HN Reader

Show HN: I'm an airline pilot – I built interactive graphs/globes of my flights (jameshard.ing)

733 points by jamesharding 6h ago 127 comments

Show HN: IssuePay – Get paid for open-source contributions (issuepay.app)

2 points by Mario10 46m ago 0 comments

Show HN: Zenta – Mindfulness for Terminal Users (github.com)

142 points by ihiep 10h ago 29 comments

Show HN: Sink – Sync any directory with any device on your local network (github.com)

83 points by sirbread 13h ago 71 comments

Show HN: I made a tool to convert recipes to an easy reading graphical notation (gobsmacked.io)

2 points by ekglimmer 1h ago 1 comments

Show HN: PILF, The ultimate solution to catastrophic oblivion on AI models (github.com)

16 points by NetRunnerSu 8h ago 4 comments

Show HN: Magnitude – Open-source AI browser automation framework (github.com)

121 points by anerli 1d ago 39 comments

Show HN: I'm 15 and built Gofer, an AI that gets actual terminal work done (github.com)

8 points by jleuthardt 3h ago 1 comments

Show HN: Wayland Speech-to-Text Tool (github.com)

10 points by artur_roszczyk 7h ago 0 comments

Show HN: I built an AI dataset generator (github.com)

154 points by matthewhefferon 1d ago 31 comments

Show HN: PRSS Site Creator – Create Blogs and Websites from Your Desktop (prss.co)

23 points by volted 21h ago 19 comments

Show HN: A Ruby gem that generates a secure, unique ID for the current machine (github.com)

2 points by daviducolo 8h ago 0 comments

Show HN: An accurate implementation of Pomodoro Technique (flowkeeper.org)

3 points by ity75303 10h ago 2 comments

Show HN: Kokonut UI – open-source UI Library (kokonutui.com)

2 points by kokonutt_ 1h ago 0 comments

Show HN: A Python Language Server, Mypy-compatible (zubanls.com)

39 points by davidhalter 6h ago 13 comments

Show HN: I built a JSON-RPC library for Zig with compile time reflection (github.com)

12 points by ww520 1d ago 2 comments

Show HN: Daf·thunk – open-source Editor for Prototyping Workflows on Cloudflare (dafthunk.com)

12 points by bchapuis 11h ago 1 comments

Show HN: Oasis – An open-source, 3D-printed smart terrarium (github.com)

141 points by jbuch 3d ago 18 comments

Show HN: Scream to Unlock – Blocks social media until you scream “I'm a loser”

239 points by madinmo 2d ago 127 comments

Show HN: A Chrome extension that converts formula images to LaTeX (chromewebstore.google.com)

4 points by abagh999 7h ago 0 comments

Show HN: Built a Food Scanner for Longevity (getbiohack.app)

6 points by Fbue 22h ago 1 comments

Show HN: Free tool to resize ChatGPT images to perfect 16:9 (aithumbnail.so)

5 points by sachou 13h ago 3 comments

Show HN: I wrote a GPU-less billion-vector DB for molecule search (live demo) (cheese-new.deepmedchem.com)

9 points by mireklzicar 19h ago 2 comments

Show HN: Elelem, a tool-calling CLI for Ollama and DeepSeek in C (codeberg.org)

43 points by atjamielittle 2d ago 3 comments

Show HN: Anytype – a local and collaborative database with API and MCP server (zhanna.any.org)

17 points by sharipova 1d ago 0 comments

Show HN: Promise.allSettled Alternative with Concurrency Support (github.com)

5 points by fahimfaisaal 16h ago 0 comments

Show HN: Piper-mode – Text-to-speech for Emacs using the Piper TTS engine (github.com)

7 points by snowy_owl 1d ago 1 comments

Show HN: News-Hook lets you prompt alerts to stay informed on anything (news-hook-frontend-205743657377.southamerica-east1.run.app)

7 points by lendacerda 18h ago 0 comments

Show HN: DevOps made easier for startups (obelis.ai)

3 points by fedepochat 18h ago 0 comments

Show HN: Comparator - I built a free, open-source app to compare job offers (comparator-one.vercel.app)

83 points by MediumD 3d ago 42 comments

Show HN: Listed – An agentic platform to rank your business on AI

5 points by GetListed 18h ago 1 comments

Show HN: A Storage-Agnostic Golang Message Queue (github.com)

7 points by fahimfaisaal 19h ago 0 comments

Show HN: Weather Watching (walzr.com)

