Recently, experts have noticed a dangerous uptrend in the number of crimes committed in the crypto world. According to the data from ActionFraud, crimes linked to bitcoin increased to 999 in 2017, compared to 320 in the year before. Since large crypto investors are not going to put up with the situation, they are taking measures to avoid falling victim to criminals.
Criminals switch to cryptocurrencies
According to the report of an international company MWR InfoSecurity, which tests cyber defenses for banks and governments, the rise in cryptocurrency popularity and lack of regulation have made the asset highly favored among criminals:
"A single transaction that consumes much of the liquidity of a market is very likely to be noticed, whilst a proportionally smaller transaction on a larger marketplace will generate less attention. As such, increasing liquidity of cryptocurrencies will mean criminals can extract greater values."
The abduction of Pavel Lerner—a leading analyst at a United Kingdom-registered cryptocurrency exchange EXMO Finance—in Kiev was one of the most vivid examples of the risks incurred by the crypto market players. Lerner was kidnapped while leaving his office on December 26, 2017. Two days later, kidnappers released the man after receiving all of his bitcoin, amounting to more than $1 million, as ransom.
At the end of January this year, four armed men broke into the family home of a cryptocurrency trader Danny Aston in Oxfordshire, England. They forced him at gunpoint to transfer bitcoin holdings to their address. A total of £700,000 was stolen. The police are still looking for criminals.
In the same month, an Ottawa-based cryptocurrency exchange Canadian Bitcoin was hit with an armed robbery. Three people entered the company's offices, but one of the employees managed to call police before any assets could be taken. One suspect was arrested, two remain on the lam.
Criminals also use cryptocurrency for demanding and accepting ransom payments. Back at the end of July last year, the U.S. TV channel HBO experienced a series of cyberattacks carried out by the group called OneMiner. Consequently, hackers got access to the company's social media accounts, internal correspondence, and about 1.5 terabytes of sensitive information and unreleased episodes of the hit series. The hackers demanded the equivalent of about $6 million in bitcoin and claimed that otherwise, they would release the data they had stolen from the network.
How to protect yourself and your funds?
A crypto investor—who's known under the nickname "Grumpynitis"—shared his experience. In the past, he worked as a security consultant to banks, governments, and multinational companies, so he was well aware of the risks posed by potential hacker attacks. It was kidnappings and extortions that made him rethink the way he stored his crypto assets.
Previously, Grumpy stored the private keys to his cryptocurrency using a strategy of embedding an encrypted vault in a video file. But he's switched to the Ledger Nano S as it allows access to the keys with no need to use a personal computer. Moreover, the device keeps the keys unexposed even when plugged into a PC. After receiving the Ledger in the mail, Grumpy took the thing apart to verify the chips. He also double-checked the signatures generated by the device.
Had he not done it, he could've ended up just like Redditor moodyrocket, who acquired the Nano Ledger hardware wallet on eBay. A week after the purchase, moodyrocket lost all of his cryptocurrency totaling $34,000 to the re-seller who had used a man-in-the-middle attack and inserted their own recovery seed instead of the one randomly assigned by the manufacturer.
Grumpynitis did also take some extra measures related to storing the seed phrase that consists of 24 words. The phrase would've never seen a computer. Instead, he divided them over three pieces of paper, which each contained 16 words. Hence, to reconstruct the seed, one would need any two of these three papers. They are stored out of his home, in special tamper-evident envelopes.
Bitcoin developer and BitGo engineer Jameson Lopp did also tell how to protect yourself. Although Lopp had previously been attacked by hackers multiple times and was ready for a cyberattack of any level, he felt a real threat to his security at the end of the past year, when a horde of police officers with rifles were close to raid his home after someone had sent an anonymous tip regarding a hostage situation at his place.
Jameson Lopp is one of the Bitcoin Core developers and a rather well-known bitcoin enthusiast who has stood against the SegWit2x protocol. In October last year, there was the swatting attack on his home in Dakota, North Carolina. According to Lopp, the whole neighborhood lost access to electricity, and it took him a while to explain the police that there were no hostages in his home and the phone call itself was a bad joke.
The incident has shown the developer that there are people within the crypto community who are ready to go that far. In this regard, Lopp rethought his attitude towards his own physical security:
"Over the years I've educated myself in hand-to-hand, knife and firearm combat. I've received tactical training from a variety of experts and applied a great number of best practices to my home to fortify it against various types of intrusions."
As for storing cryptocurrency, Lopp recently published his recommendations on Medium, describing the hardware wallets, the access to which requires authorization from several people, as one of the most optimal options to protect one's crypto savings. What he did also suggest was using paper wallets with split keys via Shamir's Secret Sharing algorithm or storing assets in multi-signature addresses.
Investor William Mougayar is certain that with the rise of cryptocurrency popularity and the number of the crypto market players as well, it is the personal responsibility of this community's members to ensure the proper level of their personal safety:
"It's like moving from an apartment where building security is already provided, to a private home where you are responsible for your own security."
Nevertheless, Mougayar thinks the majority of the cryptocurrency market players still do not realize that an eight-letter password is not sufficient anymore. One needs multi-factor authentication, multi-signature arrangements, paper wallets (best kept in a safe), hardware devices like the Ledger, PIN codes, and recovery phrases. And these are just the baseline measures to protect one's crypto assets.
Cryptologist Ian Grigg is also concerned about the current state of the crypto market because of a growing number of fraudsters. He believes that in the first place, it's time to change the dialog:
Grigg adheres to an opinion that the majority of bitcoin holders are too proud to admit that by revealing such information, they become potential targets for criminals in both real and virtual worlds.