2021-4-1 22:41 |
A proposed set of solutions to the often-thought-about physical security of bitcoin storage.
Alright, class, let's put our tinfoil hats on for today’s discussion. In today’s lesson, we are going to address surviving the fabled $5 wrench attack with our health and bitcoin stack intact.
First, some background: what is a $5 wrench attack?
I'm glad you asked. It's actually quite simple.
Imagine for a moment that through some sequence of events, crooks or criminals learn that you are the proud owner of a handsome stack of satoshis. Whether through poor operational security on your part, or a customer data breach, or by other means, it doesn't really matter. They know (or assume) that you own and control the private keys to a stash of bitcoin. And now they know where you live. Add in one of Bitcoin's pre-programmed bull cycles, and now, our hypothetical criminals decide it's worth paying you a visit. Upon visiting you, they physically coerce you to hand over your stack. Maybe they make you hand over your seed phrase. Maybe they force you to get out your hardware wallet and transfer your stash. As any bitcoiner who has been in the space for more than a few months knows, there are no take backs on the bitcoin network. No one is coming to save your ass if you’ve already transferred your bitcoin. If it gets to this point and you haven't already thought about what you might do, you've lost.
"But that's not fair," I hear you say. "I've done everything Uncle Jim told me to do: I got a hardware wallet, wrote down my seed phrase, and took custody of my bitcoin." Have you also heard them mention that radical freedom requires radical responsibility? Read that again and internalize it. Read it one more time.
This reminds me of a phrase I've heard Matt Odell use: "Treat your bitcoin like its value is 10 times greater than the present price," because it will be. Do yourself a favor and become familiar with educational resources like Matt and Bitcoin Q+A. They've managed to make seemingly impossibly technical procedures straightforward with actionable, direct instructions. Their material can take you from "YOLO! All my bitcoin is on an exchange!" to the level of custody security we're about to discuss in the span of one bitcoin market cycle (yours truly serves as proof).
So what's the solution to the dilemma?There are multiple options that can help you in the home invasion scenario. They all have their tradeoffs, and they are not necessarily mutually exclusive. After review, I believe that a geographically distributed multisig wallet is the best solution for secure self-sovereign bitcoin custody. Signing devices from multiple vendors can be used as a strategy resilience cherry on top. Additionally, the sooner this becomes the standard for self-custody in the bitcoin community, the sooner crooks will be disincentivized from attempting these attacks.
OPTION 1: Decoy walletA decoy wallet is one that you load with enough bitcoin to satisfy a thief, but not so much that you wouldn't be willing to sacrifice it in an emergency. Most bitcoin plebs have a "hot" wallet for their daily, weekly, and monthly transactions. This is often a mobile wallet that could serve nicely as a decoy wallet. The key factors here are that it contains enough to throw them off the scent but not enough to crush you financially and that the thief doesn't have more specific intel on you or your stash.
If the attacker is a bit more technically savvy and perhaps got their information via a customer data leak from a particular hardware wallet manufacturer, they may be expecting to find said hardware wallet in your home. In this case, the decoy may just be a bonus they weren't expecting.
The ColdCard Mk3 AKA the “Canadian Calculator” has a duress PIN feature that can help in this situation by allowing you to effectively have separate wallets on the same device that are derived from the same BIP 39 seed phrase. One can be the main wallet and one a decoy with no way for the attacker to know without knowing your PINs. The ColdCard also offers an optional “Brick Me PIN” feature that destroys the secure element on the device, removing its key signing capability. However, this does nothing to secure the seed phrase backup in your safe. You do have a safe, right?
Another hole in this strategy might be that the attacker could receive their info from an exchange customer data breach that familiarizes them with the total amount of bitcoin you've purchased. If their info and the decoy don't match, then the decoy’s effectiveness can be limited, and the crooks may go looking for other devices in your home.
OPTION 2: Upgrade your home securityThis is a smart option with or without bitcoin in the picture. Lock your doors. Yes, even while you are home. Get rid of the key you have hidden under a rock next to your front door. Every would-be home invader checks, and no, your hiding spot isn't better than everybody else's. Consider surveillance systems. They are worth the money. Lock your windows. These are all sensible and prudent security considerations but can't guarantee that thieves are unable to break into your home. They only make you a more challenging target, but being a more difficult target is always a good idea.
