There has been a spate of “crypto muggings” in London recently, with thieves threatening crypto holders with violence unless they transfer over their digital currencies held in mobile phone wallets or on crypto exchanges.
As detailed by The Guardian UK, crime reports from the City of London police detail how thousands of dollars worth of crypto has been stolen by thugs in person. One victim said their phone had been pick-pocketed while out drinking and later realized over $12,000 worth of Ether (ETH) had been siphoned from their Crypto.com account. The victims believe the thieves witnessed them type in their account pin.
Another victim was approached by a group offering to sell him cocaine and after moving to another location to buy the drugs, the person was held against a wall while the gang accessed his phone and crypto account using facial verification, transferring over $7,000 worth of Ripple (XRP) to their own wallets.
This is an increasingly common variation on what is termed a “$5 wrench attack.”
As blockchain transactions are irreversible and most methods of cryptocurrency storage place responsibility for the security of the assets with the individual who owns them, Cointelegraph spoke with blockchain security firm BlockSec who shared the following tips on how to protect crypto from a mugging:
“Do not deposit a large amount of crypto in a wallet or exchange application. Only leave a small portion in there. You can have a multisignature wallet and with a policy saying only two signers can move the money in the wallet. By doing so, only a small amount of crypto will be lost during the mugging.”
BlockSec also suggested a way to trick thieves if a crypto user is mugged, saying some smartphones can have different logins which can hide certain applications such as Huawei’s PrivateSpace feature:
“The apps in the PrivateSpace are different from the main ones actually used. So, if the users are mugged they can enter into the PrivateSpace showing that they don’t have any crypto apps installed on their phone, or vice versa, can hide crypto apps in this space.”
Samsung phones have a similar feature called a “secure folder,” which can be used to hide all your crypto applications behind a PIN or password, and the folder itself can also be hidden from the home screen.
On Apple iPhones, apps can be moved to one page on the home screen and hidden all at once, and there are further options such as removing an individual app from showing on the home screen, only to be accessed via search.
Cointelegraph also spoke with a pseudonymous Twitter user and independent security researcher known as CIA Officer, popular for creating and sharing guides and tips on how crypto users can harden the security of their assets.
You’ve been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology
Read carefully, there will be only Spy-level trips
— CIA Officer (@officer_cia) April 25, 2022
“I wrote the article because my sense of justice just pushes me forward because maybe the biggest threat to crypto is crypto scams as people just get disappointed and leave forever.”
In the article, CIA Officer gives a reminder that mobile wallets like MetaMask are only interfaces and recommends storing all crypto on a cold wallet such as Ledger or Trezor as opposed to keeping it on an exchange or in a mobile wallet.
A physical storage device will keep all crypto offline and assets can only be moved if someone has access to the wallet along with knowing the PIN and, in some cases, a password. One can even be created using an old smartphone rather than using a dedicated device.
The crypto stored on the cold wallet can be further security hardened, and CIA Officer echoes the advice from BlockSec to set up a multi-signature wallet that uses two or even three separate devices to approve a transaction.
CIA Officer also shared their rules for crypto OpSec, which is shorthand for “operational security,” a process of risk management with the goal of preventing leaks of sensitive information:
“You should build your own stone wall of OpSec, so you’ll know perfectly what to do if something happens.”
In light of the muggings, such OpSec measures include keeping any crypto investments a total secret. Potential thieves in public settings could overhear a discussion or even witness a person’s crypto holdings, as in the above case where the victim was pickpocketed.
“Being suspicious is always a good thing,” CIA Officer writes, “you may try to be hacked through acquaintances, either those pretending to be acquaintances or acquaintances themselves.”