93 points by walz 4d ago 17 comments

Show HN: Autumn – Open-source infra over Stripe (github.com)

139 points by ayushrodrigues 3d ago 46 comments

Show HN: Rust ↦ WASM, K-Means Color Quantization Crate for Image-to-Pixel-Art (github.com)

9 points by gametorch 1d ago 0 comments

Show HN: What time is it in Corporate (peoplesgrocers.com)

11 points by marxism 20h ago 0 comments

Show HN: VSCan - Detect Malicious VSCode Extensions (vscan.dev)

50 points by shadow-ninja 2d ago 27 comments

Show HN: Frametwo – Tired of my videos getting flagged, so I built this (frametwo.com)

5 points by andrewjustus 1d ago 0 comments

Show HN: Chisel – Profile GPU Kernels Without a GPU (Nvidia and AMD) (github.com)

3 points by technoabsurdist 22h ago 0 comments

Show HN: I built a cloud on my own ASN w real 1:1 compute to fight the cartels (infuze.cloud)

10 points by ccheshirecat 1d ago 6 comments

Show HN: Report idling vehicles in NYC (and get a cut of the fines) with AI (apps.apple.com)

194 points by rafram 5d ago 286 comments

Show HN: Vibeflirting turns bad selfies into good dating pics for Tinder (vvibeflirting.com)

3 points by rjyoungling 23h ago 2 comments

Show HN: I built an under-the-door fan duct to lower bedroom CO2 (lepekhin.com)

62 points by bizzz 3d ago 29 comments

Show HN: Zizmor, static analysis for GitHub Actions (docs.zizmor.sh)

3 points by woodruffw 1d ago 0 comments

Show HN: AI Phone Interviewer – get a call in 30 seconds

15 points by OlehSavchuk 1d ago 15 comments

Show HN: PLJS – JavaScript for Postgres

10 points by jerrysievert 1d ago 8 comments

Show HN: Chat with ChatGPT, Claude, Grok, Gemini and Llama on One UI (instaask.ai)

5 points by oksteven 1d ago 4 comments

Show HN: Inworld TTS – high-quality, affordable, and low-latency TTS (inworld.ai)

24 points by rogilop 1d ago 14 comments

Show HN: Pocket2Linkding – Migrate from Mozilla Pocket to Linkding (github.com)

4 points by kc3 1d ago 0 comments

Show HN: An open-source app to query 10 AI models at once (github.com)

5 points by nexarithm 1d ago 4 comments

Wrench Attacks: Physical attacks targeting cryptocurrency users (2024) [pdf]

120 pulisse 117 5/25/2025, 11:56:16 AM drops.dagstuhl.de ↗

Comments (117)

Adrig · 33d ago
Two instances of crypto kidnapping happened recently in France just a few weeks apart. The first was the father of a crypto milionnaire who was rescued after a few days, missing a finger. The second is the daughter of a crypto CEO who fended off a kidnapping in broad daylight in the center of Paris, while she was with her husband and baby. Insane stuff.

This will only go worse and harder to protect from. Most of the instances I heard about were carried by "amateurs", which makes all this quite unpredictable.

yupyupyups · 32d ago
Thinking of cryptocurrencies, and trade with them, as the wild west, it shows that many people out there will turn into absolute animals and take the rights of others if the law wasn't there holding a gun to their heads to keep them in check.
mensetmanusman · 32d ago
These events will cause crypto to reinvent the entire financial and legal system then :)
ofjcihen · 32d ago
I mean kidnapping is still illegal.

What’s a crypto based legal system look like? I’m thinking maybe your sentence fluctuates depending on how many people have been released recently.

Maybe clever kids can fork their own legal systems?

bugtodiffer · 32d ago
by removing more of the legal system
aleph_minus_one · 32d ago
... but (hopefully) without the insane amount of its historical baggage.
lcnPylGDnU4H9OF · 32d ago
Not really, though. Kidnapping and extortion are still illegal. The law, gun to the head included, is still there. If anything, this just shows what might happen if personal wealth is detailed on a public ledger.
hn_throwaway_99 · 32d ago
The irony of this is that the completely irreversible nature of crypto transactions, which crypto boosters highlight as one of the primary security benefits of crypto, is actually its biggest Achilles heel.
beeflet · 32d ago
If crypto transactions were reversible, then the person accepting cryptocurrency from thieves couldn't be confident that the chain of transactions would not be reversed. So it's a necessary condition of fungibility. Similar to physical cash or gold.

Also, cryptocurrency transactions are reversible, it just takes a hard fork or a 51% attack in order to do so. See the etherium DAO hack and resulting fork. I would argue this is a bad thing, as it goes against the principles of cryptocurrency.

popol12 · 32d ago
After all these years I fail to understand how people seemingly versed in the subject are still spelling Etherium with an "i" instead of an "e". I wonder if all the occurrences of the error are made by people of the same linguistic origin. Out of pure curiosity, I wonder if you could share if you're an English native ? If so, it would rule out this hypothesis. If you are not an English native, would you share your mother tongue with me ? I myself am (an admittedly nosey) French.
AStonesThrow · 32d ago
Partly because that is how it’s spelled in Magic: the Gathering; the Ethereum founders say:

https://en.wikipedia.org/wiki/Ethereum#Founding_(2013%E2%80%...

Buterin chose the name Ethereum after browsing a list of elements from science fiction on Wikipedia.

https://en.wikipedia.org/wiki/List_of_fictional_elements,_ma...

Also, “Ethereum” looks like a misspelling to me; even though we’ve got “petroleum” and “linoleum” my instinct is to replace it with the more common “-ium” ending from the Periodic Table.

However, I have never been inclined to pronounce or spell “Dubai” with a diaresis, because it’s an Arabic word with a diphthong.

I am a native speaker of American English, second language Spanish; polyglot including proficiency in Latin, Italian, Greek, Sanskrit, and Semitic family.

popol12 · 32d ago
Interesting, thanks. About Dubai, in french it would be pronounced "Du-bay" without the diaresis. It is not ambiguous in english though, but it never occurred to me !
beeflet · 32d ago
I'm well-versed in cryptocurrency topics, but not well-versed in ethereum-related topics.

I am an english native, I probably picked up the -ium suffix because that's how elements are usually written.

gverrilla · 32d ago
Some crypto-ancap-bros I know would say this happened because these individuals failed to hire proper private security...
baby · 32d ago
What stopped all the bank robberies? What stopped high-level government assassinations? What stops celebrities from being attacked/kidnapped?

In general, don't make yourself a target by self-custodying.

aleph_minus_one · 32d ago
> What stopped high-level government assassinations? What stops celebrities from being attacked/kidnapped?

This has not been stopped, but mitigated a lot by hiring a sufficient amount of bodyguards.

aleph_minus_one · 32d ago
> because these individuals failed to hire proper private security...

... or consider an important reason in the very restrictive gun laws in France.

morkalork · 32d ago
Recently happened in Montréal too and yes, very amateurish operation that went very very wrong: https://globalnews.ca/news/10868204/quebec-crypto-influencer...
popol12 · 32d ago
You mixed it up, the guy who lost his finger was a well off co-founder of a crypto company but not super duper rich himself, he was however the friend of a super rich of his co-founders. The goal was to extract money from this other person by hurting his friend.

There was however another case with the french familly of a Dubaï expatriated influencer, with a happier ending this time.

baobun · 32d ago
They don't have it mixed up. There were two separate cases with mutilated hands in the news recently, both France. You speak of the Ledger co-founder while GP of another.
popol12 · 32d ago
My bad, I should have checked sorry.
ofjcihen · 32d ago
Agree it will only get worse especially with the recent breaches of crypto wallets and PII associated with holders. If even some of these attempts to extort are successful we might see the breach-to-physical-attack pipeline become common.
baby · 32d ago
I would imagine that if you were not an amateur you would be trying to directly attack smart contracts
_tom_ · 33d ago
Literally yesterday:

https://www.nytimes.com/2025/05/24/nyregion/crypto-investor-...

dang · 32d ago
Discussed here:

Crypto investor charged with kidnapping and torturing - https://news.ycombinator.com/item?id=44085188 - May 2025 (67 comments)

thasso · 33d ago
Why don't we hear about this happening to people who are equally wealthy in classical (non-crypto) assets? Are they more discreet and harder to make out or are there protections in place at, e.g., banks that limit the efficacy of these kinds of attacks? I guess most wealth people don't have enough of their wealth in liquid assets to be a good target but people with lot's of crypto assets can easily transfer it all.
topranks · 33d ago
Those people keep their money in banks.

Sure you can pressure people to transfer money from banks to you. But that will be easier to trace and the transactions could just be reversed. If moving all your wealth the bank is likely to ask some questions, maybe want to see you in person.

With crypto the philosophy is “be your own bank”. It’s like keeping your money under the mattress. So you are a much more promising target.

