Crypto Rich and Paranoid: Threats Prompt Radical Security in Bitcoin Land

"Grumpynitis," as he's known on Reddit,
figured he had taken every precaution he
needed to protect his crypto assets.
After all, he worked as a security consultant
to banks, governments and multinationals. He
knew how to thwart hackers.
Then he read about the armed robbery.
And the kidnapping. And the swatting.
And he grew, in his words, "quite paranoid,"
as he continued to perform his day job and
realized the magnitude of the new threats the
community was facing.
"It makes you think about what could happen
one day," Grumpy told CoinDesk in an email.
Shaken, he started taking measures he
previously didn’t think necessary.
This should set off alarm bells for non-
experts. As cryptocurrency values have
climbed, many users have suddenly become
very wealthy – and consequently turned into
prospective targets for offline criminals as
much as online ones.
A number of investors are on high alert and
trying to keep low profiles, realizing that not
only their money may be at risk, but also their
personal safety.
Like Grumpy (who, for obvious reasons, did
not want to give his real name or other
identifying details), they're taking extra steps
to protect their coins – and themselves.
But there's growing concern that not enough
users are being so cautious in light of the
heightened hazards.
"People, time to change the dialogue,"
cryptographer Ian Grigg recently tweeted.
"Never ever ask someone how much crypto
they have, or what crypto they have. Lives are
now in danger."
Illustrating the perils facing market
participants, in December, Pavel Lerner, CEO
of cryptocurrency exchange Exmo Finance,
was released from the custody of kidnappers
after a $1 million bitcoin ransom was paid.
This followed an incident last fall in which New
York authorities reported the armed robbery
of someone in possession of $1.8 million-
worth of ether.
And while it was probably motivated by malice
more than greed, a swatting attack on BitGo
engineer Jameson Lopp by "angry crypto fans"
highlighted how security concerns have spilled
over from cyberspace into meatspace. A
battalion of local law enforcement cordoned
off Lopp's North Carolina neighborhood in
response to a false report of hostage incident.
It's against that backdrop that users like
Grumpy are adjusting their threat models.
A thorough inspection
Previously, Grumpy stored the private keys to
his cryptocurrency using an ingenious strategy
of embedding an encrypted vault in a video
file.
But he’s switched to the Ledger Nano S, a
pocket-sized hardware wallet.
"Storing the private keys in a vault is good for
cold storage, but when you want to use the
wallet, you'll have to expose your key to your
PC," Grumpy said.
A device like the Ledger, on the other hand,
keeps the keys unexposed even when plugged
into a computer that’s connected to the
internet. Instead, the hardware wallet sends a
signed message.
Still, Grumpy wasn’t taking any chances. After
receiving the Ledger in the mail, Grumpy took
the thing apart to verify the chips. He also
double-checked the signatures that are
generated by the device.
"This to be 99.99 percent sure that the device
itself is genuine and that it hasn't been
tampered with," he said.
This level of care underscores the added level
of personal responsibility the crypto world
now faces in a new security environment.
"It's like moving from an apartment where
building security is already provided, to a
private home where you are responsible for
your own security," William Mougayar, the
author and investor, told CoinDesk.
Most consumers, he said, have yet to make
the mental jump to this new reality, which
requires not only new skills and know-how
but, critically, self-discipline.
"An eight-letter password in your head is no
longer sufficient," Mougayar said.
Multi-factor authentication, multi-signature
arrangements, paper wallets (best kept in a
safe), hardware devices like the Ledger, PIN
codes and recovery phrases are now all
baseline measures.
Yet, much of this is too complicated for the
average consumer, Mougayar said.
"It is my hope that we will see more user-
friendly ways to manage security and privacy
in this new crypto-world," he said. "Security
usability is an industry challenge, that, once
improved, will help to increase adoption by
orders of magnitude. Security and usability
can, and should be able to coexist."
But beyond all these measures, users will have
to learn to importance of discretion.
Asked why someone would ever admit how
much crypto they own, Grigg tweeted in
response that, "people in the bitcoin world
are still too proud to realize that answering is
a bad idea."
Spreading the seeds
After inspecting his Ledger, Grumpy generated
a seed phrase, or backup recovery text, on
the ledger.
This phrase itself would have never seen a PC,
he noted. The seed was 24 words, and he
divided them over 3 pieces of paper. Each
piece of paper contained 16 words.
Grumpy stored the three papers in safe places
outside his home in tamper-evident envelopes
(he recommends Tyveks) that are stored
securely. Any two of these three papers can
be used to reconstruct the seed. A few people
know about these and know where they are
stored, he said.
"Since one paper is worthless, I don't have to
worry about theft," he said.
All this may make the Ledger sound like a
high-maintenance device, but it's been a hot
seller of late.
Eric Larcheveque, CEO of Ledger, said his
company had seen a 300-times year-on-year
uptick in sales, thanks to the massive growth
of the cryptocurrency market. The French
company’s Nano S hardware wallet devices
have proved the most popular, with about 1
million sold in 2017.
"With the increase of advanced exploits on
general computing devices and secure
enclaves (Meltdown, Spectre, Rowhammer,
Clkscrew) the need for hardware wallets and
external security devices that can be fully
validated by the user has been more and more
important and will continue to grow in 2018,"
he predicted.
'Rubber hose' attacks
Much like Grumpy was shocked out of
complacency by the grisly news reports,
Jameson Lopp said his eyes were opened by
the swatting attack on his home, as well as
the armed robbery in which the victim was
lured into a van and held at gunpoint.
Lopp calls the latter incident a "rubber hose"
attack. Though they may not involve actually
being beaten with one, the effect is the same.
While he has been a constant target online
since rising to prominence several years ago
as a passionate voice in the crypto
community, "bringing it into the physical
world made me realize that I'm at a new level
where I have to worry about the random
crackpot threatening me in real life," Lopp
told CoinDesk.
The engineer said he has now "reviewed some
of his physical security practices and invested
some time and resources in a few changes that
will give me even more peace of mind."
He declined to specify what those other
changes were, but suggested anyone
interested in beefing up their personal security
read up on home defense.
If you get taken hostage, Lopp said, the only
way to make it out without losing money is to
not have direct access to your funds. In a
post on Medium in 2014 , Lopp suggested that
at the level of investment-tier asset holdings,
you'd want to have cold storage that requires
multiple individuals to access. He
recommended paper wallets with split keys via
Shamir's Secret Sharing algorithm or storage
of assets in multi-signature addresses .
Lopp made for an ironic target – as he tells
CoinDesk, he already had "pretty good
physical security practices."
"Over the years I've educated myself in hand-
to-hand, knife and firearm combat," he said,
adding that he’s received tactical training
from a variety of experts and has applied "a
great number of best practices to my home to
fortify it against various types of intrusions."
"These things aren't specific to the crypto
space; physical security is a well-understood
problem that any prominent people have to
worry about," he said.
But he said that a select number of even
higher profile individuals could even someday
be forced to hire bodyguards for true peace
of mind.
Grumpynitis isn’t going that far – but he is is
thinking ahead.
If one of the envelopes holding the three
pieces of paper gets damaged or stolen, he
said, it should give him enough time to
transfer the funds. But if he dies, trustworthy
acquaintances can reconstruct the seed to
recover the funds.
If he loses the funds one day and the secured
envelopes are still intact, he won't have to
blame the persons he gave an envelope to.
“If something happens to the seed and one
envelope has been opened, you know where it
went wrong,” he said.