pull down to refresh

The setup

Imagine a future where 1 btc is worth $1m in 2020 dollars. In such a future, many current bitcoiners will possess significant wealth, in the form of bearer assets. This is good for all the reasons btc is good. However, it also means that a host of attacks become viable in ways they weren't before.

Sovereignty under pressure

We all know about the security issues of someone getting access to your wallet or seed words somehow, and many people mitigate those risks in different ways, such as memorizing seed words, printing out QR codes and hiding them in books, creating metal backups and putting them in fire safes.
But with these practices, a host of habeas corpus risks now increase dramatically, e.g., kidnappings and torture. If a villain gets their hands on you, and you have the power to give up your btc, either bc you have a hot wallet in your possession, can retrieve a hot wallet, possess a seedQR code, or have memorized your seed phrase -- in this circumstance, possessing your body is the equivalent of possessing your stack. Worse, it's not just your own body that must be secured; the body of anyone you care about is transformed into an attack surface.
This is the ultimate sovereignty: once compromised by this kind of attack, no one can help you. Settlement is final. Your funds are gone. Your fingers and toes are gone. Probably your life is also gone.

Single sig

The game theory of these dynamics demands certain responses.
First, single sig, of any kind, is a dead end, not only for the hodler, but for everyone. If villains can reliably obtain funds by kidnapping and torture, they are incentivized to do so. In a fiat system, a credible deterrent is that transactions are reversible. In a btc system with final settlement, the only plausible deterrent is if kidnapping / torture will reliably not work bc a person, even subject to the highest levels of duress, cannot provide access to their btc under these scenarios.

Implications

If all that's true, how can the ecosystem around btc evolve to mitigate these new attack dynamics?
  • multisig must become ubiquitous, and your ability to access your own stash quickly must end
  • shared custody institutions like Unchained, Casa, and others will become the norm
  • other types of shared custody institutions, like Fedimint-derived ones, and things that haven't been invented yet, will become invented and become popular
  • social practices and institutions will evolve around these incentives
It also means that bad security on behalf of a single bitcoiner become security holes for all bitcoiners. If kidnappings / torture reliably produce btc results, then those practices will continue to be incentivized, and the ecosystem will adapt to normalize them, as they have in LatAm countries.

Discussion

I know Andreas A, as a prominent holder of significant btc wealth, but as a guy who is not so rich that he can afford a contingent of bodyguards to surround him at all times, has mentioned similar security measures in the past for himself, though I don't have a reference handy; and I think he is dubious about the prospect for the average person.
Have others discussed this topic in depth? I'm particular interested in the institutional and cultural adaptation that must unfold -- social determinism unfolding in the face of technological determinism, as Lyn Alden might put it.
This is why I eventually went with a multi-sig setup. Even under duress, it's simply not possible for me to forfeit my funds easily. The attacker would have to travel to several guarded locations and somehow not arouse suspicion.
You paint a future where Bitcoin has appreciated dramatically. Allow me to add some further details: The legacy financial system has collapsed, the no-coiner majority is unimaginably salty about Bitcoin's success, and most exchanges have had their KYC details breached and published all over the darkweb. Attacks on Bitcoiners are cheered on and encouraged.
Do you think your funds are secure in that scenario?
That's the benchmark I set for myself. Don't plan for today, plan for 5-10 years from now. If you're not constantly reviewing your security practices, you are not nearly bullish enough on Bitcoin. It should scare the shit out of you, actually.
reply
Urgh, that's bleak. But even better from the PoV of gaming this out, thank you.
I think an under-appreciated thing so far is how important it is that these security measures / procedures become so normative that villains don't even consider this flavor of villainy. Aside from Ocean's 12, nobody is going to steal all the gold from the Fed or whatever. There is plausible deterrence around that course of action.
I would like expectations driven by social norms to help keep my family safe.
reply
This is exactly the scenario why I don’t want multisig.
First, gov’t will go after Casa or whoever and take control of those keys.
Second, do you think someone threatening your life will take “sorry, multisig” for an answer? No, they’ll insist you ultimately control those coins somehow, which is in fact correct.
reply
I don't personally use Casa, Nunchuk, etc. for those reasons.