XorNot · 32d ago
Also bank transactions are reversible.

e.g. you have not had a wonderful windfall of someone mistypes an account number and send you a $1 million. You are in fact obligated to report the issue and not simply go "great!" and start spending the money, tonthe point that you can be held legally liable.

It's not 100% but as people are fond of saying: we do live in a society, it's hardly onerous.

nullc · 32d ago
Kinda backwards there, _billions_ of dollars a year are stolen from US residents that have the money in banks, the FTC says 12.5 billion last year. It's so easy that you don't even have to apply a wrench.
const_cast · 32d ago
Yes you can do identity theft type things, but the in-flesh attacks are much harder.

Me kidnapping you probably isn't going to yield me much money from a bank. And robbing a bank is a death sentence.

No comments yet

ofjcihen · 32d ago
You can also do non physical attacks to steal crypto. Sim-swapping being one.
ls612 · 33d ago
Kidnapping for ransom used to be big business for US organized crime. Then the law changed to basically outlaw paying ransoms (all negotiations had to go through the FBI) and while a few people died, kidnapping for ransom in the US largely died as well after the 80s.
akoboldfrying · 32d ago
This is really interesting, thanks. Is it generally believed that this law change is the reason for the sharp drop in kidnapping in the US? (Or did it coincide with other changes that might explain it?)
ls612 · 32d ago
A credible policy of not paying ransoms led to it becoming an unprofitable business.
supriyo-biswas · 32d ago
> banks that limit the efficacy of these kinds of attacks?

In my country, transfers of very large sums often require upping the transaction limit by visiting the bank branch, filling out a form and then submitting it at which point it’ll be accepted in a few days.

While obviously inconvenient when trying to transfer funds for investments, etc. it’s easy to see why the system prevents fraud of this sort.

wslh · 33d ago
When you create your own keys, you essentially become the bank. Additionally, with exchanges or other custodial platforms, once you move funds, the transactions are irreversible and can be very difficult, or even impossible, to trace.
brulard · 32d ago
Why would you say they are difficult/impossible to trace? It's publicly visible where it goes and where it gets eventually spent. Ill gained bitcoin even gets flagged and its very hard to spend.
batshit_beaver · 32d ago
1) You can track the transactions publicly, but once the crypto hits the wallet of someone that can trade cash for it, you've lost track of the criminal.

2) Privacy focused currencies like Monero make it exceedingly difficult to attribute transactions to specific individuals.

Horffupolde · 33d ago
Because the public doesn’t relate to these victims.
acdha · 33d ago
It seems like quite a stretch to think the public feels significantly greater affinity to wealthy people who hold stocks, real-estate, and other traditional assets compared to cryptocurrency speculators. It seems like a much more parsimonious explanation that the attacks are more prevalent in the less secure medium since attackers are more likely to succeed.

“Be your own bank” makes a cool bumper sticker but it’s like saying “be your own pilot” or “do your own surgery” in terms of complexity and risk. There’s a reason why these things traditionally involve teams of people with various safety precautions baked in to make attacks riskier.

ofjcihen · 32d ago
…Are we doing a “persecuted crypto-holders” thing now?

In all seriousness I think most people relate to kidnapping and mutilation and not wanting it to happen to them.

I mean it’s not like the traditionally rich receive much love.

TheAmazingRace · 33d ago
This write up is very interesting to me for one main reason. It underscores how incredibly important it is for anyone dealing in this stuff to do the following…

Keep. Your. Mouth. Shut.

Pseudo-anonymity, with the emphasis on the pseudo part, is only as good as you. If you truly believe in Bitcoin and all that implies, it really is in your best interest to be quiet and keep it to yourself, and this knife cuts in more ways than you might expect. You don’t have layers of security like at a traditional bank. You are the weakest link wrt private keys and storage.

Also, even talking about it amongst folks you think are your friends, like fellow Bitcoin users, isn’t wise either. Hypothetically, if you became exceedingly wealthy on paper, it would be in the interest of others to take you out of the equation so you can’t cash out. If that means a five dollar (or whatever they cost these days) wrench to the head so you stop moving… now that value is locked up in the blockchain! Could this happen to any given bitcoin users with just a few satoshi or whatnot? Very unlikely, but don’t forget that a decade and a half ago, a handful of bitcoins could cost you very little money. Now it has gone up exponentially in value and would make you a big fat target.