OPTION 3: Geographical separationThis one is a fundamental aspect of the optimal solution towards which we're working, but it leaves a bit too much to chance if you value your bitcoin at 10 times its present market value. So, you set up your hardware wallet and back up the BIP 39 seed phrase. If neither of these are in your home, then you can't be coerced during a home invasion to sign a transaction handing your bitcoin over to an attacker, and they can't get their hands on your seed phrase to send your satoshis to their wallet. This introduces significant friction to spending your bitcoin but doesn't get in the way of saving satoshis in cold storage. Your cold storage isn't for spending, so that friction is more of a feature than a bug.
I hear you, though: "But Teach, what if they force you into a car and make you direct them to your backups/key signing device?"
Well, reader, we've considered this potential situation and placed security checkpoints between us and access to our backups/key signing devices. These can take many forms. Maybe you have a bank safety deposit box. Maybe you have your hardware wallet stashed in your office that employs 24/7 security. Perhaps you have a family member who is always home. Each of these options offer a checkpoint you must cross, where you may be able to express your duress and receive assistance in addressing the situation. This is critical if the thief is motivated. If they are willing to make the trip, the inconvenience is no longer a detriment. In this situation, the checkpoints become the key to foiling your attacker. Unfortunately, this strategy requires a certain level of trust that is frowned upon in the Bitcoin space. If your secrets are stored in a bank safety deposit box, you're more than likely not going to be compromised; however, there is no guarantee. There is only a promise that your safety deposit box is "sacred," but such promises aren't worth anything. Say that your secrets are stashed in your office. There is no guarantee that the evening cleaning crew won't just happen upon your backups, and if they recognize that they’ve found a bitcoin BIP 39 seed phrase, you may be out of luck. The same goes for any guest your “always-home” family member invites into their house, where you've decided to store your secrets. Tamper-evident bags can help to discourage snooping but are totally worthless for stopping a thief once breached. So, how do we surmount these shortcomings?
OPTION 4: Multisig wallets (geographically distributed)Imagine that you have three seed phrases/key signing devices. You can take these three key signing devices and hide one at each of the three different locations mentioned in Option 3. These three key signing devices can all be linked to one multisignature wallet scheme. In this scenario, it is necessary to collect at least two of the three devices to sign any bitcoin transaction that will spend any of the "managed" unspent transaction outputs. With the "m of n" multisig standard, you are required to sign with a quorum of the signing devices to move any of your cold storage funds. With this strategy, you introduce a level of friction that shouldn't be too much of an issue for true cold storage funds but introduces significant complications for a $5 wrench attacker. You can even keep one of the key signing devices in your home because it still requires a trip through at least one of your checkpoints. Additionally, if one of your hidden secrets/devices is compromised, there is no cause for concern, and you can still maintain full control of your bitcoin by collecting your other two devices. Tamper-evident bags are a prudent and economical addition to this scheme.
This is all well and good in theory. Unfortunately, at present, the tools available for technically limited Bitcoin users put a hard cap on the number of people who can pull this strategy off. Let me be the first person to dissuade you from pursuing this type of scheme until you are ready. The key being: until you are ready. You need to learn to walk before you run! This type of security is presently aspirational for most bitcoin users but is absolutely critical to a healthy future when Bitcoin is the primary store of value, method of exchange, and unit of account. If the available tools improve to the point where every bitcoin pleb, with their satoshis stored outside of exchanges, can adopt a multisig "savings account," then the motivation to attack any one bitcoin hodler decreases because the likelihood of success is significantly diminished.
Some credit where credit is due: Sparrow Wallet and Unchained Capital’s Caravan standard empower users to implement the strategy discussed here. Check them out and start experimenting! If you think you can improve the tools in this space of the bitcoin ecosystem, I encourage you to get to work! A multisig-as-standard future is crucial to making Bitcoin a viable global standard in terms of personal wallet security.
Similar to Notcoin - Blum - Airdrops In 2024