How to protect yourself from the recent spate of ‘crypto muggings’

Published at: May 13, 2022

There has been a spate of “crypto muggings” in London recently, with thieves threatening crypto holders with violence unless they transfer over their digital currencies held in mobile phone wallets or on crypto exchanges.

As detailed by The Guardian UK, crime reports from the City of London police detail how thousands of dollars worth of crypto has been stolen by thugs in person. One victim said their phone had been pick-pocketed while out drinking and later realized over $12,000 worth of Ether (ETH) had been siphoned from their Crypto.com account. The victims believe the thieves witnessed them type in their account pin.

Another victim was approached by a group offering to sell him cocaine and after moving to another location to buy the drugs, the person was held against a wall while the gang accessed his phone and crypto account using facial verification, transferring over $7,000 worth of Ripple (XRP) to their own wallets.

This is an increasingly common variation on what is termed a “$5 wrench attack.”

As blockchain transactions are irreversible and most methods of cryptocurrency storage place responsibility for the security of the assets with the individual who owns them, Cointelegraph spoke with blockchain security firm BlockSec who shared the following tips on how to protect crypto from a mugging:

“Do not deposit a large amount of crypto in a wallet or exchange application. Only leave a small portion in there. You can have a multisignature wallet and with a policy saying only two signers can move the money in the wallet. By doing so, only a small amount of crypto will be lost during the mugging.”

BlockSec also suggested a way to trick thieves if a crypto user is mugged, saying some smartphones can have different logins which can hide certain applications such as Huawei’s PrivateSpace feature:

“The apps in the PrivateSpace are different from the main ones actually used. So, if the users are mugged they can enter into the PrivateSpace showing that they don’t have any crypto apps installed on their phone, or vice versa, can hide crypto apps in this space.”

Samsung phones have a similar feature called a “secure folder,” which can be used to hide all your crypto applications behind a PIN or password, and the folder itself can also be hidden from the home screen.

On Apple iPhones, apps can be moved to one page on the home screen and hidden all at once, and there are further options such as removing an individual app from showing on the home screen, only to be accessed via search.

Cointelegraph also spoke with a pseudonymous Twitter user and independent security researcher known as CIA Officer, popular for creating and sharing guides and tips on how crypto users can harden the security of their assets.

You've been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology Read carefully, there will be only Spy-level trips

— CIA Officer (@officer_cia) April 25, 2022

CIA Officer shared an article they wrote in April featuring 13 tips on the principles of storing cryptocurrencies, saying:

“I wrote the article because my sense of justice just pushes me forward because maybe the biggest threat to crypto is crypto scams as people just get disappointed and leave forever.”

In the article, CIA Officer gives a reminder that mobile wallets like MetaMask are only interfaces and recommends storing all crypto on a cold wallet such as Ledger or Trezor as opposed to keeping it on an exchange or in a mobile wallet.

Related: Warning: Smartphone text prediction guesses crypto hodler’s seed phrase

A physical storage device will keep all crypto offline and assets can only be moved if someone has access to the wallet along with knowing the PIN and, in some cases, a password. One can even be created using an old smartphone rather than using a dedicated device.

The crypto stored on the cold wallet can be further security hardened, and CIA Officer echoes the advice from BlockSec to set up a multi-signature wallet that uses two or even three separate devices to approve a transaction.

CIA Officer also shared their rules for crypto OpSec, which is shorthand for “operational security,” a process of risk management with the goal of preventing leaks of sensitive information:

“You should build your own stone wall of OpSec, so you’ll know perfectly what to do if something happens.”

In light of the muggings, such OpSec measures include keeping any crypto investments a total secret. Potential thieves in public settings could overhear a discussion or even witness a person’s crypto holdings, as in the above case where the victim was pickpocketed.

“Being suspicious is always a good thing,” CIA Officer writes, “you may try to be hacked through acquaintances, either those pretending to be acquaintances or acquaintances themselves.”

Tags
Related Posts
Trezor Responds to Ledger Report on Vulnerabilities in Its Hardware Wallets
Prague-based crypto wallet manufacturer Trezor has responded to а report about hardware vulnerabilities from its competitor Ledger on Tuesday, March 12. Trezor claims that none of the weaknesses revealed by Ledger in a detailed report on March 10, are critical for hardware wallets. As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.” Trezor further cites the results of a recent security survey performed in partnership with major cryptocurrency exchange Binance. According to the survey, only around 6 percent of respondents believe that physical …
Blockchain / March 12, 2019
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
Global Security Firm G4S Announces High-Security ‘Vault Storage’ for Holding Crypto
U.K.-based multinational security services company G4S has developed a new service for protecting cryptocurrency assets, the firm announced in an official press release Thursday, Oct. 18. G4S, formerly Group 4 Securicor, has released an “innovative security solution” for holding crypto assets in a form of high-security offline storage protecting customers from hacks. G4S also runs both prisons and detention centers, as well as stores cash for “large companies,” the Financial Times notes. According to the senior risk analyst at G4S Consulting Dominic Maciver, the new crypto assets security solution is based on a foundation of “vault storage” that is inaccessible …
Adoption / Oct. 18, 2018
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
DeFiance Capital founder loses $1.6M in hot wallet hack
Founder of major crypto investment firm DeFiance Capital, “Arthur_0x”, has suffered a hack on one of his hot wallets resulting in the loss of more than $1.6 million in nonfungible tokens (NFTs) and crypto. In a tremendous show of support, the crypto community has come to his aid to help retrieve the stolen items as he asked people to blacklist the hacker’s wallet. Several individuals on Twitter have attempted to determine exactly how the hack occurred and where the hacker gained access to his wallets. NFT community member “Cirrus” went as far as buying two of the stolen Azuki NFTs …
Blockchain / March 22, 2022