As someone who has worked for and/or audited most major crypto custody companies, I am sad to report every single one takes shortcuts that give single individuals acting alone the power to move billions of dollars in value. Even the ones that think they have a good split custody solution always let an IT manager have remote access to all workstations involved or a release engineer build the software that is used shifting the centralized power and risk to them.
Kidnappings and torture are becoming common as people realize this
If you directly or indirectly control secret keys of any significant financial value on your own, you or your family are going to get hurt.
Make your employers manage keys with a quorum of geographically distributed individuals with HSMs, immutable time delayed access controls, and a software supply chain that is full source bootstrapped, and reviewed, compiled deterministically, and signed by multiple people so no single person can manipulate the flow.
My team and I open sourced a lot of tooling to do this safely. Please use it, or use it for reference to ensure your internal tooling meets the same bar.
> Inside the home, the police found Polaroid pictures showing the man bound and being assaulted
Because of course. These people live in a world where nothing can touch them, least of all the law, so why wouldn’t you literally make your own evidence of your crime and leave it lying around.
0x38B · 5h ago
The most telling or disturbing thing I learned from a recent article posted here about the Crypto-related kidnappings was how criminals found some of their victims’ addresses and personal information in marketing data that companies kept on their customers.
mcintyre1994 · 3h ago
The recent Coinbase leak is mostly stored KYC data AFAIK, so even if the company isn’t using it for marketing, they’re probably being forced to store data that they’re not responsible enough to protect.
lazide · 12m ago
Yup - KYC is of course going to have identifying info on customers.
When the weakest link between the criminal and the cryptocurrency is a single person (the holder himself in this instance), that person alone would need to withstand all attacks and “rubber hose cryptanalysis”.
fallinditch · 6h ago
The most effective protection is a combination of discretion, strong security practices, and advanced wallet configurations like multisig and passphrase protection.
You could store passphrases in a hardware wallet in a bank vault in a small European country.
thebruce87m · 3h ago
> You could store passphrases in a hardware wallet in a bank vault in a small European country.
A little bit of irony here having to store your crypto related stuff at a bank to keep it safe.
grues-dinner · 3h ago
And in the "socialist" Big Government over-regulated hellscape of Europe no less.
I would have thought one of those libertarian seasteads or enclaves would be axiomatically the best place for such things?
Physical security for digital credentials is the main point here, that doesn't always imply a regular bank, many modern banks lack the bank vaults of yore in any case.
This is part of why I designed Tarsnap to keep data as secure as possible, even from me. If someone stores their crypto keys -- or world domination^W optimization plans -- on Tarsnap, I don't want to get kidnapped and tortured by anyone trying to steal that data.
episteme · 4h ago
If torturing and kidnap are on the table, how does this help? They can torture you to give them the keys just like a password.
j3th9n · 3h ago
You might want to study asymetric cryptography.
bgwalter · 1h ago
No, you'd better hope that the kidnappers have studied cryptography. If they think they can extract something, they'll go ahead anyway.
chistev · 6h ago
Who can access it?
ta988 · 6h ago
the person who uploaded it only (or whomever they shared keys with)
lazide · 4h ago
Okay, so kidnap them, right?
brazzy · 5h ago
You really think the kind of people who do such things will read your website and just give up? "Aw shucks, he's using e2e encryption, no point trying anything"?
razemio · 4h ago
You missunderstood the comment. He can not access the data. You need to find the person who uploaded it, despite him hosting said data.
VTimofeenko · 4h ago
I think you misunderstood the comment. Or maybe I did.
My understanding: the rubberhose crypto-analysis, even if unsuccessful, will result in some major damage done. Determined attacker might try to apply it regardless of any online statements on the off chance that the statements are wrong.
brazzy · 3h ago
You understand correctly. I suspect that in the experience of such attackers, it's not even an "off chance". They're probably up against exaggerated claims of security more often than truly well-founded ones.
brazzy · 3h ago
And you really think that people who routinely use torture to extract information, and for whom claims that "I don't know it!" is basically the standard obstacle to overcome, will just believe him without even trying, because it's "math" and therefore true?
The reality is, in the xkcd Rubberhose cryptanalysis scenario, being actually unable to give up the information is a MUCH WORSE situation to be be in than having a key to give up before they permanently maim/kill you. It might be better for a third party who benefits from the information remaining secret, but not for the person unable to divulge it.
