Unfortunately, one of the 'killer apps' for crypto is extortion. It's going to change the world and not for the better.
The hard part of extortion has always been getting paid. It's always involved exposure ("meet me there with a bag of money") or been subject to limitations (wire transfer clawbacks, cash withdrawal limits, etc), until now.
Right now anyone in the world can fill an insulin syringe with cyanide solution, walk into supermarkets (too big to properly secure, and there's too many supermarkets to prevent it), and inject it into random plastic coke bottles. People will stop drinking coke, and then Coca-cola will be willing to pay hundreds of millions of dollars to make it stop. Ten years ago, the extortionist would then have to meet somewhere to collect a bag full of money, and that's where the risk comes in. But now they can simply send coca-cola a bitcoin address and get paid anonymously risk-free. You can design extremely profitable low-risk crimes.
The question then becomes, if more people were given the ability to steal risk-free, would they? Anyone who has spent time in the crypto ecosystem has already learned the answer. They will. This is why nearly every exchange gets 'hacked' and so many darknet vendors pull exit scams. It turns out a lot of the reason most people are good all the time has more to do with fear of getting caught than virtue.
The world is about to become a very scary place.
Be the change that you wish to see. Money won't make you happy.
Upvoted for your last two sentences. If this is the destiny of humanity, so be it. Either we will get past it, or we won't. That was always the case, bitcoin or not. The fundamental issue is human nature. Technology merely distills and clarifies.
This is not really such an obvious consequence as you make it out to be. Technology can channel different aspects of human nature more or less intensively. Bitcoin for example is a design which puts forward more of the „bad“ sides... through its design it channels greed at the expense of sustainability. Interestingly it only works if people participate and accept it, so we actually have a strong lever that we can work against it. Just don’t participate.
So to sum up... I think it’s mor appropriate to say the fundamental issue is how we design around human nature to create a world worth living...
It's not entirely risk-free, as the spending of stolen or other Bitcoins of questionable origin is not trivial. Even if you use Monero or Z-Cash, regulation requires you to specify how you earned the money when cashing out. Yes, you can make something up, but you will need a good, plausible story.
But how will such a criminal make Coca cola trust that it's him and not his impostor asking for money? And how will he make Coca cola trust that he will actually stop doing it?
Another case: btce. Now turned to Wex. They got the possibility to run with users funds but instead they decided to stick around.
That being said, most people are peaceful. Crime-wise, they are slightly willing to do bad things (like stealing quietly from the market). Those ready to kill or cause great damage, are not normal people and are not most people.
Go to Japan and see how people behave their. America is violent and so is many places in the world. But I would not lose faith yet.
> That being said, most people are peaceful. Crime-wise, they are slightly willing to do bad things (like stealing quietly from the market). Those ready to kill or cause great damage, are not normal people and are not most people.
That's a very lofty assertion. Most people assign a very very very high value to "avoid getting caught". Over time we have developed a system to increase probability of getting caught for any crime. Should the system fall apart, the crime spikes
But that won't scale because the public won't have time to study every case that occurs. Maybe instead we could have specific people whose job it is to analyze cases and make judgements. And maybe each case could be assigned a few people to study it and help the judge decide...
No, it wouldn't. First of all, it is obvious that there will be no consensus. And even if there was consensus it would be very challenging to do because deploying a hardfork takes time while criminal could transfer his money before the hardfork to a different address.
The chance that someone would send him money a second time is very small, and the act of terrorism comes with risk of getting caught. If the extortionist is in it for the money, it doesn't make sense to continue the same scheme. It might make sense to start a new scheme, however.
It wouldn't be exactly something that can be done overnight, but it wouldn't be impossible. Depending upon how strongly they implement the laws, it would kill currencies that don't offer protection from being tainted.
It won't make you happy but thanks to banking cartels you are force to keep obtaining it to survive. Money doesn't come to mine when people think of addiction but it's the one thing we as a global society are addicted to more than any amount of caffeine, any technology, any food, drink, drug, or chemical.
The existence of money isn't the problem. Unless you want to grow your own food, make your own clothes, and do your own surgery, sooner or later you're going to want something from someone else that you need to trade for, and money is a better way of dealing with that than having to hunt down someone who has what you want and will take some of your chickens or whatever in exchange.
It is possible that it was done by a corrupt secret service (SBU), that recently started raiding people involved with crypto currencies in Ukraine and stealing their coins. The ForkLog guy was not afraid to speak up [1]
There are huge conglomerates in Ukraine operating in Crypto, gambling, porn, ransomware etc. Could be just some rivals attacking competitors (and paying of SBU to do the bidding is fairly realistic option)
So it appears criminals are getting wiser and a new wave of home and personal robberies may emerge. Will this push crypto owners to entrust their currency with more secure institutions, leading to these "decentralized" currencies to be once again under control and manipulated by banks and governments?
It doesn't matter if you own crypto or not. The mere existence of it creates a threat for every relatively rich person out there. They can simply coerce your family to buy bitcoin and give them some, on threat that they kill you.
I'm sure it's not impossible to find 'under the radar' rich people - and people who take care to not flaunt their wealth will probably be more likely to try and make the whole thing go away quietly by paying up.
I could imagine the current exchanges becoming banks, in the disruptive sense. What's stopping them from creating interest-earning savings accounts and loaning out on a fractional reserve basis? Seems like we'll be back where we were a century ago, bank runs and all.
There isn't much evidence that Tether Limited is indeed keeping a reserve of USD for each Tether printed [0]. They are minting hundreds of millions of Tethers and there are a lot of skeptics out there who don't believe that they have billions of USD in a bank.
[0] https://seekingalpha.com/article/4133884-bitcoin-additional-...
> Which won't be able to carry weapons in most places.
Most places? Places like what? Even Germany, with its rather restrictive gun laws, has exemptions for private security companies allowing to carry weapons.
While I don't know any specifics, I doubt that it's gonna be that much more difficult, in Eastern Europe out of all places, to get a legal carry permit.
which is ironic as the RAF was a fairly hopeless terrorist organization that did not carry out many actions
I met an old school mate years ago she was working as a PA for deutsche bank in the uk and she mentioned that the senior mangers where annoyed as the UK would not allow them to have armed body guards.
With enough armed bodyguards you aren't going to be kidnapped at gunpoint. Why risk your life going after a hardened target when there are so many vulnerable ones.
I imagine its quite easy to find mercenaries that are willing to fight back. There is an entire industry for hiring people to fight wars.
Don't go to those places. Or hire off duty police to escort you in those countries.
Bill Browder can't eat at the same restaurant twice because his food may be poisoned. If you are a high profile target you have to change your patterns to remain safe.
Bitcoin was released at 2009. Since then, this is the first kidnapping probably linked to cryptocurrencies. Yeah, this is definitely a trend. Since people are publicly boasting about their crypto fortunes and kidnappers has published their demands... /s
> Since people are publicly boasting about their crypto fortunes
You don't need people boasting about their crypto fortunes. As soon as you set up a Bitcoin tip jar, anyone can look directly at the blockchain to determine how much money you have - and how much you have had at any point in time and where the money went.
Yes but everyone can see how much you received over the years. And, well, if there have been thousands of BTC passed through that tip jar, it's reasonable to assume that the organization still has control over a big amount of these funds.
Yes but everyone can see how much you received over the years.
Only if you use static addresses. If you're receiving thousands of BTCs, you can easily afford to write a widget that generates a new address for each donor (behind a captcha, to avoid DoS).
Perhaps the would-be theives might notice someone going through a lot of different addresses. Better to just use Monero and keep the single address for tips as no one would be able to see the address balance without a viewkey.
It’s sad that people need to rediscover the power of the rubber hose this way. I like the idealism in the crypto community, even if I think it’s unfounded. Seeing them face the reality of human nature and behavior would be like watching a really nice old nun lose her faith.
I raised this concern in a comment last week. We are going to see more instances of this. Remember how in the movies they break into a bank manager's house and hold the family captive while someone goes with the manager to open the bank vault?
Same thing is inevitably going to happen IRL. I always say exchangers are Bitcoins weakest link. All it takes is one compromised employee at Coinbase or another large exchanger (intentional or some kidnapping scenario) for the price to come crashing due to the damage they can be forced to do.
Never ever keep your coins on an exchange wallet. Never.
What you're talking about is called a tiger kidnapping, and is not something that just happens in movies - it's happened several times in my home country, Ireland.
There is only so much a bunch of criminals can take out of a bank's local branch. But for a bitcoin exchange, they could in theory take the whole thing, including client's funds if they share the exchange's public wallet. If you think about it, it can be a $100m+ robbery.
My 2018 prediction is that a terror attack (or other high profile event, say a massive human trafficking ring bust) of some sort will get blamed on "Bitcoin financing" and this will be used as pretext to go after one or more US exchangers and seize assets. That's why - never keep your coins on an exchange-controlled wallet. If this happens, it will take many years if you ever see your coins again. By then the worldwide crackdown on exchangers will crash the Bitcoin price, so it might not matter at that point.
Wow, this is awful. I've met coin exchange directors, and one of them mentioned to me that this was a topic of concern within their management. Specifically that their families might be targeted too. I don't know anything about Mr. Lerner, but hopefully the police will find him safe, soon.
Mathematical basis for Bitcoin still compromised by "rubber hose" cryptanalysis.
Let this be a reminder that physical security is a necessary precursor to computer security. And I also hope that Exmo's succession plan executor takes the precaution of staying up late tonight to move all their reserves to new wallets.
That will be a brutal task, knowing that doing it ensures your colleague will get tortured and be unable to stop the torture by giving up the bitcoins. Still, probably for the best.
The mathematical basis for multisig wallets is explicitly resistant to rubber-hose cryptanalysis, if the keys are distributed sensibly (e.g. with one going off to a counter party in a different political regime who can’t be compelled by the same state-actors as you to share keys.)
The best way to not get your car stoken is to leave the engine in a warehouse in Germany, the chassis in a car park in Brazil and the rest in your garage in California. That's super secure but how do you use it every day?
An exchange doesn't have to have all of their assets ready to use at a moment's notice. They could have 95% of their assets locked up in an inconvenient but safe method. If their hot wallet starts running low, then they begin the process to top it up with their hard-to-use multisig protected funds.
The keys don't have to come together. Each keyholder can separately sign the transaction from wherever they are on the planet. The transaction to add funds into the hot wallet could have been pre-arranged.
One of the keys could be controlled by a law office on the other side of the planet with contractual obligations to only sign the hot-wallet-refill transaction with a certain amount when the hot wallet falls below a certain amount and when the exchange requests it. The cold-wallet that they're funding from could itself be funded by a timelocked transaction to guarantee that the cold-wallet isn't emptied out too fast, and an entirely different set of law offices that the exchange doesn't regularly contact control the keys that allow the cold-wallet to be emptied out faster. If the different types of on-chain controls like timelocked transactions aren't enough, then some of the keys could be in tamper-proof hardware-security-modules that further restrict how the keys can be used.
Or you can use the strengths of cryptocurrency and split a key between a safe deposit box, your home, and yourself, and require 2 of 3 of them to get the original key.
That definitely helps against many scenarios, but "home and yourself" means you're still in immediate control of funds while you're at home, so you're still vulnerable to armed robbery. You want to make it so your answer to the robber is "I can't, the bank's not open."
It's not a terribly large amount of code, and it's easy to test, even with a "live" key (since testing that any n of m can be recombined doesn't force a spend or reveal anything externally).
Also, it's a fairly well-known system, so I don't see it being collectively "forgotten" on the timescale of a few decades (it's been around since the late 70's i believe).
I'd love to get it integrated into wallet software, as it's such a safe and reliable way of storing secrets that lets you be as "secure" or as "reliable" as you want with just a slider.
This is what I had in mind. And it can scale to any "n of m" you want, without any if the downsides if multisig wallets (namely larger transactions, and more complex Bitcoin wallets required)
it's called 2 of 3 multisig and it's a standardized part of most cryotocurrency. it requires X of Y separate key signings to complete a transaction from an address
You don’t really want to split the key (as in if the key is n bytes, split it in 3 segments of n/3 bytes) because if one has two segments, I imagine it’s not inconceivable to infer the third segment from the public key and the other two (though I haven’t made the math).
Rather you have a private key p of n bytes. Create two cryptographically random keys k1 and k2 of n bytes each. Derive a key k3=(p XOR k1) XOR k2. k1, k2 and k3 are your distributed keys. To recompute p you need to do p = (k3 XOR k2) XOR k1.
A XOR is trivial to implement and I would expect be reasonably robust.
