Why some crypto currency users lose everything

23 November, 2018

Maintaining good operational security is imperative for all web users, but it’s particularly important in the cryptocurrency space. Prying eyes are everywhere on the internet, from law enforcement to hackers and from blockchain forensics firms to data resellers. Examining the opsec errors that got several notorious bitcoiners robbed or busted yields valuable lessons we should all heed.

Opsec Is a Scale Not a Switch

There’s no such thing as optimum opsec or perfect privacy. Just because the internet’s heavily backdoored and broken doesn’t mean you should concede defeat. It’s possible to enhance your online security without adding complexity. The most memorable opsec lessons come from studying those who let their guard down or got sloppy and were duly punished. You don’t have to be a darknet market boss or a bitcoin whale to benefit from keeping your crypto, data and browsing habits locked down. The following figures all paid the price for opsec errors that could have been easily avoided.

Keeping Logs

Silk Road operator Dread Pirate Roberts (DPR), later to be identified as Ross Ulbricht, made a string of mistakes that ultimately led to his dox and arrest. Ulbricht remains a visionary and a hero to many bitcoiners, but even his greatest advocates will concede that he was the architect of his own downfall. The key takeaway from DPR’s takedown is this: Don’t retain unencrypted documents that would be damaging to you if they fell into the wrong hands.

In addition to keeping passport scans of Silk Road employees and chat logs, DPR kept a diary in which he confessed to ordering assassinations and all manner of other nefarious deeds. When feds seized Ulbricht’s laptop while he was logged in to Silk Road, they got the lot. Don’t store incriminating information on your phone or laptop, particularly not private keys or 2FA backup codes. If your device is stolen, seized or injected with malware, you’re screwed.

Writing Analysis

Former darknet market vendor Gal “Oxymonster” Vallerius is serving a 20-year jail term in America for drug offences. While the manner in which he was detained — at a Texan airport after flying in to attend a beard contest — caught the headlines, the way he was unmasked is where the focus should be. One of the primary tells that connected the Oxymonster pseudonym with Gal Vallerius was writing analysis. Language, punctuation, cadence and other stylistic tells such as capitalization are highly individualistic. Even something as simple as typing a trademark phrase to submit vendor feedback on the deep web — “Banging!” — can be enough for a dox.

If your pseudonymous persona is doing something that could deleteriously affect your real-life identity, be very careful what you write and how you write it. Even law-abiding citizens like Tether critic “Bitfinexed” have allegedly been doxed through writing analysis.

Recycling Pseudonyms

Not everyone on this list is a major criminal, but deep web kingpins are ripe for analysis. Not only is their fall from grace monumental, but court records provide precise details of how they were caught. Alphabay boss Alexandre Cazes made plenty of mistakes, the crux of which can be distilled into two words: don’t recycle. Recycled usernames, email addresses and, most critically, passwords are an opsec accident waiting to happen.

Cazes used his old Hotmail address as the source address for Alphabay’s welcome emails and adopted a pseudonym on the site he’d previously used elsewhere on the web. Like Ross Ulbricht, Cazes didn’t encrypt his laptop, enabling law enforcement to access all his records and seize millions of dollars in cryptocurrency. And all because he was too lazy to think up a new pseudonym or create a new email address. The fact that the Canadian citizen went on to commit suicide in a Thai jail cell after his arrest makes his case even more tragic.

SIM Jacking

Messari founder Ryan Selkis, aka “Twobitidiot,” is a law-abiding citizen who holds the dubious achievement of having been SIM-swapped twice. Also known as SIM jacking, the scam involves an attacker porting the victim’s phone number over to a new handset through social engineering. Selkis’ second jacking occurred only this month, despite the tech-savvy entrepreneur having taken robust measures to thwart a repeat attack.

“I a) flagged my account as high-risk, b) added a pin, and c) demanded account changes only take place in store with a photo ID,” he explained, but all to no avail. Mercifully, the attackers were unable to access his cryptocurrency on this occasion. His advice for others includes removing SMS verification for email, and using 2FA only through an app such as Google Authenticator. Selkis encouraged his readers to follow the guides that others have written on preventing the likelihood of SIM jacking. Unfortunately, even with numerous precautions in place, cellphone network staffers remain an Achilles’ heel.

Oversharing

Opsec is generally thought of in technical terms: using strong passwords, connecting via a VPN and other good practices. But one of the biggest ways in which cryptocurrency users make themselves a target is by running their mouth and revealing the size of their digital wealth. Most people aren’t as careless as Pavel Nyashin, a Russian Youtuber who was robbed of $425K of crypto by masked assailants after boasting about his wealth in a series of videos.

Balancing your desire to tell the world about bitcoin without revealing the size of your bitcoin holdings can be tricky. But as case after case has shown, even gossiping to friends about the size of your stack or how it’s secured can make you a target. Keep that business to yourself: Don’t show off your portfolio or your hardware wallet, no matter how flashy the device might look.


Source link   Crypto currency: Bitcoin


Is it time to introduce strict ICO regulation?

Recently, Sirin Labs, an initial coin offering (ICO) project that raised $158 million during the bull market of 2017, made the headlines for its controversial pivot from a hardware-based...

Investing Tips For Crypto Bear Markets

Investing in cryptocurrencies can be overwhelming and difficult, especially during periods when a bear market controls the prices. To deal with it, let's discuss...

Block Show Asia 2018 report

Singapore has welcomed guests for another important crypto-event. The exhibition Block Show Asia 2018 brought numerous business contacts for LH-Crypto. The company presented new products...

Bitcoin is 43% More Profitable to Mine

When Craig Wright formed an alliance with CoinGeek founder Calvin Ayre to launch a hostile takeover of the Bitcoin Cash (BCH) network, the two men predicted that their BCH...


FIBO Group increases leverage for cryptos

FIBO Group is glad to announce that the 3rd of December 2018, the leverage for all the tradable cryptocurrencies shall be increased to 1:10. The new leverage shall allow you to...

Second Largest Drop of Bitcoin Mining

The crypto market's prolonged decline has finally begun to manifest in the bitcoin mining industry, which had at times seemed impervious to falling prices but is now...

Long Time to Reach All-Time High Again

Throughout the past eleven months, the Bitcoin price has dropped from $19,500 to $3,000, by nearly 85 percent. The dominant cryptocurrency fell by 85 percent on average...

Bitcoin is a bubble but appropriate for foreign missions

Russian Economic Development Minister Maksim Oreshkin has stated that while bitcoin has deflated like a soap bubble, it has impacted the world...