Info + Best Practices

Bitcoin Security


Known Physical Bitcoin Attacks

  • A list of known attacks against Bitcoin / crypto asset owning entities that occurred in meatspace. NOTE: this list is not comprehensive; many attacks are not publicly reported.

Readers may be interested in this relevant presentation: “The Hodlguard- a primer on physical security in Bitcoin” and slides.

nongiach/awesome-cryptocurrency-security Curated list about cryptocurrency security (reverse / exploit / fuzz..) - nongiach/awesome-cryptocurrency-security

justfive (pepefull for #FreeStardust) (@crymeaCOIN)

0/ This is a thread with basic steps that you can take to secure yourself on a very basic level. Yes, these are very basic and there are ways that tech gurus go beyond that to secure themselves. It has also been done before so not much new here. Lets begin:

Making Bitcoin Transactions Untraceable with the Wasabi Wallet - B…

In the cryptocurrency ecosystem, a wallet is an essential component, as it is used to receive, send and store cryptocurrencies. It operates in the crypto verse just like the banks do in the traditional financial system. As the crypto sector is continuously growing with more a…

Jameson Lopp (@lopp) Libbitcoin developer @evoskuil on risk and security.

“I Was In Shock”: Woman Finds Her BofA Safe Deposit Box Has Vanished

“I just got robbed from the bank. They just took my stuff.”

Cryptocurrency investor robbed via his cellphone account sues AT&T… A U.S. investor files a $224 million lawsuit against AT&T accusing the telecommunications giant of negligence that allegedly caused the California resident to lose roughly $24 million in cryptocurrency.

Extreme opsec for the modern cypherpunk - Jameson Lopp (lopp)

GHash.IO and double-spending against BetCoin Dice GHash.IO and double-spending against BetCoin Dice

Trusted Third Parties are Security Holes

Op-Ed: How Air Gap Technology Can Secure Our Cryptocurrency Assets The truth is that anything connected to the internet can be hacked – even cryptocurrency wallets. However, hacking wasn’t always a problem.

lawson baker : 88发 babafa (@lwsnbaker) Holy crap. I knew hardware attacks were a very real risk. However, when it’s on every significant sever motherboard around (e.g. AWS, Apple, and NSA), you realize how screwed we are. Must read

nopara73 (@nopara73)

1/ My software recommendations to optimize your privacy. I just took control over the Wasabi website and originally I wanted to create a section there, but I am lazy, so this’ll only be a tweetstorm.

Spencer Noon 🕛 (@spencernoon)

Online Security Pro Tips Mandatory —Delete phone number for 2FA —Google Authenticator or similar for 2FA Basic —Use a password manager —VPN for public WiFi Expert —Secret burner phone for mandatory text 2FA —Secure 2FA device (e.g. Yubikey) God Mode …

Getting Started with Kali Linux

Dan Hedl (@danheld) Really excited to learn more about best in class private key management practices at the “Simple Cold Storage & Self-Custody” workshop with the pros: @anguschampion @ChristopherA @kanzure #SmartCustody

  • Nathaniel Whittemore (@nlw)

    What will it take to convince people that privacy is something that they have a right to?

    • Soona - @soonaorlater

      A popular metaphor: you dont close your house door bc youre doing something illegal you need to hide

      Im a fan of the closed-door-in-your-home example. Its familiar. Its easy to understand. We practically live online so positioning the internet as a kinda 2nd abode isnt a stretch

wiz (@wiz)

Unpopular Opinion: @signalapp sucks for both security and privacy because it uses phone numbers for identification and authentication. IMO the best chat app is @KeybaseIO which uses a cryptographic based identity system. They just need to add Bitcoin and remove the Shitc…

Whitney Merrill (@wbm312)

I want to do a privacy & security training made up of tweets from the security & privacy community commenting on bad privacy & data security practices they see in real life. Anyone have good examples of old tweets? (e.g. this person was doing sensitive company stuff on a p…

Tell HN: I came up with an interesting way to do decentralized account recovery

Thought I’d share this with the HN community.Link to the Escrovery paper:…I came up with an interesting way to do totally decentralized account recovery. Why might this be useful? Suppose you have some account on …

Sarah Jamie Lewis (@SarahJamieLewis)

There is something to be said about the idea that technology has evolved in such a way that corporate & government surveillance is easy, but personal quantification is difficult.

