee?). This kid’s ‘solution’ is anything but revolutionary.

I personally think this is just a clever Ray-Bans ad 🙂

Brilliant! The responses to this article have been hilarious! I haven’t laughed so much in ages. Thank you guys!

It’s high time we nationalised Hilton College.

Well done young man. Join the PIC and save SA.

The most obvious solution to not losing cryptocurrency is not to purchase any.Ta ra!

Yawn. Nice little clickbaity headline on a crypto up-day. Thanks Ciaran and team. Hope you get many clicks.

End of comments.




Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: