Okay, class, let’s put our aluminum foil hats on for today’s discussion. In today’s lesson we are going to cover how to survive the fabled $ 5 attack with health and bitcoin stacks intact.
First, some background information: What is a $ 5 wrench attack?
I am glad you asked. It is actually quite simple.
Imagine for a moment that through a series of events, crooks or criminals learn that you are the proud owner of a handsome stack of satoshis. Whether due to poor operational security on your part or a breach of customer data or in any other way, it does not matter. They know (or assume) that you own and control the private keys to a bitcoin stash. And now they know where you live. Add in one of Bitcoin’s preprogrammed bull cycles and now our hypothetical criminals will decide it is worth your while to visit. When they visit you, they physically force you to hand over your pile. Maybe they will get you to hand over your seed phrase. Maybe they’ll force you to take out your hardware wallet and transfer your stash. As any bitcoin who has been in space for more than a few months knows, there are no setbacks on the bitcoin network. Nobody is coming to save your ass when you’ve already transferred your bitcoin. If the time comes, and you haven’t thought about what to do, then you’ve lost.
“But that’s not fair,” I hear you say. “I did everything Uncle Jim told me to do: I got a hardware wallet, wrote down my starting phrase, and took my Bitcoin into custody.” Did you also hear them mention this radical freedom? requires radical responsibility? Read that again and internalize it. Read it again.
This reminds me of a phrase I heard from Matt Odell, “Treat your Bitcoin as if its value is ten times the current price” because it will be. Do yourself a favor and familiarize yourself with educational resources like Matt and Bitcoin Q + A. You have managed to design seemingly feasible technical procedures with feasible, direct instructions in an uncomplicated manner. Your stuff can get you from “YOLO! All of my Bitcoin is on an exchange!” Regarding the level of security that we are going to discuss in a Bitcoin market cycle (yours really serves as evidence).
What is the solution to the dilemma?
There are several options that can help you in the home invasion scenario. They all have their compromises and are not necessarily mutually exclusive. After reviewing, I believe that a geographically dispersed multisig wallet is the best solution for secure, self-sovereign Bitcoin custody. Multi-vendor marking devices can be used as a strategy resilience cherry. The sooner this becomes the standard for self-governance in the Bitcoin community, the sooner crooks will be deterred from attempting these attacks.
OPTION 1: Decoy wallet
A decoy wallet is one that you load on with enough bitcoin to please a thief, but not so much that you wouldn’t be willing to sacrifice it in an emergency. Most Bitcoin plebs have a “hot” wallet for their daily, weekly, and monthly transactions. This is often a mobile wallet that works well as a fake wallet. The key factors here are that it contains enough to keep them from smelling, but not enough to destroy you financially, and that the thief doesn’t have any more specific information about you or your stash.
If the attacker is more tech-savvy and may have obtained their information about a customer data breach from a particular hardware wallet manufacturer, they may expect to find that hardware wallet in your home. In this case, the bait may just be a bonus that they did not expect.
The ColdCard Mk3 AKA, the “Canadian Calculator”, has a forced PIN feature that can help in this situation by effectively having separate wallets on the same device derived from the same BIP 39 startup phrase. One can be the main wallet and one can be bait without the attacker being able to know without knowing your PINs. The ColdCard also offers an optional “Brick Me PIN” function that destroys the secure element on the device and removes the key signature function. However, this does not help to secure the backup of the startup phrases in your safe. You have a safe, don’t you?
Another loophole in this strategy could be that the attacker gets their information from a breach of customer data, which exposes them to the total amount of Bitcoin that you have purchased. If their information and the bait do not match, the effectiveness of the bait may be limited and the crooks may look for other devices in your house.
OPTION 2: Upgrade your home security
This is a clever option with or without Bitcoin in the picture. Lock your doors Yes, even when you are at home. Get rid of the key you hid under a rock next to your front door. Check out every potential intruder, and no, your hiding place is no better than anyone else’s. Look at surveillance systems. You are worth the money. Lock your windows These are all sensible and prudent security considerations, but they cannot guarantee that thieves will not be able to break into your home. They only make you a challenging goal, but it’s always a good idea to be a tougher goal.
OPTION 3: Geographical separation
This is a fundamental aspect of the optimal solution we’re working towards, but it leaves a little too much to chance when you value your Bitcoin at 10 times its current market value. So you set up your hardware wallet and secure the BIP 39 startup phrase. If neither is in your home, during a home invasion, you cannot be forced to sign a transaction that will hand over your bitcoin to an attacker, and you cannot get their hands on your starting phrase to pass your satoshis on to theirs to send wallet. This leads to significant friction losses when spending your Bitcoin, but does not hinder the storage of satoshis in the cold room. Your refrigerator compartment is not intended for spending, so friction is more of a trait than a bug.
However, I hear you, “But teach, what if they force you into a car and make you direct them to your backups / key-signing devices?”
Well, readers, we have considered this potential situation and placed security controls between us and access to our backups / key-signing devices. These can take many forms. Maybe you have a safe deposit box. Perhaps you have your hardware wallet tucked away in your office that offers 24/7 security. Maybe you have a family member who is always at home. Each of these options provides a checkpoint to cross, where you may be able to express your coercion and receive assistance in dealing with the situation. This is important when the thief is motivated. When they’re ready to make the trip, the inconvenience is no longer a disadvantage. In this situation, the control points become key to thwart your attacker. Unfortunately, this strategy requires a certain level of trust that is frowned upon in the Bitcoin space. If your secrets are kept in a safe deposit box, you are most likely not at risk. However, there is no guarantee. There is only one promise that your safe is “sacred”, but such promises are worthless. Say your secrets are hidden in your office. There is no guarantee that the evening cleaning crew will not only access your backups. If it realizes that you’ve found a Bitcoin BIP 39 starting phrase, you may be out of luck. The same applies to every guest that your family member invites “always at home” to their house, where you have decided to keep your secrets. Tamper-evident bags can help stop snooping, but are completely worthless in stopping a thief once injured. How do we overcome these shortcomings?
OPTION 4: Multisig Wallets (Geographically Distributed)
Imagine you have three startup phrases / key signature devices. You can use these three key-signing devices and hide one in each of the three different locations mentioned in option 3. These three key signature devices can all be linked to a multi-signature wallet scheme. In this scenario, at least two of the three devices must be captured in order to sign a Bitcoin transaction that is issuing one of the “managed” unspent transaction outputs. With the multisig standard “m of n” you have to sign with a quorum of the signature devices in order to move your cold store funds. With this strategy, you are introducing a level of friction that shouldn’t be too much of a problem for real cold store funds, but that creates significant complications for an attacker with a $ 5 wrench. You can even keep one of the key-signing devices in your house as it still requires driving through at least one of your checkpoints. If any of your hidden secrets / devices is compromised then there is no need to worry and you can still keep full control of your Bitcoin by collecting your other two devices. Tamper evident bags are a prudent and economical addition to this scheme.
In theory, that’s all well and good. Unfortunately, the tools currently available to the technically limited Bitcoin user limit the number of people who can implement this strategy. Let me be the first person to stop you from following this type of scheme until you are ready. The key is: until you are ready. You must learn to walk before you walk! This type of security is desirable for most Bitcoin users right now, but is vital for a healthy future when Bitcoin is the primary store of value, exchange method, and unit of account. If the tools available improve so much that any Bitcoin pleb whose Satoshis are stored outside of the exchanges can set up a multisig “savings account”, the motivation to attack a Bitcoin hodler will decrease as the probability of success will be significantly reduced.
Some loans that have credit due: Sparrow Wallet and Unchained Capital’s Caravan Standard allow users to implement the strategy discussed here. Try them out and experiment! If you think you can improve the tools in this area of the Bitcoin ecosystem, I recommend getting to work! A multisig-as-standard future is critical to making Bitcoin a viable global standard for personal wallet security.