Second, do you think someone threatening your life will take “sorry, multisig” for an answer? No, they’ll insist you ultimately control those coins somehow, which is in fact correct.
This is a problem for any backup scheme, but at least with multi-sig the attacker has to travel to different locations to access those keys. That's a major impedence -- the longer you are held hostage, the more chances you have to escape / alert authorities / people realise you are missing / etc. Also in my case, the keys are guarded such that people would notice attackers trying to access them.
Is it flawless? Nope. No system is perfect, and a highly sophisticated actor or government could break it. Thankfully I'm not rich enough to be worth the effort.
But which setup are you thinking of that's more robust against physical attacks? Multisig is not without its pitfalls, but I can't see a scenario where a single-sig setup helps you more against $5 wrenches.
reply
Agreed. The crucial thing is that you are tying yourself to the mast, as it were, and introducing actual difficulties that prevent you yourself from accessing your stash in a manner that is so friction-full that it makes villainy too expensive / too difficult to bother with, given the other factors.
If this is a credible system -- meaning, it's the normal state of affairs -- then people don't bother trying to casually compromise it, and only really high-value targets get targeted. If it's not normative, then normal people become attractive honeypots. That's why the norms around this stuff matter.
reply
Best protection is anonymity. But in your scenario, which I fear is too likely, anonymity is broken, and all KYC purchases are leaked. The only remaining option, then, is leaving for a safer jurisdiction where property rights are respected and enforced. A country that welcomes bitcoiners and protects them, in exchange for their spending their wealth there.
The main hitch in leaving, as I see it, will be selling any real estate / large assets you own, ahead of the major bitcoin price appreciation. Otherwise you may be forced to abandon those. I hope this dark scenario can be avoided, and it should, if the game theory of different countries plays out with all of them vying to retain and attract bitcoiners.
reply
You don't even need multisig to do this, Bip39 encryption and a couple of vaults in different countries and a couple of random factors.
Crims will take the lowest hanging fruit.... Also if you have fear just spend your bitcoin!
reply
Another reason to relocate to a (former) 3rd world country.
reply
In Latin America, it's super common to find plots of land guarded by armed porteros. You pay a small administration fee and subsidise their salary, along with your neighbours. They can call back-up at a moments notice. This is a model that works. It just isn't something really available in the West. Only to the truly wealthy.
We'll see more of this, I expect. The collapse of nations will leave a huge void, when people realise the police can not only no longer help them, but may be actively working against their interests. Police may even be incentivised to use their position as "trusted" people in society to raid people's homes.
Private security will therefore be big business I expect. Crime may well be too. Some of us may not like the idea of living in that world, but it has happened throughout history. You outsource your security to someone for a fee. It happened throughout the gold standard.
Eventually, people will regain the trust of local community banks and dislike the inconvenience of self-storage - resorting to trusting others to safeguard a portion of our wealth, gaining 'increased' security. Like what Fedi have in mind. And then that will no doubt later lead to centralising custody in decades that follows, as community custodians get swallowed-up by new broader monopolies again in 100 years time. Then the cycle and human nature repeats. A new flight to self-custody once more.
reply
If you want a taste of that world move to South Africa, police are useless and everyone uses private security. The government in general is falling apart and many communities rely on private services to do what should be paid for with tax money.
I don't know if this is a good or bad thing with regards to Bitcoin but it is something to keep an eye on.
reply
This is a good pointer. Are there any canonical books or movies or media of any kind that make this experience more vivid? I'm less familiar with the details of it, and it would be interesting to 'experience' in a way I could internalize.
reply
The collapse of nations will leave a huge void, when people realise the police can not only no longer help them, but may be actively working against their interests. Police may even be incentivised to use their position as "trusted" people in society to raid people's homes.
Quis custodiet ipsos custodes? It's a story as old as time.
Private security will therefore be big business I expect. Crime may well be too. Some of us may not like the idea of living in that world, but it has happened throughout history.
I've seen this vision too. It's always been in the back of my mind when I hear the conversations about getting rid of the state, and how great it will be when its tyranny is finished. What you get in that situation is what you've described here, and what @CheezeGrater described below: a bunch of smaller, individual state-like crime orgs that have state-like powers in the worst sense of the word, and that you get to deal with directly in ways that are generally less pleasant than what you're dealing with now, unless you already live under one of these systems.
