Physical security practices for Bitcoin wallets

[hatshepsut93]

As Bitcoin's price increases, it's a good time to start thinking more about security of our coins, and today I want to discuss physical security. Physical attacks can be categorized as:

1. Stealing your phone, flash drives, hardware wallets, paper wallets, written seeds.

Flash drives, phones and hardware wallets are almost always encrypted, so attacker won't be able to get access to coins quickly, which gives a chance to use secondary backups to move coins to a new wallet. Seeds and paper wallets on the other hand can grant very quick access, which means it's a pretty big security risk. This can be solved by getting a decent strongbox. Some strongboxes also offer protection against floods and fire.

2. Getting robbed at gunpoint.

The threat of violence is a pretty effective method of cryptanalysis - attackers are effectively bypassing all security measures. The common defense is to either split the information between different parties - like with multisig for example, or to hide deep your real keys while having decoys at their place (in safe for example) that will be given up to attackers. I personally think that the first method can be dangerous, because attackers might severely torture you or your loved ones thinking that you know full keys. The second method works if attackers don't know what exactly they are looking for - in our case, how much coins do you have, so you can give up a smaller decoy wallet to them. This is why private transactions are very important, as well as keeping your mouth shut about how many coins do you have, even if you want to impress your friends and family.

Any thoughts on how to increase physical security against some specific attacks as well as hazards?


Some links:

https://coinidol.com/ukrainian-security-service-robbed-from-forklog/

https://www.coinbureau.com/news/robbed-gunpoint-1-8m-ethereum/

https://cointelegraph.com/news/man-robbed-at-gunpoint-for-1100-worth-of-bitcoins-in-brooklyn

[1714122600]

1714122600

[1714122600]

1714122600

[1714122600]

1714122600

[coolcountry]

On my phone, I downloaded an additional app which prompts your fingerprint when you try to open certain apps, and I locked all crypto related apps using this app. So for example, if you want to reach my mycelium wallet on my phone, you have to unlock my phone using my fingerprint first, then when you click on the mycelium app you have to unlock the app with my fingerprint once again, and once in the app, you have to type the 6-digit password to access the wallet. I think this is secure enough

[hatshepsut93]

On my phone, I downloaded an additional app which prompts your fingerprint when you try to open certain apps, and I locked all crypto related apps using this app. So for example, if you want to reach my mycelium wallet on my phone, you have to unlock my phone using my fingerprint first, then when you click on the mycelium app you have to unlock the app with my fingerprint once again, and once in the app, you have to type the 6-digit password to access the wallet. I think this is secure enough

This sounds like a pretty good security in case your phone will get stolen - if you have your Mycellium seed backed up, you can restore your wallet way before thieves will manage to break your phone's encryption (if this is even possible). But what would you do if someone pulled a gun on you and told you to send your coins to his wallet? Would you give up your coins or try to somehow stop it? I think a viable idea is to have some secret mechanism that triggers a distress signal that calls the cops - for example a secret pin code that does this instead of unlocking your app.

[WhoKn0ws]

To be quite frank if you're involved in a physical attack and the point is that your crypto is stored on there then someone knows too much information about you.The less you are likely to flash or brag then the less chances you have of being set up to be robbed can an everyday robbery occur? Sure but highly unlikely they'll be interested in cracking your phone for crypto they're just after the phone itself, again only if you're targeted for such reason...

[bitart]

On my phone, I downloaded an additional app which prompts your fingerprint when you try to open certain apps, and I locked all crypto related apps using this app. So for example, if you want to reach my mycelium wallet on my phone, you have to unlock my phone using my fingerprint first, then when you click on the mycelium app you have to unlock the app with my fingerprint once again, and once in the app, you have to type the 6-digit password to access the wallet. I think this is secure enough

This sounds like a pretty good security in case your phone will get stolen - if you have your Mycellium seed backed up, you can restore your wallet way before thieves will manage to break your phone's encryption (if this is even possible). But what would you do if someone pulled a gun on you and told you to send your coins to his wallet? Would you give up your coins or try to somehow stop it? I think a viable idea is to have some secret mechanism that triggers a distress signal that calls the cops - for example a secret pin code that does this instead of unlocking your app.