There are those on /r/bitcoin that think a wrench won’t ever break their wills and spirits. That math is invincible. Don’t think they’ve ever been on the wrong side of one before. Math might be bulletproof, but wetware is very fragile.

jsheard · 33d ago
The tension is between needing to keep your mouth shut (for your own safety) and needing to loudly evangelize crypto at every opportunity (because its value is still mostly predicated on hype and FOMO, which must be maintained). For people to believe the narrative that buying crypto will make them rich, there has to be crypto-rich people shouting about how crypto-rich they are.
TheAmazingRace · 33d ago
That is quite a balancing act, isn’t it?
throwanem · 33d ago
Not before Miami slides into the Atlantic...
TheAmazingRace · 33d ago
Lol
hoseja · 32d ago
"hype and FOMO", also known as "democratic mandate"
MrScruff · 32d ago
I have a few friends who've done well out of crypto, and they seem to struggle to follow your advice. I think the success they have with it also gives them a false sense of confidence, like they know what they're doing, rather than bzzzzzt number goes up.

One of them was defrauded of their entire savings, and only discovered at the point where they needed it as a deposit on a house. The person had spent over a year worming their way into their confidence (not just online), and was regarded as a good friend. They managed to convince them over a long period of time that it was safer for them (as a financial advisor) to manage their funds for them. Once the wallet was out of her control, the 'friend' disappeared entirely.

dylan604 · 33d ago
> Keep. Your. Mouth. Shut.

The interesting thing to me about this is watching how we've changed over the past 40 years. As a kid, it was impressed up on kids to not talk to strangers. You don't tell people where you live. You don't tell people anything more than necessary. Now, people share the most intimate details of their daily lives. People share/invite random strangers to their accounts without any concerns about who they are or what they might do. People just do not think about how the most benign of posts can be used for nefarious purposes by someone else. So we've gone from share nothing to over sharing everything.

mattgreenrocks · 33d ago
It’s definitely changed from generation to generation.

During covid some SWEs had pretty sweet gigs due to lowered expectations and a rush on talent. And what do a small fraction of SWEs do? Make “life in the day of” videos that glamorize how cushy and easy-going it is, painting the whole group of SWEs as spoiled and entitled who make too much money. Point is they could’ve just realized they had it good and kept quiet.

But, no, they had to hustle for internet points, even risking their job inadvertently. It’s unbelievable to me how fast we flipped from the internet being an accessory to life to it being a surrogate for actual social interaction.

lazide · 32d ago
What will really boil your brain is how for many of those, the situation was not even real and they just made it up for clout.
concernedParty · 32d ago
> (Proverbs 13:7) There is one who pretends to be rich, yet has nothing; There is another who pretends to be poor, yet has great wealth.

Pretending you're rich has been happening for a long time. Conversely, pretending you're poor though might make you a bit of a miser as you wouldn't use what you have to help anyone else. It seems wise to be discrete about your wealth if you have it, or you're just inviting trouble for little real gain.

ummonk · 33d ago
Ehh, changes in privacy expectations have gone both ways. 40 years ago people also voluntarily listed their home address and telephone number in phone books that would be mailed to the whole community.
dylan604 · 33d ago
If you think the telephone book is any where close to the same thing as the amount of information available via a web search, then you're just not even trying to have a serious conversation. At the time of printed phone books, it's not like you could pull out the super computer in your pocket and get turn by turn directions to that address. If you were fancy, you could maybe pull out your Mapsco and figure out how to get there, but only if that address was in the same area as the set of Mapsco books you had on hand.
egypturnash · 32d ago
You could go to the bookstore and get an appropriate map or two pretty easily. Or a gas station. Or join the AAA and get them to put together a TripTik. Or some combination.

Sure it'd take longer than pulling up directions on your phone does now but if you're planning a cross-country trip to kidnap someone and beat their passphrases out of them or demand a ransom from their family or whatever then you've probably got some other plans to make. If it's a total impulse then you just grab your duct tape, chainsaw, masks, and continental-scale road atlas and hit the road; when you get to your target's state you can pick up maps that'll get you to their place at the first gas station you hit. Don't make jokes about why you're on a road trip when you stop at the whimsical roadside attraction shaped like a dinosaur, someone will come forwards when your case makes the news.

ummonk · 32d ago
I had a road map of the county, with an index mapping each name to squares on the map, and address intervals listed on each long road. It would take me a few minutes tops to prepare turn by turn directions to a new address.

If I needed a direction addresses for another city I'd just go there (had a full highway map of the country) and buy the local map - they were typically for sale near the front of basically every store (gas station, pharmacy, etc.).

