Let’s suppose someone discovers that you own a considerable amount of cryptocurrency. In this case, you could be directly targeted, and someone might intimidate you into handing over your wallet’s private keys or put you in a position to transfer your assets by using a weapon or a simple common tool, like a hammer, a screwdriver, or an inexpensive and old wrench of little value. This type of attack is known as a “5$ wrench attack“.
No matter how secure your keys are in your hardware wallet or on any of your devices, no computer shield can protect you from this type of attack.
But don’t despair, the last word hasn’t been said yet. Read this article and study privacy and obfuscation techniques to live peacefully.
What is a “5$ Wrench Attack”?
Violent attacks on cryptocurrency holders are not new. Security professionals have been warning about them since the early days of Bitcoin. These attacks are commonly known as $5 Wrench Attacks.
This type of attack assumes that the most underhanded way to obtain a password or some useful private information from you is to beat you unconscious with a wrench that costs just 5 dollars. You don’t need to be a hacker for this type of attack…
Unfortunately, since cryptocurrency operations are pseudonymous, in part, it’s difficult to detect the attacker once you’ve provided access to your private keys to verify and track the theft, and therefore… goodbye!
The “5$ Wrench Attack” Paradigm
A “5$ Wrench Attack” is not a paranoid fantasy. Cryptocurrency holders have already suffered this type of attack. Online you can find numerous articles about it by searching for “5$ Wrench Attack”. Probably some articles are fake, but the risk is real.
What should we learn from this?
Consider if hackers obtain information about you and have malicious intentions. In that case, they could exploit cross-referencing data with statements or other information found on social media where traders gather to boast about how much money they make trading Bitcoin with other cryptocurrencies, for example on Telegram or Discord. If they found someone well-known enough, they might try to target them.
To avoid a feared 5$ Wrench Attack following various online leaks, you should keep in mind the following:
- Don’t reveal that you hold Bitcoin or other cryptocurrencies.
- Delete social media posts if you think they might make you vulnerable to attacks.
- Even deleting your social media accounts could be a step to consider.
To quote Jameson Lopp, one of the top experts in the field, as well as co-founder and CTO of CASA wallet: _”make sure you own a good hardware wallet to protect your assets.”_
Multiple solutions can protect you from these private attacks. All involve compromises with security and are not always easy to accept. After long reflection, I believe that a geographically distributed multi-sig wallet is the most suitable solution for secure autonomous bitcoin ownership.
Multi-sig systems from reputable manufacturers like Trezor, Ledger, and Coldcard can be used as a solution. In short, this will become the standard practice for Self-custody in the emerging bitcoin society, and thieves will be increasingly discouraged from attempting these attacks.
How to protect yourself:
Solution 1: Decoy wallet
A decoy wallet is one that you fill with enough bitcoin to satisfy a thief, but not so much that you wouldn’t be willing to give it up in case of a surprise attack. Most bitcoiners use a “hardware” wallet for their daily trading. Usually, it’s a ready-to-use wallet that could adequately serve as a decoy wallet.
The essential factors in this case are that it contains sufficient assets to prevent an attack, but not enough to financially destroy you, and that the thief doesn’t have more detailed information about you or your assets.
It’s assumed that the attacker is technically skilled and might hope to locate the hardware wallet in your home. In this case, the decoy could simply be a suitable amount.
Additionally, ColdCard Mk3 and Mk4 has a PIN that can help in these circumstances, allowing you to have individual wallets on the same device that come from the same seed phrase in BIP39, the function called “Duress pin“. One can be the main wallet without the attacker understanding the trick by not knowing your PINs.
ColdCard also provides an optional element “Brick Me PIN” that physically eliminates a certain component on the device, destroying it permanently in case of attack. However, this does nothing to ensure that the Recovery seed is safe in your safe. And, by the way, you should have a safe.
Solution 2: Upgrade your home security
Regardless of cryptocurrency ownership, it’s good practice to have a high degree of home security. For example, always lock doors even when you’re at home. Avoid leaving your house keys in unsafe places. Consider using alarm systems with motion sensors and cameras; nowadays there are home security systems that are not very expensive and ideal for securing your home.
Solution 3: Geographic dispersion of your private keys
This is an interesting stratagem. When you initialize your Hardware Wallet, you’ll usually have a “recovery seed” in BIP39, that is, 12, 18, or 24 words, usually meaningful English words to be secretly kept. These words are nothing more than your SEED, that is, the private key from which all your public addresses are derived.
It’s advisable to transfer this sequence of words to a cold wallet. On the site, in the accessories section, you’ll find many such as the Cryptosteel Capsule. Or if you want to do everything on your own, you can use Keytala and create your own cold wallet.
The interesting thing is that you could physically subdivide the seed into multiple parts and hide them in various more or less distributed positions, so you would have time to find a solution to the attack. When subdividing the parts, remember to maintain the exact order of the words, otherwise you risk losing everything.
Solution 4: Multisig wallet (geographically dispersed)
As mentioned before, the best hardware wallet manufacturers, such as Coldcard, Ledger, Bitbox02, Trezor, offer the possibility of creating multisig wallets, that is, having more private keys to sign a transaction, having two or more keys, or different devices, according to the most common combination 2-3 or 3-5 up to 16 keys (see shamir backup).
This technique, combined with the fact of keeping the keys in geographically different places, is ideal for avoiding attacks and gaining valuable time.
These four solutions intertwine with privacy management, a very important and difficult topic to pursue. In my opinion, everything is a compromise that touches many aspects of technology use, and I’m not just talking about the use of hardware wallets, but your way of using the internet or better said, online devices.
Therefore, pay attention to these four aspects related to privacy:
- Maintain privacy and a low profile, _“What is bitcoin? Never heard of it.”_
- Avoid drawing attention with stickers and gadgets related to cryptocurrencies.
- Enhance your home security.
- Prepare a decoy wallet.
Today hackers prefer social engineering techniques, and therefore obtaining as much information as possible about you. They will surely try to extort your recovery seed by impersonating someone else to catch you off guard, or knowing your phone operator they will try to do SIM swap and bypass two-factor authentication. Always use hardware tools like Yubikey or Nitrokey to ensure that access to your devices is protected.
Conclusions
Self-Custody is a very complex world. The starting key is called Hardware Wallet, and here on the site you’ll find the best models on the market. Are you ready to take the red pill, or better said, the orange one?
My most sensible advice is to use hardware wallets when dealing with reasonable amounts. If paranoia begins to take over and your skills are not exceptional, trust a good custody service. In fact, I wanted to create the site www.chiaviprivate.it to promote the multisig and multilevel custody service offered by CheckSig, the Italian leader in private key custody services. On the site, you’ll find the form to get a free and no-obligation three-month trial.
What are you waiting for?
Explore the service here: BEST BITCOIN CUSTODY SERVICE
Photo credits:
Photo by Elti Meshau on Unsplash
Photo by sebastiaan stam on Unsplash
Photo by Chris Kendall on Unsplash
Photo by mostafa meraji on Unsplash
Tags: coldcard, Ellipal, Hardware wallet, ledger, recovery seed, security, trezor