"If you liked school, you'll love work," etc.
Then the cycle and human nature repeats. A new flight to self-custody once more.
My take on the cyclical model of history is less crisp than what you've expressed, but there are certainly rhythms to these centralization / decentralization flows. It's hard to see how the current thing doesn't fracture. And then the distinction between crime org and state eventually blurs, and the pirates become captains. People pay their protection money and dream of a more ordered world.
In the meantime, I really hate this kidnapping racket, and would like to route around it.
reply
Hate to say it but this is a benefit of bitcoin etf
reply
I think I know what you're getting at, but say more about what you're thinking on this one so I don't put words in your mouth.
reply
• Have 1 BTC worth of bitcoin in an ETF
• Robber comes to your house and puts your thumb in garden shears • Robber says "give me your bitcoin" • Say "call Larry Fink bro, it's in a brokerage sitting next to my TSLA stock"
reply
It also gives us all plausible deniability of direct ownership, without even using the ETF.
reply
The main robber you will likely have to worry about is the state. In an ETF you are handing your corn to them on a silver plate.
reply
DO NOT invest more than a tiny proportion (single digit percentages) of your net worth in one of those ETFs. Do so knowing full well you intent to cash out within the next 2 year period or are otherwise setting alight your wealth.
Those ETFs and paper claims are going to go to zero, the underlying assets will be confiscated. Read the book The Great Taking if you want to know how. Legal precedent already exists. It's been in the making since the 1970s. The likes of JP Morgan, BlackRock and (in their own words) "The Protected Class" will take the underlying collateral inside those ETFs. There is not enough collateral for the paper claims that exist in the system. You will likely not even see 25% of what you believe you are "owed", the legal documents clearly state you are owned nothing in the mathematical certainty that it will all unravel.
Yes we may even see some high-profile bitcoiners under wrench attacks to get people thinking like @blue_words. To think that it is "safer" to trust others with their wealth. Don't be so weak minded. That is the type of psychological trickery and attacks on individual sovereignty that will occur in this crumbling society. They don't even need to 6102, if you trust them and have this philosophy.
If what is written in that book comes to pass, it will be the biggest confiscation of wealth in human history. It is all laid out, across all Western countries. It may however take more time to play out though, at the top of the next bubble. Once they have enticed the world-in with manic ATH prices and provided Bitcoin with "credibility". Persuading you to buy their toilet-paper IOU rather than pristine BTC.
reply
FWIW what i wrote above is not how I think, I preach cold-storage self-custody all day erryday. I'm guessing that normies would think like that.
reply
Glad to hear it 😄 I just hope people are aware that they are playing with fire, having money in:
  1. the banking system
  2. any stock
  3. ETFs
  4. any paper derivative
I would say there is greater than a 50% chance at this point that this will be how it unravels. CBDCs only get introduced on the back-end of that. Not before. It's a one-time bail-in, that would happen first. The wrench attacks may only come after.
reply
security through obscurity!
reply
I believe it's possible to create some kind of service that sends to you the amount you spend monthly from your stash, then your main bag couldn't be compromised, you would only be at risk of losing a month's spending worth of bitcoin.
Free business idea, let me see those sats.
reply
That's an interesting one. I wonder if we'd see the kidnappings / torture market bifurcate: small players who nab someone to collect one month's disbursement, and larger players who now have a yield-generating business model of holding the person in perpetuity?
(Assuming there's some mechanism where the person is required for proof-of-life to get every month's disbursement. I can imagine a plausible way to do that, so let's roll with it.)
Although I guess also you could perhaps have a system where, if the person is kidnapped and held, the institution that does the disbursement would figure it out and turn off the yield? But they would have to credibly guarantee that outcome, or else create perverse incentives (the "negotiating with terrorists" thing).
