“Grumpynitis,” as he’s known on Reddit, figured he had taken every precaution he needed to protect his crypto assets.
After all, he worked as a security consultant to banks, governments and multinationals. He knew how to thwart hackers.
Then he read about the armed robbery.
And the kidnapping. And the swatting.
And he grew, in his words, “quite paranoid,” as he continued to perform his day job and realized the magnitude of the new threats the community was facing.
“It makes you think about what could happen one day,” Grumpy told CoinDesk in an email. Shaken, he started taking measures he previously didn’t think necessary.
This should set off alarm bells for non-experts. As cryptocurrency values have climbed, many users have suddenly become very wealthy – and consequently turned into prospective targets for offline criminals as much as online ones.
A number of investors are on high alert and trying to keep low profiles, realizing that not only their money may be at risk, but also their personal safety.
Like Grumpy (who, for obvious reasons, did not want to give his real name or other identifying details), they’re taking extra steps to protect their coins – and themselves.
But there’s growing concern that not enough users are being so cautious in light of the heightened hazards.
“People, time to change the dialogue,” cryptographer Ian Grigg recently tweeted. “Never ever ask someone how much crypto they have, or what crypto they have. Lives are now in danger.”
Illustrating the perils facing market participants, in December, Pavel Lerner, CEO of cryptocurrency exchange Exmo Finance, was released from the custody of kidnappers after a $1 million bitcoin ransom was paid.
This followed an incident last fall in which New York authorities reported the armed robbery of someone in possession of $1.8 million-worth of ether.
And while it was probably motivated by malice more than greed, a swatting attack on BitGo engineer Jameson Lopp by “angry crypto fans” highlighted how security concerns have spilled over from cyberspace into meatspace. A battalion of local law enforcement cordoned off Lopp’s North Carolina neighborhood in response to a false report of hostage incident.
It’s against that backdrop that users like Grumpy are adjusting their threat models.
A thorough inspection
Previously, Grumpy stored the private keys to his cryptocurrency using an ingenious strategy of embedding an encrypted vault in a video file.
But he’s switched to the Ledger Nano S, a pocket-sized hardware wallet.
“Storing the private keys in a vault is good for cold storage, but when you want to use the wallet, you’ll have to expose your key to your PC,” Grumpy said.
A device like the Ledger, on the other hand, keeps the keys unexposed even when plugged into a computer that’s connected to the internet. Instead, the hardware wallet sends a signed message.
Still, Grumpy wasn’t taking any chances. After receiving the Ledger in the mail, Grumpy took the thing apart to verify the chips. He also double-checked the signatures that are generated by the device.
“This to be 99.99 percent sure that the device itself is genuine and that it hasn’t been tampered with,” he said.
This level of care underscores the added level of personal responsibility the crypto world now faces in a new security environment.
“It’s like moving from an apartment where building security is already provided, to a private home where you are responsible for your own security,” William Mougayar, the author and investor, told CoinDesk.
Most consumers, he said, have yet to make the mental jump to this new reality, which requires not only new skills and know-how but, critically, self-discipline.
“An eight-letter password in your head is no longer sufficient,” Mougayar said.
Multi-factor authentication, multi-signature arrangements, paper wallets (best kept in a safe), hardware devices like the Ledger, PIN codes and recovery phrases are now all baseline measures.
Yet, much of this is too complicated for the average consumer, Mougayar said.
“It is my hope that we will see more user-friendly ways to manage security and privacy in this new crypto-world,” he said. “Security usability is an industry challenge, that, once improved, will help to increase adoption by orders of magnitude. Security and usability can, and should be able to coexist.”
But beyond all these measures, users will have to learn to importance of discretion.
Asked why someone would ever admit how much crypto they own, Grigg tweeted in response that, “people in the bitcoin world are still too proud to realize that answering is a bad idea.”
Spreading the seeds
After inspecting his Ledger, Grumpy generated a seed phrase, or backup recovery text, on the ledger.
This phrase itself would have never seen a PC, he noted. The seed was 24 words, and he divided them over 3 pieces of paper. Each piece of paper contained 16 words.
Grumpy stored the three papers in safe places outside his home in tamper-evident envelopes (he recommends Tyveks) that are stored securely. Any two of these three papers can be used to reconstruct the seed. A few people know about these and know where they are stored, he said.
“Since one paper is worthless, I don’t have to worry about theft,” he said.
All this may make the Ledger sound like a high-maintenance device, but it’s been a hot seller of late.
Eric Larcheveque, CEO of Ledger, said his company had seen a 300-times year-on-year uptick in sales, thanks to the massive growth of the cryptocurrency market. The French company’s Nano S hardware wallet devices have proved the most popular, with about 1 million sold in 2017.
“With the increase of advanced exploits on general computing devices and secure enclaves (Meltdown, Spectre, Rowhammer, Clkscrew) the need for hardware wallets and external security devices that can be fully validated by the user has been more and more important and will continue to grow in 2018,” he predicted.
‘Rubber hose’ attacks
Much like Grumpy was shocked out of complacency by the grisly news reports, Jameson Lopp said his eyes were opened by the swatting attack on his home, as well as the armed robbery in which the victim was lured into a van and held at gunpoint.
Lopp calls the latter incident a “rubber hose” attack. Though they may not involve actually being beaten with one, the effect is the same.
While he has been a constant target online since rising to prominence several years ago as a passionate voice in the crypto community, “bringing it into the physical world made me realize that I’m at a new level where I have to worry about the random crackpot threatening me in real life,” Lopp told CoinDesk.
The engineer said he has now “reviewed some of his physical security practices and invested some time and resources in a few changes that will give me even more peace of mind.”
He declined to specify what those other changes were, but suggested anyone interested in beefing up their personal security read up on home defense.
If you get taken hostage, Lopp said, the only way to make it out without losing money is to not have direct access to your funds. In a post on Medium in 2014, Lopp suggested that at the level of investment-tier asset holdings, you’d want to have cold storage that requires multiple individuals to access. He recommended paper wallets with split keys via Shamir’s Secret Sharing algorithm or storage of assets in multi-signature addresses.
Lopp made for an ironic target – as he tells CoinDesk, he already had “pretty good physical security practices.”
“Over the years I’ve educated myself in hand-to-hand, knife and firearm combat,” he said, adding that he’s received tactical training from a variety of experts and has applied “a great number of best practices to my home to fortify it against various types of intrusions.”
“These things aren’t specific to the crypto space; physical security is a well-understood problem that any prominent people have to worry about,” he said.
But he said that a select number of even higher profile individuals could even someday be forced to hire bodyguards for true peace of mind.
Grumpynitis isn’t going that far – but he is is thinking ahead.
If one of the envelopes holding the three pieces of paper gets damaged or stolen, he said, it should give him enough time to transfer the funds. But if he dies, trustworthy acquaintances can reconstruct the seed to recover the funds.
If he loses the funds one day and the secured envelopes are still intact, he won’t have to blame the persons he gave an envelope to.
“If something happens to the seed and one envelope has been opened, you know where it went wrong,” he said.