Maintaining good operational security is essential for all users of the web, but is particularly important in the cryptocurrency space. The prying eyes are everywhere on the Internet, from order forces to hackers and blockchain forensic companies to data retailers. Examining the opsec errors that have caused numerous notorious robbed or surrogate bitcoins to make valuable lessons, we should all keep in mind.
Read also: The Colorado Regulator issued orders against 18 Ico, with others on the way
Opsec is a scale not a switch
There is no optimal opsec or perfect privacy. Just because the Internet is strongly backdoor and broken does not mean that you should grant defeat. It is possible to improve online security without adding complexity. The most memorable opsec lessons derive from the study of those who have lowered their guard or have been unkempt and have been duly punished. You do not have to be a darknet market leader or a bitcoin whale to take advantage of keeping your crypts, data and browsing habits locked up. The following figures all paid the price for opsec errors that could have been easily avoided.
Keep records
<img class = "alignright wp-image-188857″ title=”5 Opsec errors that caused the cryptocurrency of users to lose everything” src=”https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter-300×300.jpg” alt=”5 Opsec errors that caused the loss of cryptocurrency users "width =" 250 "height =" 250 "srcset =" https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht- twitter- 300×300.jpg 300w, https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter-150×150.jpg 150w, https://news.bitcoin.com/wp- content / uploads / 2018/07 / Ross-Ulbricht-twitter-768×768.jpg 768w, https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter-1024×1024.jpg 1024w, https: //news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter-696×696.jpg 696w, https://news.bitcoin.com/wp-content/uploads/2018/07 / Ross -Ulbricht-twitter-1392×1392.jpg 1392w, https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter-1068×1068.jpg 1068w, https: //news.bitcoin .com /wp-content/uploads/2018/07/Ross-Ulbricht-twitter-420×420.jpg 420w, https://news.bitcoin.com/wp-content/uploads/2018/07/Ross-Ulbricht-twitter. jpg 1600w "sizes =" (maximum width: 250px) 100vw, 250p x”/>The Silk Road operator Dread Pirate Roberts (DPR), later identified as Ross Ulbricht, made a series of mistakes that eventually led to his dox and arrest. Ulbricht remains a visionary and a hero for many bitcoiners, but even his biggest supporters will recognize that he is the architect of his own downfall. The take-out key of the DPR takedown is this: do not store unencrypted documents that would be harmful if they fell into the wrong hands.
In addition to scans the employee passport and chat logs of Silk Road, DPR kept a diary in which he confessed to ordering murders and all sorts of other nefarious actions. When the feds seized Ulbricht's laptop while connected to Silk Road, they understood everything. Do not store compromising information on your phone or laptop, especially private keys or 2FA backup codes. If your device is stolen, seized or injected with malware, you're screwed.
Writing analysis
The former darknet market vendor Gal "Oxymonster" Vallerius is serving a 20-year prison term in America for drug offenses. While the way he was detained – at a Texas airport after participating in a beard competition – captured the headlines, the way he was exposed was where the attention should be. One of the main says that he connected the Oxymonster the pseudonym of Gal Vallerius was writing analysis. Language, punctuation, cadence and other stylistic references such as capitalization are highly individualistic. Even something as simple as typing a phrase from a brand to send seller feedback on the deep web – "Banging!" – it may be enough for a dox.
If your pseudonym character is doing something that could be detrimental to your real-life identity, be very careful about what you write and how you write it. Even law-abiding citizens like Tether's "Bitfinexed" critic have allegedly been asleep through a written analysis.
