Investigating physical attacks targeting cryptocurrency users (2024) [pdf]
31 comments
·May 25, 2025TheAmazingRace
jsheard
The tension is between needing to keep your mouth shut (for your own safety) and needing to loudly evangelize crypto at every opportunity (because its value is still mostly predicated on hype and FOMO, which must be maintained). For people to believe the narrative that crypto will make them rich, there has to be crypto-rich people shouting about how crypto-rich they are.
TheAmazingRace
That is quite a balancing act, isn’t it?
throwanem
Not before Miami slides into the Atlantic...
dylan604
> Keep. Your. Mouth. Shut.
The interesting thing to me about this is watching how we've changed over the past 40 years. As a kid, it was impressed up on kids to not talk to strangers. You don't tell people where you live. You don't tell people anything more than necessary. Now, people share the most intimate details of their daily lives. People share/invite random strangers to their accounts without any concerns about who they are or what they might do. People just do not think about how the most benign of posts can be used for nefarious purposes by someone else. So we've gone from share nothing to over sharing everything.
TheAmazingRace
So just another point on this… you are probably not as anonymous on the internet as you might think. You can brag about wealth in cryptocurrency. But use a handle long enough, or even across several accounts that can somehow be linked, and a fingerprint of you could be constructed. It really can be done with some forensic analysis.
And I think it all boils down to the fact that some humans need to make noise about their successes so they feel validated. Much like the cryptocurrency evangelists, they probably can’t help themselves because they want to ensure they defend “the mission” even if it comes at great personal cost in the long run.
throwanem
I've recently quoted on here something about learning to spend what's in your pocket. That is a special case of the same general principle evinced here, which is that if you don't put work into maintaining a broad perspective, you lose the ability to distinguish what you're used to and what's ordinary.
It's worth worrying about in the general case, too. There are subtler and much more noxious failure modes here than merely getting beaned with a Swedish nut rounder.
throwanem
> Keep. Your. Mouth. Shut.
With events like the recent Coinbase breach, is this even enough?
TheAmazingRace
Nobody has to use Coinbase. That said, yes you aren’t wrong. The more intermediaries you deal with, the higher your exposure risk.
imaginator
Jameson Lopp maintains a comprehensive list at https://github.com/jlopp/physical-bitcoin-attacks
Side joke: with inflation the XKCD $5 wrench attack (https://xkcd.com/538/) is no longer possible.
qoez
The alt text does say "Also, I would be hard-pressed to find that wrench for $5." so I guess even at the time without inflation it wasn't really possible
apples_oranges
For Americans now difficult. Rest of the world can still order cheaply in China ;)
cluckindan
Maybe those orders should be limited given how the tools have no other valid use than password extraction
grues-dinner
It could be a second-hand wrench. Or maybe smuggled in without tariffs: a 1-foot, 3-pound wrench is $3.45 on Taobao (including shipping, a pair of gloves and a roll of PTFE tape). It might not be Snap-On but it'll probably survive being hit with a few crypto speculator skulls.
os2warpman
https://www.harborfreight.com/hand-tools/wrenches/18-in-stee...
$7.99
They also have an 8-inch wrench on sale for $3 but I'd spend the extra for the pipe wrench.
Better whackin' with an 18-incher.
oulipo
No worries, now you can simply use $5 of Toblerone lol https://archive.ph/TZ9oq
nssnsjsjsjs
Next they'll hit someone over the head with a shitcoin to try and steal their wrench!
HPsquared
[dead]
gruez
What's the "unintended consequence" here? That bad guys will try to steal valuable stuff? Is that really "unintended" in any meaningful way? Does it make sense to say that people stealing iPhones is an "unintended consequence" of the iPhone?
jsheard
> Does it make sense to say that people stealing iPhones is an "unintended consequence" of the iPhone?
To torture the metaphor a bit, crypto is more like an iPhone competitor which markets itself around the supposed benefits of not having anti-theft features like factory reset protection. If you go out of your way to refuse already existing safeguards against your stuff being stolen then you don't really get to be surprised when thieves single you out as an easy mark.
roenxi
The metaphor implies that iPhones aren't routinely stolen. But they are, iPhone theft is actually pretty common.
Although the crypto might be relevant being attacked is something that any asset owner has to worry about (even for assets like houses, oddly enough - I suspect big mansions would be something of a thief draw). The attacks are unintended consequences of wealth as opposed to any specific property of crypto - having an equal amount of cash on hand isn't safe either.
null
piker
[flagged]
margorczynski
I guess the name is in reference to https://xkcd.com/538/
martinky24
They quite literally say this explicitly in the first few paragraphs. No need to guess.
This write up is very interesting to me for one main reason. It underscores how incredibly important it is for anyone dealing in this stuff to do the following…
Keep. Your. Mouth. Shut.
Pseudo-anonymity, with the emphasis on the pseudo part, is only as good as you. If you truly believe in Bitcoin and all that implies, it really is in your best interest to be quiet and keep it to yourself, and this knife cuts in more ways than you might expect. You don’t have layers of security like at a traditional bank. You are the weakest link wrt private keys and storage.
Also, even talking about it amongst folks you think are your friends, like fellow Bitcoin users, isn’t wise either. Hypothetically, if you became exceedingly wealthy on paper, it would be in the interest of others to take you out of the equation so you can’t cash out. If that means a five dollar (or whatever they cost these days) wrench to the head so you stop moving… now that value is locked up in the blockchain! Could this happen to any given bitcoin users with just a few satoshi or whatnot? Very unlikely, but don’t forget that a decade and a half ago, a handful of bitcoins could cost you very little money. Now it has gone up exponentially in value and would make you a big fat target.
There are those on /r/bitcoin that think a wrench won’t ever break their wills and spirits. That math is invincible. Don’t think they’ve ever been on the wrong side of one before. Math might be bulletproof, but wetware is very fragile.