This is one of those stories that has the elements of a pessimistic view of cryptocurrency and it’s pitfalls but by the end of it makes you stop and think to yourself “Bad people want money, they will do horrible things to get it, that has always been true.”
Flashing your wealth on social media or being a high profile executive is dangerous, crypto-ties or not.
jsheard · 4h ago
As usual it's not so much that the scams and attacks are unique to crypto, it's that crypto makes them much worse by willfully ignoring hard-earned lessons in traditional finance. Kidnapping for ransom isn't new, but what is new is that if you kidnap a known crypto whale you can instantly, untraceably and irreversibly extract most of their net worth with a bit of "convincing", without raising any alarms until it's too late.
Animats · 4h ago
> it's that crypto makes them much worse by ignoring hard-earned lessons in traditional finance.
Indeed. A friend of mine manages a retail bank branch for a major US bank. She gets a few cases a week where someone appears to be a scam victim or is being coerced in some way. They want to make an unusually big cash withdrawal for their account history, or do an unusual money transfer, or something involving gift cards. She's seen all the standard scams by now, and is experienced in explaining what's going on to the victims. Often she can talk them down, or help them. Sometimes even get previously scammed money back.
A surprisingly large part of retail finance work is dealing with fraud and fixing problems. The routine transactions have been automated for years, after all.
Crypto land lacks this.
This is why some crypto people have most of their coin in multisig wallets. They can only transfer small amounts without getting m-of-n friends to sign their transaction. If your friends know not to do that without hearing a code word, then the alarm will be raised.
Another option is to keep your cold storage in a safe deposit box or private vault, so you have to physically go someplace where there are other people. An advantage of the multisig is that the criminals can verify the situation, possibly before they show up at your house.
WalterBright · 4h ago
Couldn't one's crypto pile be divided into multiple wallets, each with different passwords?
AnimalMuppet · 4h ago
Sure. But if I know about how much you've got, then if I've got you, I can beat all the passwords out of you.
Worse: Even if you give me all your passwords, I may want to keep beating until I'm really sure that you're not holding anything back.
kev009 · 4h ago
If you have enough to worry about someone beating out of you, maybe putting some into professional multiparty custodial systems and/or one or more cold wallets with trustees is a good idea. This idea scales fine with geopolitical risk.
Your "hot wallet" should be like cash, no more than you are prepared to lose/surrender at once.
PostOnce · 3h ago
Or you could just have real money in an insured bank
And your cold wallet could be the stock market or real estate or private equity
Then you're much safer and just as wealthy
kev009 · 2h ago
None of these things are mutually exclusive. Holding a large pile of any one country's fiat is probably the dumbest move. Ownership of physical assets that generate revenue is the smartest.
1659447091 · 3h ago
And to add: Your "hot wallet" being bank issued credit cards for everyday purchases or emergencies that you are prepared to lose/surrender the moment someone tells you to hand over your wallet.
Later log into the accounts, flip the toggle to stolen/lost and mark unauthorized purchases if there are any. Then sleep peacefully knowing new credit cards are in the mail and you are only out the cost of the physical wallet holding the cards that were stolen.
vkou · 3h ago
> maybe putting some into professional multiparty custodial systems and/or one or more cold wallets with trustees is a good idea.
So, you want to delegate your ability to spend your money to other people.
Why not just go to a bank? It can do that for you, plus pay you interest.
kev009 · 2h ago
Most people of any significant wealth would have made the delegation long ago to private client banking where a team of people overlook all aspects of the accounts. So yes, you are a fool not to if you have the level of wealth proportional to having it beaten out of you in your geopolitical region.
A custodial service is a bank that operates on a different network and is not FDIC insured (which only covers $250k). It could be insured privately. The interest on an FDIC deposit account is well below true inflation of fiat currencies.
WalterBright · 2h ago
You could make passwords too long to remember. Write them down and put them in a safety deposit box.
atmavatar · 1h ago
That's when the bad guys grab one or more loved ones and threaten to do bad things to them until you retrieve the passwords.
WalterBright · 1h ago
True, but that makes for a much riskier proposition for the bad guys. The whole point of these bitcoin grabs is minimal risk.
The risk would be about the same as for any ransom scheme.
Aurornis · 4h ago
> Flashing your wealth on social media or being a high profile executive is dangerous, crypto-ties or not.
Having your wealth held in a form that can be instantly, irreversibly transferred in a way that can be done anonymously by skilled individuals is an added risk.
Some of the same features that people celebrate about crypto make it uniquely advantageous to people looking to execute these attacks.
Yes, we know that in theory attackers could go after some random high profile person and force them to go through bank transfers and then go through all of the additional steps of washing that money through international banks in a way that hopefully cleans their trail sufficiently.
But anyone planning an attack like that would be drawn to a target that already has their money held in a digitally transferable format that is infinitely easier to launder using the modern array of cryptocurrency tools.
appreciatorBus · 4h ago
Yes tho there is also the element of crypto ppl rediscovering the risks of decentralized & physical stores of value.
hristov · 2h ago
There was a terrible spate of kidnappings in the first half of the twentieth century, the Lindbergh baby being the most notorious, but the police have gotten good at foiling them. They mark the currency, alert all the banks etc.
Most businesses turn their cash over to a bank at the end of the day, so any ransom cash that the kidnappers spend or deposit in a bank is tracked very quickly.
