As someone who has worked for and/or audited most major crypto custody companies, I am sad to report every single one takes shortcuts that give single individuals acting alone the power to move billions of dollars in value. They also never review third party dependencies. They blindly merge any code dependabot tells them to merge from internet randos and give it control of the funds.
This level of negligence should be illegal, but it isn't. Negligence is the default in crypto custody. There are no useful security regulations in this space.
Even the ones that think they have a good split custody solution or claim to use HSMs always let an IT manager have remote access to all workstations involved or a release engineer build the software that is used shifting the centralized power and risk to them.
Kidnappings and torture are becoming common as people realize this
If you directly or indirectly control secret keys of any significant financial value on your own, you are endangering yourself and your family.
Even if you only maintain an open source library used by crypto custodians that do not review the code you write, someone has good reason to coerce you into sneaking in malicious code.
To engineers working at custodians: Make your employers manage keys with a quorum of geographically distributed individuals with HSMs, immutable time delayed access controls, and a software supply chain that is full source bootstrapped, reviewed, compiled deterministically, and signed by multiple people so no single person can manipulate the flow.
My team and I open sourced a lot of tooling to do this safely. Please use it, or use it for reference to ensure your internal tooling meets the same bar.
But don't you see, dear kidnapper, you've made such folly for my systems do not allow me any access to grant your one desire. I'm worthless to you! In fact I'm only a liability now!
Publicizing the existence of one's countermeasures is an interesting problem. You'd want a believable way to communicate the fact that torturing/extorting the principle buys the opposition nothing (believable being the key part). It would have to become common knowledge in the criminal underworld to have real utility.
Exactly why from the start we knew Trove -had- to be open source with open documentation to practice Kerkhoffs Principle.
Combine with remotely attestable enclaves running open source deterministic code and your adversaries can easily verify attacking any one person will be unsuccessful.
The most telling or disturbing thing I learned from a recent article posted here about the Crypto-related kidnappings was how criminals found some of their victims’ addresses and personal information in marketing data that companies kept on their customers.
The recent Coinbase leak is mostly stored KYC data AFAIK, so even if the company isn’t using it for marketing, they’re probably being forced to store data that they’re not responsible enough to protect.
Technology isn't even a cool field anymore, the major innovations (crypto, blockchain, AI) have such a film of sliminess around them. You have to ignore or be ignorant of the fact that they're going to be used for scams and bullshit more than for good.
AI is not niche. Blockchain ledgers are because centralized ledgers are cheaper, faster, and controllable by law; which is what most people want if they spend a few seconds thinking about it.
This is the typical HN 2015 crypto knowledge. It was accurate a decade ago but isn’t any more.
- Centralised ledgers are multiple orders of magnitude more expensive (2.5% to 6%, a typical blue and white square checkout is 3.5%) versus something like $0.000025 on the most active blockchain)
- At their best (2-3 second confirmation) as fast as current gen blockchain networks and an order of magnitude slower than next generation (150 milliseconds block time so expected subsecond confirmations).
- Tokens have techniques like permanent delegate for OFAC compliance.
This isn’t meant to be a personal attack, it’s just that this view of crypto is akin to saying that ‘AI is customer service chatbots that don’t work’ - correct ten years ago but not anymore.
Axiom, YC W25 is the fastest growing company in YC history hitting 100 million in revenue in five months.
You're comparing different things to try to prove something that is obviously wrong to anyone who spends a few seconds thinking about it.
> Centralised ledgers are multiple orders of magnitude more expensive (2.5% to 6%, a typical blue and white square checkout is 3.5%) versus something like $0.000025 on the most active blockchain)
I was comparing cost of recording the transaction. Think for 2 seconds. Obviously, a centralized ledger is going to be cheaper. You are comparing the cost for completing a transaction on one side with the cost of completing a transaction plus fraud fraud mitigation, chargebacks, etc. on the other.