But thinking you're safe because the attackers will read, understand, and believe your claims of uncompromisable cryptographic security is dangerously naive.
razemio · 2h ago
Ah okay, I get what you mean now. I thought your comment was suggesting he actually can access the information.
I still believe, which might indeed be naive, that this is the best way. It results in a failed mission lowering the risks for others and if applied for all theses services (again naive), in a general understanding.
nikkwong · 6h ago
Had Satoshi known the impact his innovation would have had on the world, all said and done, I bet he would have chosen to keep it under covers.
superkuh · 6h ago
People have been kidnapping other people to force them to give up their valuables for millennia. It's far from a new or unique thing in this context.
anonymousiam · 5h ago
True, but crypto is easier to launder. I feel safer with my money at a brokerage or a bank.
lazide · 11m ago
Normal banks can also recall transactions.
echan00 · 3h ago
If the title read 'human charged with kidnapping a d torturing a man' instead does that mean all humans are bad? I fail to see the linkage here
tux3 · 2h ago
The whole point of the kidnapping and torture was to steal bit coin cryptocurrency.
Of course it's material to the story. It'd be conpletely artificial to pretend otherwise.
Great job score one for crypto holders who plan on not revealing their key under torture.
add-sub-mul-div · 7h ago
Technology isn't even a cool field anymore, the major innovations (crypto, blockchain, AI) have such a film of sliminess around them. You have to ignore or be ignorant of the fact that they're going to be used for scams and bullshit more than for good.
stephenr · 5h ago
> the major innovations
You mean the overhyped extremely niche technologies?
nailer · 5h ago
The idea that a technology that challenges Google search, and digital money are ‘niche’ is… odd.
bpodgursky · 7h ago
This is said to happen in Russia all the time, except the police never intervene and the bodies are just incinerated once the keys are tortured out.
Kidnappings and torture are becoming common as people realize this
https://github.com/jlopp/physical-bitcoin-attacks
If you directly or indirectly control secret keys of any significant financial value on your own, you or your family are going to get hurt.
Make your employers manage keys with a quorum of geographically distributed individuals with HSMs, immutable time delayed access controls, and a software supply chain that is full source bootstrapped, and reviewed, compiled deterministically, and signed by multiple people so no single person can manipulate the flow.
My team and I open sourced a lot of tooling to do this safely. Please use it, or use it for reference to ensure your internal tooling meets the same bar.
https://trove.distrust.co
Because of course. These people live in a world where nothing can touch them, least of all the law, so why wouldn’t you literally make your own evidence of your crime and leave it lying around.
You could store passphrases in a hardware wallet in a bank vault in a small European country.
A little bit of irony here having to store your crypto related stuff at a bank to keep it safe.
I would have thought one of those libertarian seasteads or enclaves would be axiomatically the best place for such things?
Physical security for digital credentials is the main point here, that doesn't always imply a regular bank, many modern banks lack the bank vaults of yore in any case.
Tangentially, avoid showing up unannounced at grandparents house: https://www.youtube.com/watch?v=oZZmFG07OVs
Personal and physical security for founders, operators, and investors
[0] https://a16zcrypto.com/posts/article/personal-physical-secur...
Maybe there should be a version for investors to stay safe from a16z also
My understanding: the rubberhose crypto-analysis, even if unsuccessful, will result in some major damage done. Determined attacker might try to apply it regardless of any online statements on the off chance that the statements are wrong.
The reality is, in the xkcd Rubberhose cryptanalysis scenario, being actually unable to give up the information is a MUCH WORSE situation to be be in than having a key to give up before they permanently maim/kill you. It might be better for a third party who benefits from the information remaining secret, but not for the person unable to divulge it.
But thinking you're safe because the attackers will read, understand, and believe your claims of uncompromisable cryptographic security is dangerously naive.
I still believe, which might indeed be naive, that this is the best way. It results in a failed mission lowering the risks for others and if applied for all theses services (again naive), in a general understanding.
Of course it's material to the story. It'd be conpletely artificial to pretend otherwise.
You mean the overhyped extremely niche technologies?
considering that the crypto investor was a man and assuming that the man acquired the wallet he was tortured for by investing in crypto.
You'll just have to use a sock fulla nickels now I guess ... :shrug: