The fastest way to get CISSP Certified. Join our bootcamp
This is our third installment in our series on physical attacks on crypto-holders. These attacks involve violence, the threat of violence, or extortion to persuade the victim into transferring cryptocurrency or handing over their keys. Our first newsletter covered examples of some of these attacks. Our second one looked at why these attacks are appealing from the criminal’s perspective. In this installment, we’re going to take a look at some of the security measures that cryptocurrency holders can adopt to protect themselves.
Perform a risk assessment
When we want to protect our organizations, one of the first things we do is perform a risk assessment. Risk assessments are also a critical aspect of protecting your crypto. To do a risk assessment, we take an inventory of our assets, map out the threats to each asset, assess the likelihood and the impact of each threat and then prioritize a list of risk mitigation strategies.
With your cryptocurrency, your assets are all of your crypto-holdings, and the threats can range from losing your keys, to cybercrimes, to the wrench attacks we have spent so much time discussing. We’ll just stick to wrench attacks so that we don’t go off on too much of a tangent.
If you only have a few hundred bucks in crypto, then you probably don’t have to worry too much, as long as no one mistakenly believes you are a crypto-millionaire. If you have 10s of thousands, the threats you face are more severe. This amount of money could bring out opportunistic criminals or even your associates who are aware of your holdings.
If you have 100s of thousands, millions or beyond, this is the kind of money that can bring out organized criminal gangs who are willing to go to great lengths to target you. With this level of adversary in your threat model, your security preparations will need to be especially rigorous to give you peace of mind.
Don’t brag about your crypto
One of the most important ways to keep safe from wrench attacks is to be as secretive as possible about your crypto-holdings and avoid flashing wealth. You could choose to live in a more modest home or drive a simpler car than you can afford. Don’t walk around with bundles of cash, and definitely don’t post a lavish lifestyle on social media. If you are a significant person within the cryptocurrency industry, then you may also want to avoid media interviews to limit your exposure.
You also need to be careful around your associates. Even close friends and family may be willing to engage in wrench attacks when they hear about your crypto-wealth. It’s best to limit what everyone knows about your crypto-assets as much as you can. Even a romantic partner that you trust could extort you out of your cryptocurrency.
Even if you don’t have much crypto, you need to be careful to ensure that no one gets the impression that you are a major holder. You could become a victim of a wrench attack because someone presumes you have a lot of crypto, even if they are incorrect. People associated with major crypto-platforms and coins should be especially careful.
Use multi-signature wallets
If you have a substantial amount of cryptocurrency and other people that you trust, you might want to consider adopting a multi-signature wallet, at least for some of your cryptocurrency. These wallets require two or more sets of keys to access the holdings. If you split the keys between multiple people, then this means that you need to get each key holder to collaborate to make a transfer. This can make wrench attacks much more difficult to accomplish because the attackers would need to wrench multiple people to gain access. However, needing to trust other people also presents its own risks. Multi-signature wallets are also less convenient to use.
Avoid traveling to dangerous locations
Many people enjoy traveling to countries that are less secure and have limited police effectiveness. If you have substantial cryptocurrency holdings, traveling to these locations may be a bad idea. If you do decide to travel to dangerous areas, you should plan your security accordingly. You may need to hire bodyguards, only stay in secure hotels, and be careful when and where you go out.
It’s also a good practice to never disclose your location so that attackers can’t track you down easily. If you must post to social media, it’s best to post a day or two after so that attackers don’t know where you are in real-time.
What about your friends and family?
Even if you are confident in your own security, one risk is that attackers may kidnap and torture someone close to you as a means of getting you to make a payment. You have much more control of your own security than you do of those close to you, so it’s a lot harder to limit the risks to your associates. If you have significant crypto-holdings, you should carefully consider the risks that this puts your friends and family through, and whether you can justify it.
Are the risks worth it?
We all have frustrations with our governments and banks, and there is certainly an appeal to the ideas behind decentralized finance. However, we should really take the time to consider whether those appeals are really worth the possibility of losing our toes and our life savings in a wrench attack. In saying this, we also need to maintain perspective. Millions of people own crypto and most of them have presumably never been a victim of a wrench attack. Everything has risk, and you need to choose what’s right for you.
The easiest and fastest way to pass the Security+ exam
Build Your Cybersecurity Foundation. Our team has helped thousands of professionals succeed with advanced certifications like CISSP and CCSP. Now we've taken that same proven and tailored it specifically for Security+!
Prepare to Pass: Get the Right CISSP
Bootcamp
Master CISSP — as Easily and Quickly as Possible. Join our CISSP 5-Day Live Bootcamp with expert instructors Rob Witcher and John Berti to fast-track your exam prep and master all 8 CISSP domains. Live on Zoom, this intensive training is packed with real-world insights and Q&A—reserve your spot now!
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.