Of course crypto can be tracked as well, but financial institutions are required to follow authority instructions and freeze and reverse assets that may belong to kidnappers. In most crypto there is no authority to reverse the assets.
You can have a system where ids of all wallets containing stolen crypto are kept in a database and nobody does accepts any payments from these addresses. However many crypto advocates are strongly opposed to such a system.
So in conclusion, kidnapping of law abiding citizens for ordinary money has not been happening in the us for a while because the fbi had made it clear that it does not pay. But crypto is a whole other business.
It is hopeful that for all current cases the perpetrators seem to have been caught. But i am afraid there may be more attempts before criminals are convinced it does not pay.
ChrisMarshallNY · 3h ago
> Flashing your wealth on social media or being a high profile executive is dangerous, crypto-ties or not.
Ask Kim Kardashian about that. I don't think she had anything to do with crypto.
Of course, but before cryptocurrency a mugger couldn't drain your investment accounts.
OutOfHere · 4h ago
They still can't if one doesn't advertise them, doesn't have them obviously visible on the phone, and the criminals don't find out about them.
bdangubic · 4h ago
yea, for sure that was super easy thing to do /s
neilv · 3h ago
> Those concerns intensified this week with cryptocurrency exchange Coinbase disclosing that as many as 97,000 customers have had their personal information stolen, including addresses and balance snapshots.
I'm not a professional journalist, but let me give it a shot:
"Those concerns intensified this week, with the disclosure that criminals stole from cryptocurrency exchange Coinbase the personal information of as many as 97,000 customers, including cryptocurrency balances and physical addresses."
Just don't flaunt your crypto, and don't have any visible crypto apps or widgets on your phone either. Whether you are rich or poor, don't look particularly rich. Also, if you hold an ETF like IBIT, that's traditional.
john2x · 4h ago
If cryptobros didn't flaunt their wealth, crypto wouldn't have been where it is now. Flaunting is part of the spec.
No comments yet
Flashing your wealth on social media or being a high profile executive is dangerous, crypto-ties or not.
Indeed. A friend of mine manages a retail bank branch for a major US bank. She gets a few cases a week where someone appears to be a scam victim or is being coerced in some way. They want to make an unusually big cash withdrawal for their account history, or do an unusual money transfer, or something involving gift cards. She's seen all the standard scams by now, and is experienced in explaining what's going on to the victims. Often she can talk them down, or help them. Sometimes even get previously scammed money back.
A surprisingly large part of retail finance work is dealing with fraud and fixing problems. The routine transactions have been automated for years, after all. Crypto land lacks this.
Here's a bank's guide to current scams.[1]
[1] https://www.firstcitizens.com/personal/insights/security/top...
Another option is to keep your cold storage in a safe deposit box or private vault, so you have to physically go someplace where there are other people. An advantage of the multisig is that the criminals can verify the situation, possibly before they show up at your house.
Worse: Even if you give me all your passwords, I may want to keep beating until I'm really sure that you're not holding anything back.
Your "hot wallet" should be like cash, no more than you are prepared to lose/surrender at once.
And your cold wallet could be the stock market or real estate or private equity
Then you're much safer and just as wealthy
Later log into the accounts, flip the toggle to stolen/lost and mark unauthorized purchases if there are any. Then sleep peacefully knowing new credit cards are in the mail and you are only out the cost of the physical wallet holding the cards that were stolen.
So, you want to delegate your ability to spend your money to other people.
Why not just go to a bank? It can do that for you, plus pay you interest.
A custodial service is a bank that operates on a different network and is not FDIC insured (which only covers $250k). It could be insured privately. The interest on an FDIC deposit account is well below true inflation of fiat currencies.
The risk would be about the same as for any ransom scheme.
Having your wealth held in a form that can be instantly, irreversibly transferred in a way that can be done anonymously by skilled individuals is an added risk.
Some of the same features that people celebrate about crypto make it uniquely advantageous to people looking to execute these attacks.
Yes, we know that in theory attackers could go after some random high profile person and force them to go through bank transfers and then go through all of the additional steps of washing that money through international banks in a way that hopefully cleans their trail sufficiently.
But anyone planning an attack like that would be drawn to a target that already has their money held in a digitally transferable format that is infinitely easier to launder using the modern array of cryptocurrency tools.
Most businesses turn their cash over to a bank at the end of the day, so any ransom cash that the kidnappers spend or deposit in a bank is tracked very quickly.
Of course crypto can be tracked as well, but financial institutions are required to follow authority instructions and freeze and reverse assets that may belong to kidnappers. In most crypto there is no authority to reverse the assets.
You can have a system where ids of all wallets containing stolen crypto are kept in a database and nobody does accepts any payments from these addresses. However many crypto advocates are strongly opposed to such a system.
So in conclusion, kidnapping of law abiding citizens for ordinary money has not been happening in the us for a while because the fbi had made it clear that it does not pay. But crypto is a whole other business.
It is hopeful that for all current cases the perpetrators seem to have been caught. But i am afraid there may be more attempts before criminals are convinced it does not pay.
Ask Kim Kardashian about that. I don't think she had anything to do with crypto.
I'm not a professional journalist, but let me give it a shot:
"Those concerns intensified this week, with the disclosure that criminals stole from cryptocurrency exchange Coinbase the personal information of as many as 97,000 customers, including cryptocurrency balances and physical addresses."
https://xkcd.com/538/
Although this is the one I'm really worried about:
https://www.xkcd.com/2203/