We like Bitcoin and we hope it will be a global reality in the next future. But, since my first wallet, I have this question: how will people be able to defend themselves against criminality?
For example, nowadays if someone is kidnapped their family's bank accounts are immediately blocked, to discourage this kind of illegal activity.
Or, if a thief catches you on the road he can get your cash, maybe a little withdrawal from the ATM, but nothing more, not all your money.
Or, if thieves enter your house, they can take what you have physically there, but the money in your bank accounts is safe.
So, what will happen when all of us have their bank in our bitcoin wallets? How can we deny having our secret words if everyone is expected to own them? There will be a time when thieves will be sure they can get seeds from the people: they will simply sit in your living room waiting for the words and, after getting them, they will wait for the transaction before greeting you. And this is irreversible.
When I think about this I don't see a solution.
The short answer is you cannot prevent all attacks, and a concerted or targeted attack (vs. an opportunistic one) is harder/impossible to fully defend against.
Hot funds are always a risk - so plan to reduce the amount of hot funds you have at any one time.
One potential mitigation is to ensure that the bulk of your assets, the cold storage, is remote from this kind of attack. For instance, perhaps a multi-sig which requires several keys that you do not, and cannot, access quickly (geographically and potentially jurisdictionally separate). Opportunistic attacks may fail to get your bitcoin if it'll take hours/days/weeks to finally pay.
Using collaborative custody, where one keyholder has to be convinced to release your funds (and is specifically looking for signs of coercion) is another possibility.
reply
How do you feel bout Exodus for a warm / budget friendly wallet? the only one I can afford and also works with me right now? Is this a safe alternative to keeping HOT?
reply
Or is this actually considered 'cold'?
reply
I've not used Exodus, but if it's on your phone, it's not cold. If you want a budget friendly solution, you can't beat free - sparrow and paper.
There are downsides to every setup, and the basic idea is to match the level of protection with the risk. Spending 300,000 sats on a nice Coldcard Q1 is perhaps excessive to protect 15,000 sats, but is cheap to protect 150M sats.
I keep an amount of sats in a phone wallet (kinda - I use zeus which connects to my self-custody node, but it's fully accessible on my phone), for ease of spending. But I also know that if my phone were to be stolen, those sats might be at some risk of loss.
reply
collaborative custody? like a third party (for example a company) that has to be involved for payments?
reply
Yes, for big payments at least. It makes sense for there to be a larger wallet for savings and a smaller wallet for payments. The larger wallet can be secured with a 2-of-2 that turns it into a 1-of-1 after some agreed to amount of time. This would allow the company to protect against key theft while still allowing the owner of the funds to move their stack if the company goes MIA.
reply
great solution... and it doesn't seem too complicated!
reply
Potentially, think Unchained. There are many ways to make it work.
Also, I’m including a situation where collaborative custody includes maybe a family or business.
reply
ok, this is a good solution that calms my doubts!
reply
Diversify your funds, use cold wallets, you can never be 100% safe, that's why it is said that only the paranoid survive, security starts with you.
reply
so we can say having bitcoins cannot be totally comfortable... this is something I should try to accept
reply
The price of liberty is eternal vigilance
reply
51 sats \ 1 reply \ @dtonon 26 Apr
I think the solution is Time Locked (eventually multisign)
Wallets with a good locktime UX are starting to rise, e.g. Liana.
reply
maybe not totally perfect but a kind of solution that can be considered
reply
It's a 3-tiered solution:
  1. Wallet: a hot wallet on your phone/device where you keep your 'spending' BTC (ie; CashApp, Strike)
  2. Safe: Single sig cold wallet where you store your longer term coins (ie; Jade, ColdCard, Seed Signer, + Sparrow)
  3. Vault: Multi sig cold wallet where you store you long-long term coins (ie; Unchained)
If this is your setup, just like the scenario you proposed, a blunt-force attack can only realistically steal what's in your 'wallet.' Additionally, you can setup your 'safe' and 'vault' with passphrases and decoy accounts just to be extra cautious.
reply
I like to see my concern can be tamed 😁
reply
How do you feel about Exodus wallet? it's the only "warm" I guess you would call it, that I can afford and works for me right now.
reply
Personally, I don't eff with wallets that utilize anything other than Bitcoin. This is because of the additional attack vectors created from having multiple chains associated with a single device/wallet. Also, if it's not Bitcoin it's a sh*tcoin (in my opinion), so stick with the maxis.
If you're looking for a good hot wallet, just use Strike or CashApp. Strike edges out with the low cost of buying BTC, but CashApp has greater functionality as a bank. Then when you're ready for a cold storage custody wallet, use the Blockstream Jade. It's the best option for the lowest price ($70-80ish). Can't beat that.
reply
Or is this actually considered "cold"?
reply
If it's not cold, it's hot. The only way to be cold in any sense to be completely offline: no screens, no cables, no keyboard, no internet, no computer, no camera, period.
reply
from my understanding, "warm vs hot" (both may be connected to net), however the difference is that the "warm" is a stand alone app of some sort & Not An Exchange! I don't claim to know everything, but this makes sense to me. You can research many articles on the topic, and a "warm" version is often listed as an option!
reply
there is such thing as "warm"
reply
There are all sorts of schemes that you could employ to protect the vast majority of your stack from theft, but I kinda feel like if the culture can embrace a hard currency and everything that naturally flows from it*, then we'll all get so stinking rich that it'll just be easier for intelligent would-be criminals to just work for bitcoin rather than try to steal it, because it's going to suck real bad always watching over your shoulder and not leaving clues about the source of your funds.