Recycling pseudonyms
<img class = "alignright size-medium wp-image-52136″ title=”5 Opsec errors that caused the cryptocurrency of users to lose everything” src=”https://news.bitcoin.com/wp-content/uploads/2017/07/Alphabaylogo-300×74.png” alt=”5 Opsec errors that caused the loss of cryptocurrency users "width =" 300 "height =" 74 "srcset =" https://news.bitcoin.com/wp-content/uploads/2017/07/Alphabaylogo-300×74. png 300w, https://news.bitcoin.com/wp-content/uploads/2017/07/Alphabaylogo-324×80.png 324w, https://news.bitcoin.com/wp-content/uploads/2017/07/ Alphabaylogo. png 326w "sizes =" (maximum width: 300px) 100vw, 300px”/>Not everyone on this list is an important criminal, but the deep network bosses are ready for analysis. Not only is their fall from grace monumental, but the court records provide precise details on how they were captured. The head of Alphabay Alexandre Cazes has made many mistakes, the crux of which can be distilled in two words: do not recycle. Usernames, e-mail addresses, and more specifically, recycled passwords are an opsec incident waiting to happen.
Cazes used his old Hotmail address as the source address for Alphabay's welcome emails and adopted a pseudonym on the site he had previously used elsewhere on the web. Like Ross Ulbricht, Cazes did not encrypt his laptop, allowing order forces to access all of his documents and seize millions of dollars in cryptocurrency. And all because he was too lazy to invent a new pseudonym or create a new email address. The fact that the Canadian citizen committed suicide in a Thai prison cell after his arrest makes the case even more tragic.
Jacking SIM
<img class = "alignright size-medium wp-image-194796″ title=”5 Opsec errors that caused the cryptocurrency of users to lose everything” src=”https://news.bitcoin.com/wp-content/uploads/2018/07/shutterstock_614528996-300×200.jpg” alt=”5 Opsec errors that caused the loss of cryptocurrency users "width =" 300 "height =" 200 "srcset =" https://news.bitcoin.com/wp-content/uploads/2018/07/shutterstock_614528996-300×200. jpg 300w, https://news.bitcoin.com/wp-content/uploads/2018/07/shutterstock_614528996-768×512.jpg 768w, https://news.bitcoin.com/wp-content/uploads/2018/07/ shutterstock_614528996- 696×464.jpg 696w, https://news.bitcoin.com/wp-content/uploads/2018/07/shutterstock_614528996-630×420.jpg 630w, https://news.bitcoin.com/wp-content/uploads/ 2018/07 / shutterstock_614528996.jpg 1000w "sizes =" (maximum width: 300px) 100vw, 300px”/>The founder of Messari Ryan Selkis, aka "Twobitidiot", is a law-abiding citizen who holds the dubious result of having been exchanged with the SIM twice. Also known as a SIM jack, the scam involves an attacker who carries the victim's phone number on a new phone through social engineering. Only the second lift of Selkis occurred this monthdespite the fact that the tech-savvy entrepreneur has taken robust measures to counter a repeated attack.
"I a) marked my account as high risk, b) added a pin and c) changes to the requested account take place only in the archive with a photo ID", he explained, but all unnecessarily . Fortunately, on this occasion the attackers were not able to access his cryptocurrency. His advice to others includes the removal of SMS verification by email and the use of 2FA only through an & # 39; app as Google Authenticator. Selkis encouraged his readers to follow the guides that others have written about how to prevent the chance of SIM jacks. Unfortunately, even with numerous precautions in place, the mobile network staff remains an Achilles' heel.
oversharing
Opsec is generally thought in technical terms: using complex passwords, VPN connection and other good practices. But one of the greatest ways that cryptocurrency users target themselves is the one that runs the mouth and reveals the dimensions of their digital wealth. Most people are not as careless as Pavel Nyashin, a Russian Youtuber who was robbed of $ 425K of encrypted by masked assailants after boasting of his wealth in a series of videos.
Balancing your desire to talk to the bitcoin world without revealing the size of your bitcoin holdings can be complicated. However, as shown by one case to the other, even gossiping your friends about the size of your stack or how it's protected can make you a target. Keep your business for yourself: do not show your wallet or your hardware portfolio, no matter how flashy the device looks.
If you have a lot to hide or not, opsec is not optional: it's essential. Be diligent, be vigilant and be safe.
What other well-known figures of cryptocurrencies have lost everything due to poor opsec? Let us know in the comments section below.
Images courtesy of Shutterstock.
Do you need to calculate your bitcoin holdings? Check our tools section.