Cointelegraph spoke with security experts who shared tips on how to keep crypto safe after a slew of robberies in the UK successfully stole thousands worth of crypto from everyday holders.
There has been a spate of “crypto muggings” in London recently, with thieves threatening crypto holders with violence unless they transfer over their digital currencies held in mobile phone wallets or on crypto exchanges.
As detailed by The Guardian UK, crime reports from the City of London police detail how thousands of dollars worth of crypto has been stolen by thugs in person. One victim said their phone had been pick-pocketed while out drinking and they later realized over $12,000 worth of Ethereum (ETH) had been siphoned from their Crypto.com account. The victims believes the thieves witnessed them type in their account pin.
Another victim was approached by a group offering to sell him cocaine and after moving to another location to buy the drugs, the person was held against a wall whilst the gang accessed his phone and crypto account using facial verification, transferring over $7,000 worth of Ripple (XRP) to their own wallets.
This is an increasingly common variation on what is termed a “$5 wrench attack“.
As blockchain transactions are irreversible and most methods of cryptocurrency storage place responsibility for security of the assets with the individual who owns them, Cointelegraph spoke with blockchain security firm BlockSec who shared the following tips on how to protect crypto from a mugging:
BlockSec also suggested a way to trick thieves if a crypto user is mugged, saying some smart phones can have different logins which can hide certain applications such as Huawei’s “PrivateSpace” feature:
Samsung phones have a similar feature called a “secure folder” which can be used to hide all your crypto applications behind a PIN or password and the folder itself can also be hidden from the home screen.
On Apple iPhones apps can be moved to one page on the home screen and hidden all at once, and there are further options such as removing an individual app from showing on the home screen only to be accessed via search.
Cointelegraph also spoke with a pseudonymous Twitter user and independent security researcher known as “CIA Officer” popular for creating and sharing guides and tips on how crypto users can harden security of their assets.
You’ve been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology
Read carefully, there will be only Spy-level trips
In the article, CIA Officer gives a reminder that mobile wallets like MetaMask are only interfaces and recommends storing all crypto on a cold wallet such as Ledger or Trezor as opposed to keeping it on an exchange or in a mobile wallet.
A physical storage device will keep all crypto offline and assets can only be moved if someone has access to the wallet along with knowing the PIN and in some cases a password. One can even be created using an old smartphone rather than using a dedicated device.
The crypto stored on the cold wallet can be further security hardened and CIA Officer echoes the advice from BlockSec to set up a multi-signature wallet th uses two or even three separate devices to approve a transaction.
CIA Officer also shared their rules for crypto OpSec, which is shorthand for “operational security” a process of risk management with the goal of preventing leaks of sensitive information.
In light of the muggings, such OpSec measures include keeping any crypto investments a total secret. Potential thieves in public settings could overhear a discussion or even witness a person’s crypto holdings, as in the above case where the victim was pickpocketed.
“Being suspicious is always a good thing,” CIA Officer writes, “you may try to be hacked through acquaintances, either those pretending to be acquaintances or acquaintances themselves.”