The biggest concern is how easily trace-able it is, and will become, with AI-assisted tooling.
A sufficiently motivated criminal group can pretty easily:
Collect publicly-available leaked exchange data (e.g the big Coinbase leak). They now know the rough size of your stack, as well as email/name (potentially address).
1a. they could also just bribe internal employees for data, this is an on-going concern, as your data is never deleted. Once you have bought off a KYC exchange, you can assume that data will leak in time.
Cross-match email with any other data breach off any e-commerce website. They now know your personal address where you ship orders to.
ππ§
Further, the KYC exchange data (e-mail, name, address, phone) can all be cross-linked with various other breaches to get an AI-assisted similarity score to try and guess which details belong to the same person. In other words - it doesn't have to be 1-to-1. Maybe you re-used the phone on another website which has your same name but different e-mail - there's reason to conclude you own that e-mail too. Maybe they verify that e-mail in 10 other websites belonging to the same name, but also a new number in some places. Maybe they verify the email and new number consistently map to a new address.
It is safe to assume that sufficiently-motivated black-hat actors contain resources consisting of all of your online activity. The criminal groups don't even need to be advanced - they can just purchase the bundle of email/address off of the black-hat actors and then they have your information.
Yep, the key is to live two lives, like a good spy. One name/phone/email/address for amazons and socials, separate nyms/emails for dev and BTC. Helps to move a lot and have more than one passport.
After you give up your entire stack, what makes the thief believe you then? You're going to get hit by the wrench either way. You might have a chance to save some Bitcoin with a decoy.
It is extremely underrated. People don't know how bad it is and for how little criminals are ready to cut off a finger/kidnap you.
Even if you don't die - you don't want to suffer the experience of feeling hopeless at an armed gang set out to make you suffer.
See https://github.com/jlopp/physical-bitcoin-attacks for gruesome examples
The biggest concern is how easily trace-able it is, and will become, with AI-assisted tooling.
A sufficiently motivated criminal group can pretty easily:
Further, the KYC exchange data (e-mail, name, address, phone) can all be cross-linked with various other breaches to get an AI-assisted similarity score to try and guess which details belong to the same person. In other words - it doesn't have to be 1-to-1. Maybe you re-used the phone on another website which has your same name but different e-mail - there's reason to conclude you own that e-mail too. Maybe they verify that e-mail in 10 other websites belonging to the same name, but also a new number in some places. Maybe they verify the email and new number consistently map to a new address.
It is safe to assume that sufficiently-motivated black-hat actors contain resources consisting of all of your online activity. The criminal groups don't even need to be advanced - they can just purchase the bundle of email/address off of the black-hat actors and then they have your information.
kill your customer
Yep, the key is to live two lives, like a good spy. One name/phone/email/address for amazons and socials, separate nyms/emails for dev and BTC. Helps to move a lot and have more than one passport.
This one is a tough one. Why should the thief believe you, that this is your whole stack?
After you give up your entire stack, what makes the thief believe you then? You're going to get hit by the wrench either way. You might have a chance to save some Bitcoin with a decoy.
Basically, stay humble and don't try to orange pill.
Case in point. Trust kills!
https://www.bbc.com/news/live/c706jdlr934t
There is already a service for this π
https://cryptorank.io/news/feed/c08d5-bitcoin-security-startup-glok-kidnapping
I heard a good argument the other day. If most people used multisig the $5 wrench attacks would stop.
Maybe. But there are other forms of attacks as well which could target your family for example. Its a tricky topic.
Timelocks?