You only need to remember a big random number (can be a long phrase from a book you like), and a rule that generates keys, e.g. (keyid, seed) -> hash(keyid + seed). Needless to say, you never write the seed phrase down. At most you keep a vague pointer to the author of that book.
You use a 2048 word dictionary (a random choice in that wordlist represents [log 2048 =] 11 bits of entropy) then you generate a random string of 132 bits to be your cryptographic seed which is a sequence of 12 words from the wordlist which you memorize.
From that seed you can generate for all practical purposes an infinite number of private keys for any and all purposes in existence. Using cryptographic one way functions such as a hash or PRNG.
Have a google for BIP-32, about Hierchical Deterministic Wallets. A secret key is nothing but a number, so it's not too hard to generate more numbers from that seed. If you have the seed and the parameters for the child numbers, you have all the private keys you want.
Just to clarify: the statement is not that you could encode those existing 2000 private keys with one short seed (you cannot, indeed), but rather that you could easily and safely generate 2000 distinct private keys from one relatively short seed.
Keys are conspicuously easy to hide. My PGP master key that I've been using for some time is hidden on two devices which would be difficult to identify much less locate and are encrypted as well.
Even with the fervor of the federal government they'd be easy to hide.
A USB is tiny, and you can shrink it's footprint with USB-C. You can also buy USB keys with tamper-proof housings that will blow a fuse if opened to be physically compromised. Coupled with strong post-quantum crypto, that key is relatively secure, even if physically discovered.
That's just the technical bit. You can also split the key in half and transfer the other half somewhere, which creates legal protection. You could also create a housing for the key so it's not easily discoverable.
If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.
You are pushing it. 1000 words is 10 bits of entropy per randomly chosen word. 70 bits of entropy is probably crackable by a government agency.
Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.
vitalik (ethereum founder) used an interesting system. He split the key in 2. Wrote both on paper. Gave 1 paper to family and kept the other. Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time
This way the police or anybody else cannot get your private key.
You really think the government would have trouble doing a handful of raids at once? They have enough officers to do a thousand raids at once. The FBI and Interpol did just that recently, coordinated across more than a dozen countries:
No, but if you don't have your half memorized and they take it from you, the other half is useless. This is more useful if you want to leave your crypto to your family if you die, provided that you make it easy for them to find your half if you're not around.
The police wouldn't have to raid the family members, they'd likely give up what they know immediately, to avoid become accessories to whatever crime the police were alleging.
Sure, they could have destroyed them, losing the money but maybe not getting arrested?