TheAmazingRace · 33d ago
So just another point on this… you are probably not as anonymous on the internet as you might think. You can brag about wealth in cryptocurrency. But use a handle long enough, or even across several accounts that can somehow be linked, and a fingerprint of you could be constructed. It really can be done with some forensic analysis.

And I think it all boils down to the fact that some humans need to make noise about their successes so they feel validated. Much like the cryptocurrency evangelists, they probably can’t help themselves because they want to ensure they defend “the mission” even if it comes at great personal cost in the long run.

throwanem · 33d ago
I've recently quoted on here something about learning to spend what's in your pocket. That is a special case of the same general principle evinced here, which is that if you don't put work into maintaining a broad perspective, you lose the ability to distinguish what you're used to and what's ordinary.

It's worth worrying about in the general case, too. There are subtler and much more noxious failure modes here than merely getting beaned with a Swedish nut rounder.

scotty79 · 32d ago
That provides additional safety to all the people who haven't lost their mind and keep their mouths shut.
robocat · 32d ago
> Keep. Your. Mouth. Shut.

This leads to the outcome that it is hard to find good security advice. I'm from New Zealand and too many in the crypto community here are far too trusting (unsafely so - so why would I wish to learn from them).

I was (past tense) interested in investing in crypto however I wanted to learn how to manage security before I invested more than I could afford to lose (say more than a month's salary). I have never felt I could trust my own security so I have never invested much in crypto (one exception has been a little money in crypto correlated stocks).

I was in South America and I thought that might be a good place to learn crypto security since the people there need to be a lot more careful about their security. I couldn't find anybody I trusted to teach me, even if offering a good professional hourly rate. Easy to find people with opinions on security: however they were somewhat ignorant because they lacked real risk (because their amounts at risk were small enough that they would never be spear targeted).

When basic security is silence, then it is difficult to find anyone clueful who would teach.

Edit: an interesting adventure in trying to understand trust. Smart people won't share the details of their own security because it puts their security at risk (how can they trust me?) And why would I trust anybody who isn't at risk?

TheAmazingRace · 32d ago
It really is a tough row to hoe. This sort of Wild West commerce with cryptocurrency is what the community at large wanted, and now with that lack of trust… that extends to everything here.

It’s truly exhausting in the long run, which is why I prefer old fashioned, tried and true financial vehicles instead.

aleph_minus_one · 32d ago
> And why would I trust anybody who isn't at risk?

Because they are very knowledgeable.

lazide · 32d ago
Knowledge which has never been (credibly) tested, or for which there is little at stake for the person expounding it if they are wrong is unwise to trust.
busyant · 32d ago
> Keep. Your. Mouth. Shut.

Matt Levine had a recent article about this. Another part of the problem is that some BTC repositories* got hacked and the hackers got people's names and addresses and maybe quantity of BTC

So, even if you keep your mouth shut, if people can get your address, you're a potential target.

*(I can't recall the details and I don't know enough about crypto to know if I'm using the proper terminology)

* edit: here's the article. skip down to "$5 wrench attack"

https://archive.is/lUNox

hibikir · 33d ago
This kind of works, until you have a medical issue that impairs your brain enough,an event that loses hardware keys or backups, or you care about possible inheritors when you die.

Everything you do to keep keys safe from some risks weakens your posture against other risks. Making sure most people don't know about your holdings is nice and all, but ultimately key management is a really hard problem. It's hard enough for companies, but I'd argue it's even worse for individuals.

TheAmazingRace · 33d ago
You are correct about key management being hard. I’ve been telling folks that absolutely insist on getting into Bitcoin that it’s best to leave out any notions of convenience at all, as convenience is the enemy of security. If you absolutely must have the stuff, stick to a cold wallet using pen and paper. It still has its own downsides, but it’s arguably one of the most simple ways to handle the keys problem.
XorNot · 32d ago
Except that's irrelevant. Key management doesn't mitigate the threat against you.

If the person who kidnaps you believes you have the necessary keys on you, or remember them or whatever, they aren't going to let you go because you genuinely do not have the ability to provide them.

TheAmazingRace · 32d ago
I fully agree with this sentiment. The burden of proof rests upon the kidnapped person to present the cryptocurrency or say it was “lost in a boating accident” but good luck proving a negative, in which case, you’re probably dead.
quesera · 32d ago
... and you don't even have the option of coughing up the keys to save your life.
beeflet · 32d ago
you can just keep a small amount (~$100) on a hot wallet for daily spending, and keep the rest under a multisig scheme or something.
lottin · 32d ago
> Keep. Your. Mouth. Shut.

