How it works
The owner creates the contract, sets roles, and approves assets for transfer. If the timeout is not refreshed for 6 months or enough guardians confirm inactivity, the assets move into the contract and beneficiaries claim them. If access is lost, recovery addresses can move the assets to a new address.
Create contract, set roles, approve assets.
Refresh timeout every 6 months. Assets remain in wallets.
If access is lost
Move assets to a new address.
Timeout expires or guardians confirm inactivity.
Transfer stays blocked during challenge.
Assets move into the contract and beneficiaries claim.
If access is lost
Move assets to a new address.
Owner-defined rules
The owner creates the contract, approves assets, sets beneficiaries, guardians, and recovery addresses, and records encrypted asset data on-chain.
Who can act
When they can act
What they can do
Control stays with the owner during normal operation. Approved assets remain in wallets. No one gets open control or custody. Beneficiaries and guardians do not see asset details before distribution because the data stays encrypted.
Transfer
Transfer starts only after the timeout expires or enough guardians confirm inactivity. Then there is still a challenge period before assets move into the contract.
Timeout expires or guardians confirm inactivity
Assets stay in owner wallets until one of these happens.
Challenge comes before transfer
After timeout, beneficiaries start the challenge. Guardians can start it earlier. The owner can still cancel it.
Assets move into the contract, then beneficiaries claim
Recovery addresses can withdraw remaining contract-held assets to new addresses. Finalized claims stay final.
Transfer follows the owner-defined setup. It does not move assets during normal operation. Beneficiaries do not control assets before distribution. Guardians can confirm inactivity, but they do not control the assets.
Recovery
Recovery is a separate path for lost access. The owner sets recovery addresses and a threshold in advance. They can move approved assets into the contract at any time and then send remaining assets to new addresses.
Set recovery addresses and threshold
The owner adds one or more recovery addresses and chooses how many must approve, like a multisig.
Recovery can start at any time
Recovery does not wait for timeout or challenge. Approved assets can move into the contract under the recovery threshold.
Send remaining assets to a new address
Recovery addresses can withdraw remaining contract-held assets to new addresses. Finalized claims stay final.
Recovery is separate from beneficiary transfer. It follows its own threshold and does not reverse completed claims.
CryptoLegacy does not move assets during normal use or give invited roles control. Approved assets stay in owner wallets. Beneficiaries and guardians do not see asset details before distribution, and guardians do not control assets.
Ready to define the rules?
Go to the app to define the setup, or continue into Documentation for deeper verification.
Nothing changes. Your assets stay under your control. Self-custody does not define what happens if you cannot act.
Yes. During normal operation, your assets stay fully in your wallet. The contract holds permissions, not funds. It only defines what may happen if you cannot act.
Multisig requires real-time coordination. Key sharing exposes secrets. CryptoLegacy defines rules in advance β no one needs to hold your keys or coordinate at the right moment.