It will take decades if not centuries to part with the scarcity/"get something for as little work possible" mindset we've evolved millennia with, but I truly believe abundance fixes theft, or at least reduces the occurrences and their effects.
* this is the only real way everyone ends up with bitcoin
reply
so optimistic 😊
reply
always appreciate optimism when there is fear 🙏
reply
The solution is new cultural norms and new institutions. But it will take a while. Discussed here.
reply
very good reading, thank you so much!
reply
I feel somewhat obliged to reply as I mentioned this risk here a few days ago.
Firstly, I'm much more concerned about rapidly progressing totalitarian technocracy, with the Chinese social credit system now in place, CBDCs under a frenetic pace of development and an absence of constitutional protections in almost every country apart from the US.
I think if someone wanted to target you, a much more likely attack vector would seem completely innocent to the victim, like the case of the Bettencourt family:
At the root of the family dispute was the alleged abuse of Bettencourt’s weakness by society photographer Francois-Marie Banier, who had been given “gifts” by the billionaire totalling millions of euros. The guardianship order would be recognition that Bettencourt, 88, is incapable of managing her own finances.
A fairly standard investment scam also seems a likely approach.
Kidnapping and direct theft of an asset as challenging as Bitcoin would require unusual conditions. Kidnapping is almost invariably related to organised crime and mafia activity with state involvement. Fiat targets are much simpler for obvious reasons.
If I were a Ricardo Salinas Pliego, for example, living in a country where it's a fairly common crime and having been very open about being a major hodler, I'd have serious security in place. I'm sure he does and understands the game he's playing.
If I found myself living in Sicily, I'd leave immediately, but again I don't think that level of mafia/government coordination exists in many countries.
I do believe that FATF and many national governments are creating a system that incentivises crimes like kidnapping, and I suspect that's intentional. But Bitcoin is the best solution we have.
reply
well you are right, it depends on the countries too.
reply
Yes, I think others handled the question perfectly on technical solutions. If you want to read more, I'd suggest the keywords 'bitcoin wrench attack'.
I'm suggesting that you're more likely to be hit in more subtle ways that aren't specific to Bitcoin, especially if your focus is on guarding against a wrench attack. Consider your own environment, no advice fits everyone.
When I was first learning about Bitcoin, I felt a bit like you - I didn't really trust myself to manage self-custody. Embracing it has been good for my confidence and self-respect, similar to working out.
reply
wow, I have just typed "bitcoin wrench attack" on Google and I have seen a lot of material to read! So glad, thank you for the suggestion... english is not my mother tongue and I didn't know this idiom 😋 Seeing this topic has been alteady discussed sonmuch calms me a lot, I will learn as much as I can. Thank you again!
reply
Basic wallet security fixes a lot of this, and none of it protects you from being tortured until you give up your funds anyway. But it's not like our fiat system is stopping people from stealing money. There's always going to be a way to steal money.
For your "spending" wallet, which will have just enough to cover expenses for a month or two, using a hardware wallet w/ passphrase is fine, especially if you store the passphrase and backup in separate locations.
For long term life savings, using multisig w/ multiple locations or collaborative custody multisig is the answer. It's essentially thief resistant. Unchained is expensive to use, but they have a lot of free materials on how to do this well by yourself.
reply
well, for example the difference is that a bank transfer can be blocked, this can be a bad but sometimes a good thing. Instead a btc transfer is always irreversible.
reply
A cash transfer can’t be blocked
reply
yes, it can, against your will. For example in the case of a kidnapping of a relative of yours, in many countries you cannot make a bank transfer.
reply
I’m talking physical cash
reply
sorry! Now I have understood what you meant!
reply
No worries! Fiat is so digital it’s easy to assume that’s what cash means most of the time lol
reply
Stop talking about holding Bitcoin in public for now.
For later on when everyone owns them, stop worrying about them.. because it's you who has to say that 'please leave me, I only have fuckin' one hundred or thousand sats.'
reply
ahahaha 😁
reply
Bitcoin is not for the weak, only for the brave. Read and learn: https://darth-coin.github.io/
  • Geographically distribute your keys
  • Multi-sig wallets
  • Don't go around talking about bitcoin in public
  • Keep a smaller amount in a hardware wallet that you could send if necessary. Enough value to be believable but not your whole stack.
If your wallets and keys are located in different places and you actually cannot send funds without a high level of difficulty, it will reduce the chance that you actually lose funds. Even if you are kidnapped, you need your keys to move funds. If only you know where the keys are, it gives Stacker News more time to assemble a renegade unit of bitcoin vigilantes to come to your rescue.