how to make theft impossible
today, —
Joe Hodler doesn’t feel safe going to local meet-ups!… Attackers specifically target Bitcoiners // as Jameson Lopp’s repoclearly shows…
& the most common storage methods used today — allow Attackers to easily steal all your bitcoin.
the $5 Wrench-Attack problem is a scary reality for us all, but there are now simple solutions !…
let’s step back and see this attack-vector in perspective —
3 major kinds of personal attacks
- Wrench — physical — ranging from a opportunistic “mugging”… to a Bitcoin-targeted assault
- Ransom — physical — & possibly cyber
- Sophisticated — physical & cyber & legal — organized crime & state-level actors
first, let’s clarify — I am not asserting that it’s possible to prevent someone from physically attacking you. Only common-sense & preparation can reduce that risk…
a skillful private-key storage strategy solves the $5 wrench-attack by
- removing your ability to directly access your BTC
- requiring verification of your safety
- preventing an Attacker from simply stealing all your bitcoin
thus — forcing the Attacker into a ‘ransom scenario’, which has additional risks for the attacker, such as police involvement & also preserves your health…
in the next level of attack, a Ransom — if someone gives the Attacker $ or BTC, that’s not ‘theft’ — it’s ‘coercion’
examine incentives
let’s examine the incentives that you’re giving potential attackers based on different private-key storage strategies.
let’s start with a very weak strategy, which, crazily, is the industry-standard-practice in our community today…
“duress” pass-phrases
using them to hide your all your BTC incentivizes attackers to:
- attempt an attack — there is a big pay-off if saving accounts are simply hidden with a secret word
- continuously torture you- because you could be hiding more…
this strategy will fail !
you will lose all your BTC !
even if you’re never attacked —
- this strategy will stress you out…
- puts — people who don’t use duress pass-phrases — at risk, because attackers know that this is the most common strategy today
again, i must implore leaders, like SatoshiLabs & nvk to reconsider these critiques and update their recommendations !
the $5 Wrench-Attack problem is solved by —
- reducing the incentives to attack
- increasing the risks for the attacker
- & specifically by — separating your access information !
there are different ways to separate your access info:
- multi-sig software
- seed-splitting (for example- put 12 here & 12 there)
CWAP was specifically designed to solve the $5 wrench problem…
- separate your 24 [seed-words] from your [pass-phrase]
to summarize —
Don’t be a single-point-of-failure !
your long-term saving should NOT be accessible without high-quality verification that you are safe !
if HODLing isn’t safe, How can Bitcoin scale ?…