A critical aspect of crypto-currencies is sales. They have to sell a story so that investors keep pouring money into the system. Otherwise the whole thing would collapse very quickly.

daveguy · 32d ago
Or just don't mess with bitcoin and other crypto. It's pretty easy to avoid.
throwanem · 33d ago
> Keep. Your. Mouth. Shut.

With events like the recent Coinbase breach, is this even enough?

TheAmazingRace · 33d ago
Nobody has to use Coinbase. That said, yes you aren’t wrong. The more intermediaries you deal with, the higher your exposure risk.
throwanem · 33d ago
That, and there's zero backward or forward secrecy by design. Avoiding intermediaries can't ameliorate the hazards of the protocol.
TheAmazingRace · 33d ago
Exactly. Hence why I don’t advocate for any cryptocurrency at all, personally. It’s fraught with peril and the juice really isn’t worth the squeeze to me. Others may have a different calculus, but I’d rather not be looking over my shoulder constantly.
throwanem · 33d ago
Oh, same, I've never touched the stuff. That was pure intuition 15 years ago; these days I think of it as a longterm investment paying major dividends in peace of mind.

Of course it would be easy to say one's never touched crypto, and not so easy to prove, as with any negative. I don't care. If I ever get bounced with a King Dick, it'll far more likely be because I said something someone didn't like - which seems to happen about as often as I open my mouth, these days. Or because I said something someone failed to comprehend and so took insult at. Brains are severely out of fashion this decade, and I can't seem to help having some, so presumably someone will seek to scatter them sooner or later. Why not? I hear it's the last argument of kings, and their time too seems coming 'round again.

In any case they better not let me hear them coming. Wiser to spin the block in a car, really. I've never been hit with a wrench before, but it did once take more than a hammer to get me off my feet.

lazide · 32d ago
Coinbase is also the least messed up exchange on this front, at least with even a whiff of legality.
throwanem · 32d ago
Yeah, they've been pushing hard since 2020 to get picked as the winner of a government-guaranteed monopoly on legal ramps between USD and crypto. It looks like they might pull it off, too. I haven't stopped being glad I didn't decide to work for Armstrong in '21 but I have to give him he's got the nous to recognize what a good thing Visa's always had going. I wonder how many skeletons they buried in the 60s...
PicassoCTs · 32d ago
You know, there are people here who have a living memory growing up in a high trust society. https://en.wikipedia.org/wiki/High-trust_and_low-trust_socie... And i refuse to accept all this advice, all this barbed wire as normal and all these grifters and gangsters as socially acceptable. And i refuse the victim reversal, of the "stupid" victim calling for it.

No, all those trying to normalize the wild-west and those who try to prosper from the wild west- they have to go. Now. Wherever they came from. Take your low-thrust, non-working societies with you. The enablers too, if you want to co-exist with this, you are wrong here. You need to go. Now.

lazide · 32d ago
You’re just imagining a false past. Shit like this has always been going on - it’s just more visible now.

The Jordan Belforts and P.T. Barnums (and many more) have been a part of US society since the beginning.

PicassoCTs · 32d ago
What if you imagine it wrong, and the past has been actually filled with high-trust useful idiots in the silent majority, thinking god watches them and they can leave the door and car unlocked, cause god also watches the village? What if you are just one of the infected?
lazide · 32d ago
Uh, I’m saying that there has always been a sucker born every minute. I don’t think we’re disagreeing.

You’re just able to see the snake oil salesman parting the rubes from their coin remotely, instead of only being able to see it if you’re standing right next to the rube.

Even with that happening, there are still plenty of rubes - and just like before, people who are trying to run the snake oil salesman out of town (but generally being ineffective at it).

imaginator · 33d ago
Jameson Lopp maintains a comprehensive list at https://github.com/jlopp/physical-bitcoin-attacks

Side joke: with inflation the XKCD $5 wrench attack (https://xkcd.com/538/) is no longer possible.

qoez · 33d ago
The alt text does say "Also, I would be hard-pressed to find that wrench for $5." so I guess even at the time without inflation it wasn't really possible
apples_oranges · 33d ago
For Americans now difficult. Rest of the world can still order cheaply in China ;)
cluckindan · 33d ago
Maybe those orders should be limited given how the tools have no other valid use than password extraction
hansvm · 32d ago
You speak with the same sort of hard-earned wisdom of someone who has also snapped a few cheap wrenches in half.
grues-dinner · 33d ago
It could be a second-hand wrench. Or maybe smuggled in without tariffs: a 1-foot, 3-pound wrench is $3.45 on Taobao (including shipping, a pair of gloves and a roll of PTFE tape). It might not be Snap-On but it'll probably survive being hit with a few crypto speculator skulls.
krisoft · 33d ago
Or a stolen wrench. If you are already on the path of criminality.
lazide · 33d ago
Hey man, some of us have limits (/s)