If someone is pointing me a gun and asking to send all my coins from the mobile wallet to him, I would be happy to send all of them (with a fee of 9 sat/B, because ViaBTC only accepts transactions to accelerate if they have at least 10 sat/B fee )
But to be serious, if someone pulls a gun at you, you will send the coins, if you want to save your life, that's all. But there's no difference if we talk about bitcoin wallet or an everyday wallet with banknotes and coins, a gun is a gun in every sitution and everyday people (including me) won't resist at all.

[hatshepsut93]

If someone is pointing me a gun and asking to send all my coins from the mobile wallet to him, I would be happy to send all of them (with a fee of 9 sat/B, because ViaBTC only accepts transactions to accelerate if they have at least 10 sat/B fee )
But to be serious, if someone pulls a gun at you, you will send the coins, if you want to save your life, that's all. But there's no difference if we talk about bitcoin wallet or an everyday wallet with banknotes and coins, a gun is a gun in every sitution and everyday people (including me) won't resist at all.

I think there actually is a difference, because Bitcoin is digital and also programmable. I've been thinking about different security measures and came up with an idea (which I'm sure is not original, but still) of "panic button" - you can create a signed transaction that moves your funds to some other wallet - in case with mobile wallet it can be your cold storate, in case with cold storage it can be some trusted party; so in case you will be getting robbed (either on the street or in your house, or maybe raided by law enforcement), you can quickly send this transaction, ideally from a dedicated device that can be easily accessed in case of emergency - just like a panic button in banks.

[Anti-Cen]

The price of the hardware wallets have gone up and you have to pay far too much for what they do.

Pen-Sticks seem a better option for the price or on an Android phone you keep a spare SD-Micro and just keep
your wallet on that if you are using something like Jaxx (Pass phrase can be decoded from the file by hackers)

These expensive hardware wallets rely on central servers anyway so lets not pretend that anything is perfect and do
note that these days microsoft is running its own key-loggers and google + fakebook are recording what we say plus
x-boxes are scanning anything on your LAN even when you think they are turned off.

 

[zenrol28]

One of the best way is to never let others know that you own bitcoin. Just like in real life. No one will ever try to rob you if you don't look to have money. Be anonymously rich. It's better that way.

[Kajune]

Maybe placing your wallet container of bank storage box as "precious jewel"? Mwahahaha

[HeRetiK]

[...]

2. Getting robbed at gunpoint.

[...]

Ironically one potential security measure against getting robbed at gunpoint would be storing your bitcoins in a bank safe. Robbers will have a hard time walking you in at gunpoint to access your safe deposit box. Same with possible backups -- although those probably shouldn't be in the same bank as your main wallet.

[...]

These expensive hardware wallets rely on central servers anyway so lets not pretend that anything is perfect and do
note that these days microsoft is running its own key-loggers and google + fakebook are recording what we say plus
x-boxes are scanning anything on your LAN even when you think they are turned off.

Hardware wallets relying on central servers doesn't put your coins at risk though. Worst case an attacker could only deny an outgoing transaction or prevent an incoming transaction from showing up.

[Anti-Cen]

64gb microSD card on ebay is $8.00 and Android phones allow you to put Apps on the card
so for it's price that sounds good to me and many of these hardware wallets cost too much
and the user interface is not so good and you get tied in the service provider anyway.

I really like Jaxx wallet because it's easy to use, lots of currencies and has built in
ShapeShift but due to a security flaw it's really is a "Must" to take the precautions
that i have mentioned above.

if you are using Microsoft Windows that is little more than a remote terminal these days
then do not worry because the CIA/NSA have your data already and you should not trust
Chrome browsers because I wrote an extension for it and I know for a fact that the API
in Chrome does not call the extension code for some Google Url's that a add-blocker
might block so best keep sway from browser base wallets even if the are easy to use.