Basically, we need this institution, or one like it, to be a credible wallfacer. (Freebie for you, @k00b.)
reply
I'm just gonna wait on the movie for this one...
reply
Nunchuk has something kind of like this, you can set a spend limit per day. So, you'd have your key and they'd use their key and they'd only sign if you spent below your daily limit. You could then put your other key in a nearly impossible to get place (like in a dark cave that you have to offer up innocent blood to find, you then have to cross a dark pool of water in a boat, and then drink magical water that makes you suffer).
reply
like in a dark cave that you have to offer up innocent blood to find, you then have to cross a dark pool of water in a boat, and then drink magical water that makes you suffer
That sounds like my morning commute.
reply
A service would be a counterparty. At protocol level, time locks already allow something like that.
reply
Criminals usually stop trying to rob people when they figure out robbing people doesn't work.
reply
reply
True. The point of the post is that
a) robbing people will actually start to work way better than it does now, at least for the most heinous kind of attacks that we can imagine, if current practices continue, so
b) how might practices evolve?
reply
a) I don't think it will because you are thinking about it now and are likely smarter than your potential attacker. quickly tap the backspace before sending ;) b) in way too many ways for crims to understand
reply
We should be weary of creating public archives like this and the way we use things like public bitcoin chat groups. These can become resources for attackers.
We need to communicate, but if you're not famous and holding reputation for a particular reason, changing nyms is good and very cheap. Consider what your random online nym identity is worth? Normally it's not much and they do come with significant cost.
reply
That's generally good opsec, but I'm not actually worried about it very much. If it was 2011 and I was posting with the same nym I use everywhere and that can be tied to my real-life identity, then yeah, that's trouble. At this point, though, being here doesn't signal much about the size of your stash [1]. I'm guessing the vast majority of us are of pretty recent vintage.
[1] It may signal something about your relative state of mental health, but that's not readily monetized.
reply
It's a really interesting post. One thought I had while reading it is that if kidnapping and torture work to steal your bitcoin, presumably those methods would also work to get it back.
I'll keep checking in on this post to see what other people have to say.
reply
Ha, I suppose so! One thing that seems relevant is the asymmetry of these kinds of attacks. Bitcoiners (following the arguments made in the Sovereign Individual, presumably) often talk about how cryptography changes the calculus of attack vs defend. But it's easier for villains to target non-villains for these attacks than it is for non-villains to target the specific villains -- or anyone in the chain of villainy -- to counter-attack. It's easier to steal somebody's car than to find the exact person or group responsible for stealing your car, as many Liam Neeson thrillers illustrate.
Is there any reason to expect these symmetry relationships to change?
reply
I think we will see agencies that specialize in returning stolen Bitcoin, but of course that still has an incentive problem. Those agencies only profit if there is a lot of Bitcoin theft.
You're absolutely right to frame the issue the way you did. We're heading towards a different equilibrium state on a Bitcoin standard than we would on a different sound money standard.
reply
social practices and institutions will evolve around these incentives
Yep I think this is the main thing. Ideally, if Bitcoin is to hyperbitcoinize, the incentives to commit crime like this will lower dramatically. Of course people will still try to rob people's bitcoin in the future, but peace will be much more widespread than it is today.
Ultimately i have no clue what/if tech itself will inherently disincentivize this behavior across the board, but a wealthier world all around will have less crime.
However much bitcoin you hold today I think carries much more weight in the next 20-30 years in a fiat-driven world than I think it does after 100+ years. At that point, the wealth creation will have exploded throughout all countries. People wont need to rob each other as much
reply
So to recap your logic:
  • a btc standard will result in broader wealth creation
  • if people are more broadly wealthy, and perhaps more hopeful about the prospects of getting ahead in the world, there will be less crime
  • therefore issues I've described will become less relevant over time
That makes sense. However, there's still the issue of the period of time before those new conditions take hold -- as you put it, in the next 20-30 years. How things unfold in that time period is my main area of interest.
reply
Yep. i think as long as we're still psychologically driven by fiat not much will change in that arena. Not sure how we're gonna approach it...but that's why it's so critical to be extra cautionary with your bitcoin's safety today
reply
  • multisig must become ubiquitous, and your ability to access your own stash quickly must end
  • shared custody institutions like Unchained, Casa, and others will become the norm
This seems to be the train of thought behind Bitkey. I imagine a bunch of smart product people sitting in a room asking, "How cheap and easy can we make multisig?"
I know current bitcoiners love to hate Bitkey, but the alternative can't be to turn everyone into a cypherpunk. Protecting oneself needs to be asymmetrically easier than attacking someone if self-custody is to become normal. Cryptography is made of such asymmetries and we need to bring that asymmetry to the human layer of bitcoin.