Seriously though, most B&E’s will use tools stolen from some prior victim. Why spend money you don’t need to, or something.

dylan604 · 33d ago
Or tools from the current victim. Someone broke into my house using the utensils from my grill on the patio to try to pry open a rear window before just using them to break the glass.
grues-dinner · 33d ago
Also you can't be filmed at the hardware shop buying the weapon. Premeditation makes things worse if you do get caught.
brewdad · 32d ago
The key is to have made the investment long ago. I never put money in crypto but I do own two large pipe wrenches from the mid 1990s.
os2warpman · 33d ago
https://www.harborfreight.com/hand-tools/wrenches/18-in-stee...

$7.99

They also have an 8-inch wrench on sale for $3 but I'd spend the extra for the pipe wrench.

Better whackin' with an 18-incher.

oulipo · 33d ago
No worries, now you can simply use $5 of Toblerone lol https://archive.ph/TZ9oq
nssnsjsjsjs · 33d ago
Next they'll hit someone over the head with a shitcoin to try and steal their wrench!
lo0dot0 · 32d ago
It's pretentious to say something is "novel" when people have raided each other for valuables for centuries.
akrymski · 32d ago
You mean there's a point to banks after all?
jonfromsf · 32d ago
The obvious answer is to invest in ETFs that hold bitcoin, in a traditional brokerage account. Ironic that it comes to that (given that bitcoin was supposed to take down big finance). But it is the most straightforward and safe way for someone to own some amount of bitcoin.
beeflet · 32d ago
The obvious answer is to kidnap lightning channel maintainers instead. They will always have their funds living on a "live" computer, which you can extract secrets from using whatever side-channel you like.

This way, you don't even have to torture them. You just have to kidnap them and keep them from transmitting closing transactions.

If you open a channel with them beforehand, you don't even need to extract the keys from their hardware. You get to can steal the funds in their channel unless they use another mechanism like a DMS to transmit a revocation transaction.

anigbrowl · 32d ago
How does this need an academic paper?!

  >Be rich
  >Don't have good personal security because you're nouveau-riche and socially naive
  >Boast about the size of your crypto wallet
  >Targeted by criminals
  >surprised pikachu.jpg
refulgentis · 32d ago
How does this need a comment?!

  >Be bored
  >Don't have a particular stake in anything you're actively(!) doing
  >Complain that someone else wrote up something and you don't want to read it 
  >all the commentariat are going to be pleased you deigned to comment on this, thank you sir, for spending your time sir
  >Do it in the middle of a sea of comments remarking on all the novel aspects of this
  >brain in microwave.gif
anigbrowl · 31d ago
I did read it. I was unimpressed. No, I don't think it's novel at all.
pluto_modadic · 32d ago
Ah, and here I was hoping it would have parallels to attacks on yubikeys. not concerned with coins. or, journalists getting detained at the border.
specialist · 33d ago
Mugging, larceny, robbery, assault & battery, a stick-up.

Kids these days.... Always inventing new words for old ideas, amirite?

More seriously: I'm still a little unclear how stealing crypto is feasible. There's a ledger, right? Tumblers are really that effective at hiding the chain of custody?

At some point(s) the cyberspace "durable digital asset" (h/t a15z) has to emerge in meatspace, right? Even if it pops up in Russia, NK, or Golden Triangle, there's always some heads to bash, fingers to break. Right?

brewdad · 32d ago
I imagine it works like the stolen art world. You can’t just put that lost Picasso on auction at Sotheby’s, but the right buyer will take that wallet off your hands and wash it.
beeflet · 32d ago
>There's a ledger, right?

There is tech for private transactions, but the cryptography is more complex. It's used in cryptocurrencies like zcash or monero. You can also trade between different cryptocurrencies without trusting an intermediary, using "atomic swaps". So if you seize cryptocurrency you think will be tainted, you have a small window to swap it for private (and thus fungible) currency.

https://cointelegraph.com/news/zachxbt-330m-btc-heist-xmr-su...

This business is booming!

margorczynski · 33d ago
I guess the name is in reference to https://xkcd.com/538/
martinky24 · 33d ago
They quite literally say this explicitly in the first few paragraphs. No need to guess.