Don't forget to put your browser in private mode with add-ons disabled. Majority of browser add-ons reads browsing data be careful with them, some them might steal your private key for an online wallet.

You beat me too it, see word does get out

[aizadelacruz99]

You have to save in one file or save in a flash drive for back up purposes.

[hatshepsut93]

https://bitcointalk.org/index.php?topic=2838993.msg29132581
I think in the future we will be getting more news like this, because Bitcoin is a very juicy target for criminals - it can be easily hidden after being stolen and for now it's not well guarded. So, wealthy bitcoiners should take the old motto 'be your own bank' literally - they should have very strong security measures to discourage thieves and robbers from trying to steal their coins.
Another problem is kidnapping - usually criminals have a hard time collecting their ransom because digital bank transfers can be charged back and traced, while cash transfer can easily expose. Cryptocurrencies like Monero solve both of those problems for criminals, so I predict that in the near future we'll hear reports of kidnappers demand ransom in some cryptocurrency.

[farhaan]

As Bitcoin's price increases, it's a good time to start thinking more about security of our coins, and today I want to discuss physical security. Physical attacks can be categorized as:

1. Stealing your phone, flash drives, hardware wallets, paper wallets, written seeds.

Flash drives, phones and hardware wallets are almost always encrypted, so attacker won't be able to get access to coins quickly, which gives a chance to use secondary backups to move coins to a new wallet. Seeds and paper wallets on the other hand can grant very quick access, which means it's a pretty big security risk. This can be solved by getting a decent strongbox. Some strongboxes also offer protection against floods and fire.

2. Getting robbed at gunpoint.

The threat of violence is a pretty effective method of cryptanalysis - attackers are effectively bypassing all security measures. The common defense is to either split the information between different parties - like with multisig for example, or to hide deep your real keys while having decoys at their place (in safe for example) that will be given up to attackers. I personally think that the first method can be dangerous, because attackers might severely torture you or your loved ones thinking that you know full keys. The second method works if attackers don't know what exactly they are looking for - in our case, how much coins do you have, so you can give up a smaller decoy wallet to them. This is why private transactions are very important, as well as keeping your mouth shut about how many coins do you have, even if you want to impress your friends and family.

Any thoughts on how to increase physical security against some specific attacks as well as hazards?


Some links:

https://coinidol.com/ukrainian-security-service-robbed-from-forklog/

https://www.coinbureau.com/news/robbed-gunpoint-1-8m-ethereum/

https://cointelegraph.com/news/man-robbed-at-gunpoint-for-1100-worth-of-bitcoins-in-brooklyn

Actually,the second thing has happened in britain this week.A owner of a crypto coin trading firm was asked to send all of the bitcoins from his wallet under the gunpoint.He was blackmailed that his family members would be shot dead if he refused to do so.

Also,recently a bitcoin user lost his bitcoins to robbers at gunpoint.But in this case,it was his mistake to reveal his luxurious life style pictures in facebook which helped robbers to target him.

So,a bitcoin holder should realize that he has valuable bitcoin with him and should not reveal about his income any time in the society.

[moonshoot]

If you are going to hold a lot of crypto, it would make sense to keep most of it in cold storage--not on your phone or PC or anywhere that could be easily hacked. Another nice feature of cryptocurrency is the low to zero cost of splitting it up into multiple wallets, which you can secure with different passphrases and methods of protection so that if one was compromised, you haven't lost all of it.

You do have to balance security with convenience and accessibility, and of course the more passphrases etc. that you have to keep track of, the more likely you are to lose or forget them. But you could simply have a "dummy" wallet with a much smaller amount of cryptocurrency to give to the person robbing you at gunpoint. Unlike a physical wallet, they aren't going to have any easy way of verifying you've given them "all" of your crypto.