I'm not endorsing Bitkey, but I'm happy Bitkey is iterating on this problem.
reply
I'm glad all the people who are on these walls are on them, or facing them.
reply
If it only had a screen.
reply
I think something like the proposed OP_VAULT functionality (delayed release with a safety backdoor) would be a lot more practical way of deterring attacks on single-sig setups without forcing a transition to multi-sig (especially multi-sig where the "owner" doesn't have access to a quorum of keys, which is a qualitatively different form of custody).
reply
Can you give a scenario of how that would work? Sounds interesting.
reply
LOL people still do not get the meaning of the "STAY HUMBLE"...
You are afraid of being kidnapped and tortured... I will just say to the thugs: kill me and you get nothing anyways. I don't give a shit, I will take the BTC with me and you are still fucked.
fucking hell, only pussies nowadays, begging for custody of their BTC.
reply
Some people have families whom they care about very much. This is a valuable conversation.
reply
Bitcoin is not for the weak, only for brave. If you want to feel comfortable, use fiat.
reply
You could not be more wrong. Bitcoin will have fulfilled its purpose when it is usable by the weak and powerless and it’s up to the strong and powerful to make that a reality.
reply
watch me how am I always right... @remindme 5 years
reply
deleted by author
reply
Yes, kidnappings take place today already, with or without Bitcoin. But are rare.
The only time that this becomes commonplace is when custodians have already been raided and the majority of people are left with nothing. During that point, you're already in the Top 0.5% and likely have time to adapt your lifestyle to upgrade your security.
reply
Some tips.
  1. Never EVER say how much bitcoin you have. To absolutely no-one. Be prepared for people around you asking it. If nobody knows how much you have, it becomes difficult to steal it.
  2. Relocate to a non-western country.
  3. Don't flash wealth, be humble. Keep bargaining and be aware of prices and talk about it with people around you. It repels criminals.
  4. If you are a possible target: carry a paper explanation of how your bitcoins are stored in multisig in different countries, with time-locks and all. Hand it over to kidnappers or thiefs.
  5. If you have kids, time locks are probably the best solution, but this is a vulnerability. I would be nervous about it if I were a famous bitcoiner.
reply
That's why I feel uneasy about orange-pilling my friends. It exposes me as an early adopter. And the more I emphasize the importance of self-custody, good opsec etc. or show maxi traits, the more it exposes me as someone who potentially owns a lot of BTC (which I don't).
I imagine business owners may feel similar about accepting bitcoin payments. This may slow down adoption.
reply
Regarding "Never EVER say how much bitcoin you have" - it's crazy how people will ask you how much bitcoin you have. These are people who would never dream of asking how much money you have.
reply
This reminds me of the way socialists have taken all the sound money (gold, foreign currency, etc.) from Russian civilians after the revolution in 1917. Firstly, they robbed all the banks, rich people, and organizations taking all their money by force. When this stopped working, they monopolized all the imports of foreign goods to the country and started to sell them only for gold and non-local currency. It worked pretty well, people just wanted to buy something luxurious or even good enough. The final chord was the great famine in 1921-1923 when people were willing to buy any food, even wheat for gold. So, I really think that when BTC becomes the sound money, it will be quickly acquired by those in power, no matter what. Just because your life is more valuable than your money.
reply
It's interesting (and anxiety-inducing) to imagine the forms this might take, given the different offense / defense tradeoffs that btc introduces. In the era you describe, it was a lot more clear who had financial assets to be seized, and it was more clear when you had seized them.
What happens when it's less clear? What do the Power That Be do to restrict capital flight? Unpleasant to think about but important to try to get in front of.
reply
I think nothing can be done when you are under the power of someone else. Money, no matter fiat or bitcoin, is just a tool. To stay free you need power, not money.
reply
Looking at Lopp's list makes me think that one day, advertising ones security measures as part of ones brand, the way Andrew Tate does, will be part of "being sovereign" and "being your own bank" . Both banks and sovereigns have done both throughout history to dissuade thieves.
reply
A really good point. It makes the question amenable to signaling theory, too -- how can I advertise my security measures in a manner that's hard to fake? And how can I, as someone adopting security measure X, exert pressure on people who falsely advertise X, because having advertisements of X that are unreliable pose a danger to me and my family?