> At their best (2-3 second confirmation) as fast as current gen blockchain networks and an order of magnitude slower than next generation (150 milliseconds block time so expected subsecond confirmations).
Same mistake. Think for two seconds. Obviously, the speed of recording a transaction on a centralized ledger is going to be faster.
Whatever you build on a blockchain ledger you can build faster and cheaper on a centralized ledger.
People fooled by crypto grifters don't have enough economics education to understand "ceteris paribus" let alone everything that comes after in an introductory course.
I’d like to start by saying “think for two seconds” is not a respectful way to communicate.
Do I need fraud mitigation and insurance to buy a coffee or groceries?
Regardless of the capabilities of centralised networks when you last bought something using a Visa card was it hundreds of milliseconds or was it two or three seconds to confirm?
> People fooled by crypto grifters don't have enough economics education
That’s a very broad statement about a lot of people highly regarded in traditional finance.
> I’d like to start by saying “think for two seconds” is not a respectful way to communicate.
I'm assuming the readers here have enough technological sophistication to understand the problem in two seconds. This is not the case among general YouTube audiences being fooled by crypto grifters.
> Do I need fraud mitigation and insurance to buy a coffee or groceries?
Do you want to be on the hook for somebody else buying coffee and groceries on your dime? Most people don't. Thus, fraud mitigation.
> That’s a very broad statement about a lot of people highly regarded in traditional finance.
That's assuming that those "highly regarded" people are fooled by crypto grifters instead of profiting off the fools.
Do you think not engaging with the actual content of the poster and purposefully misinterpreting them disingenuously is a respectful way to communicate?
When the weakest link between the criminal and the cryptocurrency is a single person (the holder himself in this instance), that person alone would need to withstand all attacks and “rubber hose cryptanalysis”.
The most effective protection is a combination of discretion, strong security practices, and advanced wallet configurations like multisig and passphrase protection.
You could store passphrases in a hardware wallet in a bank vault in a small European country.
Physical security for digital credentials is the main point here, that doesn't always imply a regular bank, many modern banks lack the bank vaults of yore in any case.
Yes, ironic. But, of course, nothing in this attack has anything to do with blockchain or crypto per se. They could have been torturing someone for the password with access to the bank's old school accounts or safe deposit box.
> Inside the home, the police found Polaroid pictures showing the man bound and being assaulted
Because of course. These people live in a world where nothing can touch them, least of all the law, so why wouldn’t you literally make your own evidence of your crime and leave it lying around.
This is so crazy, this happened not far from my place and we saw a lot of cops around, even crazier some people broke into my building 3 days after the kidnapping looking for a "john", even crazieeeer I had coffee with this john (the kidnapper) in 2019 in SF. He seemed a bit odd but overall nice, kind of like a blackhat that had found a job on the other side (he was doing security for a crypto project called grin).
Most likely this is not your typical kidnapping, I would bet that they knew each other and that there's something else at play. Also the apartment he was staying at is $75k/month rent, that's insane...
This is part of why I designed Tarsnap to keep data as secure as possible, even from me. If someone stores their crypto keys -- or world domination^W optimization plans -- on Tarsnap, I don't want to get kidnapped and tortured by anyone trying to steal that data.
He can’t give the attackers the customer keys or any other data. But yes as another poster says downtown the attackers may not actually understand that.
Why don't they bother traditional bank managers then?
One time long ago someone did try to get money by forcing a bank owner to open a vault, and it didn't work, and since then everyone knows it's fruitless.
It just needs to actually be fruitless. It sounds like for crypto custodians, it's not fruitless and they know that.
Please describe exactly the software change you imagine would produce this result, and describe how it gets from the attackers head onto the machines where it needs to run.
In other words I think you have hanwaved and imagined 2 different required things which probably simply don't exist. Or at least, may exist but could easily not exist.
There may be no such thing as a software change that will give a back door to the data. It depends hpw the system is designed, which I do not know.