Joachim Breitner (@nomeata) Together with @nadiaheninger, just presented our work on biased nonces revealing secret keys in #bitcoin, #ethereum and #ripple at Financial Crypto #fc19. (photo by @zooko)

Schneier on Security

Christopher Allen - @ChristopherA

find these points a root concern of mine for many blockchain & identity projects as well. Bitcoin-core somehow avoids it, but I’m not sure how to bring some of that particular security culture elsewhere. It certainly can’t happen in #MVP & #Agile startup cultures. Alternatives?

Christopher Allen (@ChristopherA)

”arguments that quality bugs & security bugs ‘have equal value’, that security testing & QA are ‘the same thing’, that security testing should ‘just be performed by QA’ & that ‘there’s no specific skillset’ required to do security testing versus…

Choose-Your-Own-Security-Disclosure-Adventure In this Choose Your Own Adventure Game, you navigate the process of warning the world about an exploit you have uncovered in a large software project.

Minimum Viable Security The least you can do to frustrate would-be hackers.

Certified Hardware - qubes-os Certified Hardware Important Information There is currently no specific hardware (e.g., specific laptop model) that the Qubes team recommends for individual users. However, we’re working hard to make a “reasonably secure laptop” a reality, and we look forward to sharing…

TOR - Onion Routing

Brave now protects your browsing activity with Tor-powered tabs Onion routing is the way to go. It’s all about the layers of encryption.

grubles (@notgrubles) A Tor Hidden Service Mastodon instance, you say?

The Tor Project (@torproject) if you have basic command-line experience, you can become one of the thousands of relay operators powering the Tor network and protecting millions from tracking, surveillance, and censorship. Our guide can show you how:

Onion Services Anonymously host any server with Whonix and Tor onion services

The New Guide to Running a Tor Relay - Tor Blog Have you considered running a relay, but didn’t know where to start? You can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience.

Who Pays For Tor? (Hint: You Do) Thanks to the Silk Road’s notoriety, Tor has quite the sinister reputation. The online black market is famous for facilitating the sale of anything from illegal drugs to murderers for hire. But there’s much more to

Neil Brown (@neil_neilzone) I hadn’t seen @BriarApp until today - decentralised, p2p, e2e messaging via Tor.

The Tor Project (@torproject) If Tor disappeared, what would happen? Not only would millions lose access, but the diverse ecosystem of privacy, security, and anti-censorship applications that rely on the Tor network would cease to function. An entire ecosystem relies on Tor.

Kyle Samani (@KyleSamani) Who are all of the teams working on economically incentived distributed VPN/Tor? Orchid, Mysterium, who else?

Aaron van Wirdum (@AaronvanW)

“the fight against online drug sales is starting to resemble the war on drugs in the physical world: There are raids. Sites are taken down; a few people are arrested. And after a while the trade and markets pop up somewhere else.” Gee. (HT @chainalysis)

bible/buyer/about/before - DarkNetMarketsNoobs

Hackers breach FSB contractor, expose Tor deanonymization project

Bitcoin Primitives: S1:E8 TOR Project

The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. This is still a simple explanation for how Tor works today. https://support.tor

Aleks Krotoski talks to Andrew Lewman on Tor and anonymity online

Aleks Krotoski talks to Andrew Lewman on Tor and anonymity online

Tor and Anonymity: An Academic Introduction to the Dark Web – CF028 Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective! Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show bas…

The Privacy, Security, & OSINT Show Listen to The Privacy, Security, & OSINT Show episodes free, on demand. Your weekly dose of privacy, digital security, and open source intelligence (OSINT) news and opinion. The easiest way to listen to podcasts on your iPhone, iPad, Android, PC, smart speaker – and even in…

Bitcoin Threat Model