This is like a more consequential and information-rich version of the "home security sticker" problem, where you get a home security system from reputable and awesome company C, whose service is expensive, due to its awesomeness, and then they give you a sticker to deter potential thieves. But free-riders appear and realize that it's a lot cheaper to have a sticker advertising C than it is to pay for C. The usual arms race.
Thanks for the link, too, I'll have a look.
reply
As long as the equilibrium of true stickers is enough to dissuade thieves, it might be short sighted to think of false stickers as free loaders in the classical game theory and political economy sense of parasites. It's more akin to free advertising. Like fake Luis Vuitton, the balance is in prosecuting enough fakes and leaving enough to advertise they
Ultimately A bitcoin community, or Network State as Balaji likes to call it, with passports, land rights and political representation is the solution.
So on one hand, El Salvador IS Max's security mechanism, an entire country with emergent security, on the other this security is not part of his personal signal but definitely his message as lately he is saying there will be line ups at airports heading there.
The sovereign individual book, predicted countries catering to digital asset holders.
reply
As long as the equilibrium of true stickers is enough to dissuade thieves, it might be short sighted to think of false stickers as free loaders in the classical game theory and political economy sense of parasites. It's more akin to free advertising. Like fake Luis Vuitton, the balance is in prosecuting enough fakes and leaving enough to advertise[.]
While true in theory, I don't it plays out this way in practice, mainly because the asymmetry in the security example is so vast (fake sticker = $1 one time payment, real sticker from paying for the service = $100 month) which means that the likely outcome is that fake >> real; which means that, empirically, the sticker will have virtually no signaling value in practice, and not dissuade thieves at all. It wouldn't even be good advertising, since getting the security service would provide no deterrence, and your brand would in short order become synonymous for 'waste of money'.
The handbag case is quite different, mainly because thieves are not testing the validity of your handbag at great consequence to your health and safety. The signaling value of selective enforcement that you describe seems about right, though.
reply
Interesting set up. Gives me lots to consider with my cold storage multi sit set up.
reply
I don't think it's a huge problem... I mean, what's the difference between your scenario and the average rich person today?
Don't get me wrong, it's a valid discussion for any rich person.
reply
Most of the ways a rich person would be extorted are subject to some level of clawback, due to the nature of fiat and fiat-related things. There aren't that many things in modern society where settlement is really final, and where if you get sideways with it, literally nobody can alter it. Moreover, the lack of privacy in fiat world keeps a lid on a lot of malfeasance. It can only get so bad.
That said, the hyperrich have been dealing with many of these issues for a while, for sure. But the hyperrich are prepared for things that normal people typically are not.
reply
they may take our lives, but they'll never take our freedom
William Wallace explained self custody as noone before
reply
This is why it’s important to be peaceful and not harmless. Capacity for violence being the difference.
If you’re the bitcoiner known for guns and gym, you’re less of a physical target than others due to risk vs reward.
That being said, it’s not a bulletproof (heh) plan alone. Multi-sig + max-peacefulness is probably the best answer.
reply
yeah strength is good but intelligence and allegiance are at least 10x more powerful than brawn here
reply
🌎👨‍🚀🔫👨‍🚀
reply
First, single sig, of any kind, is a dead end, not only for the hodler, but for everyone. If villains can reliably obtain funds by kidnapping and torture, they are incentivized to do so. In a fiat system, a credible deterrent is that transactions are reversible. In a btc system with final settlement, the only plausible deterrent is if kidnapping / torture will reliably not work bc a person, even subject to the highest levels of duress, cannot provide access to their btc under these scenarios.
If you really think multisig is the only plausible deterrent to kidnap/torture than you aren't a very imaginative thinker.
Most of this could be solved with a good wallet developer.
reply
I'd welcome any efforts to make up for my imaginative deficiencies.
reply
0 sats \ 0 replies \ @nym 20 Apr
Multi-sig will become more necessary as computer power increases to steal low-entropy keys.
reply
well, i strongly believe bitcoin will disincentivize robbing to a great extent.... will it not? exception will always be there
reply