And there may be no such thing as a way to get such software change onto customers machines without passing through review by multiple someone else's. Even if one, as owner of a business has the power to change the review policy itself, it's still physically impossible to do that without everyone else knowing it happened.
tarsnap would have to be a sole developer sole propriator business (or a multi employee business run as badly as crypto custodians aparently all are) for that to even be physically possible. Which maybe it is but it's not the impression I've formed of that company over the many years. Not a customer, and know nothing of either the software or the company's internal workings.
yes and? you get the data of only one tarsnap user.
The comment you were responding to was from the tarsnap creator where he was saying he doesn't have access to those keys so cannot be coerced to give them (and thus has no way to decrypt the data of all the clients).
You really think the kind of people who do such things will read your website and just give up? "Aw shucks, he's using e2e encryption, no point trying anything"?
I think you misunderstood the comment. Or maybe I did.
My understanding: the rubberhose crypto-analysis, even if unsuccessful, will result in some major damage done. Determined attacker might try to apply it regardless of any online statements on the off chance that the statements are wrong.
You understand correctly. I suspect that in the experience of such attackers, it's not even an "off chance". They're probably up against exaggerated claims of security more often than truly well-founded ones.
And you really think that people who routinely use torture to extract information, and for whom claims that "I don't know it!" is basically the standard obstacle to overcome, will just believe him without even trying, because it's "math" and therefore true?
The reality is, in the xkcd Rubberhose cryptanalysis scenario, being actually unable to give up the information is a MUCH WORSE situation to be be in than having a key to give up before they permanently maim/kill you. It might be better for a third party who benefits from the information remaining secret, but not for the person unable to divulge it.
But thinking you're safe because the attackers will read, understand, and believe your claims of uncompromisable cryptographic security is dangerously naive.
Ah okay, I get what you mean now. I thought your comment was suggesting he actually can access the information.
I still believe, which might indeed be naive, that this is the best way. It results in a failed mission lowering the risks for others and if applied for all theses services (again naive), in a general understanding.
To some extent. Wire fraud happens pretty often, and after a day or so the money's usually unrecoverable after going through several foreign countries. Home real estate and B2B transactions have been particular targets.
This comment must be parody. Certainly you can't be serious. In the off chance hat you are, obviously, I must state. Crimes happen as a result of incentive structures. If there were a huge aftermarket for stolen iPhones, iPhone thefts would increase (something that Apple obviously realizes and combats).
Because of crypto, the incentive to kidnap people with crypto wealth has surfaced as a real problem. These are kidnappings that, obviously, wouldn't exist if the crypto hadn't existed at all.
My larger point is; although crypto has made some people quite wealthy, it's mostly disenfranchised a larger part of the broader society. It's essentially been a wealth transfer from stupid people to opportunistic people. Has wealth been created? I'd argue that although some has been generated, it's a pittance in comparison to the amount of press crypto gets, and the amount of wealth that has been unfairly distributed from the stupid to the opportunistic.
Not parody. Although all these breathless stories pretending this is unprecedented sure are.
>These are kidnappings that, obviously, wouldn't exist if the crypto hadn't existed at all.
And would Frank Sinatra, Jr. never have been kidnapped if money didn't exist?
>It's essentially been a wealth transfer from stupid people to opportunistic people.
This is not entirely wrong. But it also describes the stock market. We allow the stock market because of it's obvious usefulness. The same is true for a non-centralized currency like bitcoin in a fractured world where nationstates keep going rogue and breaking down.
> Inside the home, the police found Polaroid pictures showing the man bound and being assaulted, the law enforcement official said.
... Why on earth would you document this?
> Two butlers who worked at the home were also present and agreed on Friday to be interviewed by the police, the official said.
... Why on earth would you do this in a place where you weren't the only person present?! (Also, butlers, wtf?)
I suppose, much like the crypto people are slowly rediscovering why the modern financial system is as it is, maybe they're also figuring out how to do crimes by trial and error.