The weak spot of Cryptos is in the exchanges. Getting your money in or out of crypto is a reall hassle, and a risky undertaking. I still had some money at Exmo, moved them to Ether to send them to Kraken (and in my own wallet eventually). However the ethereum transaction is still in "Verifying status". Normally I always keep my cryptos in cold storages, but you cant want you want to exchange them for cash.
I also tried to get my Euros out of Exmo, but verification is already taking more than a week. My trust is gone in them. And thats the whole point. Exchanges are still based on trust, thats not what decentralized cryptos are about. It only works if everybody works on the blockchain only.
For crypto-crypto exchanges you can use trustless atomic swaps. For crypto-fiat just use a reputable exchange that operates in your local jurisdiction.
winklevoss? Distributing keys doesn't prevent you from having a few "digits" (no pun intended) removed. "Oh you can't get them? Call the other key-holders. Better hope they like your fingers as much as you do."
In "Casino" Robert De Niro's character puts $2M in jewels in a safe-deposit box that even he doesn't have the key for (he naively gives the key to his wife- but that's another part of the plot) He narrates that the jewels are "in case he got in trouble". Ostensibly so he could pay off kidnappers.
I have the "poor man's" version of De Niro's safe-deposit box, a Rolex Submariner. Readily convertible into US$3-5K cash (at least) in pretty much any large city in the world. It's always on my wrist. If I needed the money desperately and couldn't access my accounts, I have my beloved watch.
Be careful as there are rumors of people using machetes to separate these watches from their owners on the street in certain countries just to reduce time, effort and risk.
I guess that's safer than leaving your cash out on the kitchen table, or maybe at a bus stop...but not by much if your threat model is highly sophisticated thieves/attackers capable of breaking into a safe-deposit box and/or kidnapping your family and ransoming them.
I'd rather not know what time it is than wear a Rolex. I would be self-conscious about people thinking I was that vain and materialistic, assuming it's fake, and that I was a poseur. Get a money belt if your point isn't just to show off and you're not asking to get rolled.
Unless you go for the yellow gold or two-tone (gold/steel) models, 95% of the people won't no that you're wearing a Rolex. Regular Submariner or Datejust is pretty nondescript and doesn't scream Rolex at all. Only other watch nerds will notice.
Sure besides lots of physical and op-sec, your best bet is to insure yourself w/ payoff money that is liquid and untraceable. Failing all else, you could offer this to your kidnappers and hope that they are satisfied not to go to the trouble of having to involve other parties thus increasing their risk of incrimination. See my comment about "Casino" the movie...
Quite likely that governments will force exchange operators to get appropriate security. Hell if I had the keys (or were in a position to be used as "leverage" for them in a kidnapping) to a Bitcoin exchange, I would surround me with a bunch of ex-military guards.
Structure things so if they betray you, they have a very high chance of getting detected and needing to go on the run - e.g. access control records, CCTV and whatnot.
Then hire guards who would have to sacrifice a lot if they went on the run permanently. e.g. guards with partners, school-age children, extended family nearby, friends, and community ties like membership of voluntary organisations, churches or clubs.
This is bullshit, exchanges with the most rudimentary technology will not keep their funds under a single private key held by one single person at all times. Multi-sig exists.
Well sure, but the executives of the exchange signing that transaction would actually be a violation of the law, because they are custodians of their customers' funds and not all customers may agree in saving their executive.
The hard part of extortion has always been getting paid. It's always involved exposure ("meet me there with a bag of money") or been subject to limitations (wire transfer clawbacks, cash withdrawal limits, etc), until now.
Right now anyone in the world can fill an insulin syringe with cyanide solution, walk into supermarkets (too big to properly secure, and there's too many supermarkets to prevent it), and inject it into random plastic coke bottles. People will stop drinking coke, and then Coca-cola will be willing to pay hundreds of millions of dollars to make it stop. Ten years ago, the extortionist would then have to meet somewhere to collect a bag full of money, and that's where the risk comes in. But now they can simply send coca-cola a bitcoin address and get paid anonymously risk-free. You can design extremely profitable low-risk crimes.
The question then becomes, if more people were given the ability to steal risk-free, would they? Anyone who has spent time in the crypto ecosystem has already learned the answer. They will. This is why nearly every exchange gets 'hacked' and so many darknet vendors pull exit scams. It turns out a lot of the reason most people are good all the time has more to do with fear of getting caught than virtue.
The world is about to become a very scary place.
Be the change that you wish to see. Money won't make you happy.