Harris delivers a sobering reality check by shifting the focus from blockchain security to the physical vulnerability of the holder. It’s a necessary reminder that as Bitcoin’s value hits the moon, the owner’s safety becomes the ultimate single point of failure.
安装我们的扩展,即时搜索任意视频内容
The $1M Bitcoin Flaw Nobody's Talking About本站收录:
🔴 LIVE: As Bitcoin continues to climb and approaches $1 million per coin, the security and privacy risks that most holders are ignoring today become existential, and Alec Harris, CEO of HavenX, is one of the few people in the space talking honestly about what that exposure actually looks like. The threats aren't just from hackers, they're from surveillance systems, physical targeting, and a world that can now pinpoint exactly who holds serious wealth in Bitcoin. The stack you've built deserves a level of protection most people haven't even started thinking about. It’s time to prepare now, before it’s too late. 👉 Follow Bitcoin News for daily Bitcoin updates, security insights, and the conversations that keep your wealth safe as the stakes get higher.
Are you heat?
Hey, Heat.
Heat.
Oh, heat, heat.
Heat.
Heat.
Heat. Heat.
Heat.
Heat.
All right. All right. All right. Welcome back to the show, everybody. I'm your host, Rob Wallace. We are live on the Bitcoin News Channel, and we got something that needs to be talked about today, and that is privacy. If you're a Bitcoiner, you're online, you're talking about Bitcoin, you might have a target painted on your back, and there are some steps that you could be taking to make sure that you get home safely. Today, I am joined by Alec Harris, the CEO of Haven X. He's got all the tips that you need to be number one safe and sound when it comes to your Bitcoin, online privacy, and everything in between. All right, let's dive right into it. If you've been in Bitcoin long enough, you know the phrase $5 wrench attack. For years, we've all mostly joked about it as a meme. It's a punchline that plebs would use to remind Bitcoiners that self- custody comes with responsibility.
But now, it's becoming something much darker. This week alone, federal prosecutors revealed that three men posing as delivery drivers allegedly kidnapped and robbed a California crypto holder at gunpoint, forcing him to open his accounts before stealing $6.5 million in digital assets. Meanwhile, in France, authorities have now charged 88 people, including minor, tied to a massive wave of violent cryptoreated kidnappings, extortion plots, and home invasions. France has become the global epicenter of wrench attacks with criminals specifically targeting known Bitcoin holders, founders, influencers, and public-f facing figures. And that's the uncomfortable reality Bitcoiners are now increasingly being forced to confront. What happens when a bearer asset collides with the world of mass surveillance, data leaks, social media exposure, and organized crime? Because now there's way more to it than just keeping your seed phrase safe. You have to protect your digital footprint, your home address, your phone number, routines, and your public persona. How easy is it today for a bad guy to go from, I think this guy owns Bitcoin, to showing up at your front door? How exposed are people really after years of KYC exchanges, data broker leaks, chain analysis, hacked databases, and location tracking? And perhaps most importantly for many people watching this show, is it still possible to be publicly pro Bitcoin without painting a target on your back? Today we're diving deep into all this with Alex, CEO of Haven X, a company focused on privacy, digital exposure reduction, and physical security for Bitcoiners and high-profile individuals. We're going to talk about how these attacks actually happen, what mistakes people commonly make, and why most people dramatically underestimate their exposure. In addition, we cover what practical steps you can take right now to protect yourself and your family without disappearing off the grid entirely because the reality is Bitcoin is going mainstream. And as adoption grows, so does the incentive for bad actors to target the people who hold it.
All right, I'm bringing Alec up on this stage. Sir, how are you doing today?
>> Uh, awesome. Thanks for that great intro and and you laid out like the attack surface and the problem super well like that that is the issue, right? It's all that information together with mal intent and and you have the the physical problems we're seeing today.
>> Yes, absolutely. So for people who have never heard of HavenX, how would you briefly describe it?
>> Yeah, so uh we are a privacy company. uh we are not inherently a Bitcoin company but somewhere north of 50 sometimes 70% of our clients are in the space. Um and as we were talking about before we started that tends to be because there's a huge overlap between Bitcoiners and and privacy nerds and sometimes they're one and the same. Um, and so what we found early on is that, you know, in pursuit of furthering privacy and and how do we pay for things more privacy and and more privately and with more autonomy, uh, we got involved in the Bitcoin community and we're like, hey, these people are just like us. Um, and so that led to us, you know, doing services that range from like what we call signature reduction, which is how do you take that digital signature you were talking about, and it's hard to make it completely go away, right? And let's be honest, if you've been on the internet, you're going to be tracked in some way or another. But you can make it difficult or or irrelevant because it's old or or very hard to do what's called link analysis where you map various data points together into something relevant.
Uh and so we provide services that counter all of the attacks that would allow you to target someone. Um and the the good news is that there's a lot that can be done. Maybe the slightly less good news is it usually requires you to be involved as well. like it can't just be done on your behalf. Uh but but it can be done.
>> Yeah. And one thing I've heard you say is that privacy is something that you need to work on on almost a daily basis, right? There's no one button you can press and then you're a private individual. It's it's habits, it's tips, it's things that you can do on a daily, weekly, monthly basis to make sure that you are secure.
>> 100% true. And you know, if you and I can come up with the privacy button, right, we'll we'll be retired the same month. Um but the the reality is like many other good habits like they are accreative over time and they're super manageable as you get used to minor adjustments. Uh so nothing that we'll talk about today is out of reach to anyone. Nothing requires like an a ton of technical experience or even like a lot of things can be implemented close to free yourself if you use good free open source tools of which there are many. Uh, so this is not just for the ultra high net worth, the OG Bitcoin holders. Like this is available to everyone. Obviously, there's some stuff that you can do that's kind of in the more exquisite or exotic range, but it it's accessible to everyone.
>> And we're going to dive into some news stories today to get your opinion on what is going on around the world when it comes to privacy and targeted attacks against Bitcoiners. Uh, but first, I want you to answer the question, how vulnerable is the average Bitcoiner?
like how paranoid should the average Bitcoiner be?
>> Wrong person to ask. So, um listen, like if it didn't look weird, I would be wearing my Tinfall hat on this uh live stream. But the reality is like it's a bit of a numbers game and there's a lot of us now. And so, you know, there's a lot of people that are just sort of passively interested in Bitcoin or or hold it, you know, for the exposure and aren't necessarily like the foaming at the mouth true believers. And that's fine. like we will take all comers. Uh the the more publicly associated you are with Bitcoin, the higher your risk and that that's probably seems obvious. The second data point is the length of time with which you've been associated with Bitcoin obviously raises your risk because implicitly maybe you have more Bitcoin or you bought early at a lower price. And then the third one is have you ever uh indicated that you are a self-custody person? And if you fall into all three of those categories, and by the way, those are noble categories to fall into. But if you do, then you're kind of at the highest level of target, um, that you should be in all three of those categories. Those are three good categories to be in. Um, and there's lots of things that you can do to hedge against the risk that comes with those, but that's really the most like high level how it's stratified. The fourth thing is just targets of opportunity, right? like you've got a Bitcoin sticker on your laptop, someone sees you in a, you know, Starbucks and they follow you home, right? And like there's OBSAC that can be performed to mitigate that too.
Uh but as far as like the targeting goes, like those three categories are the ones that we see the most often leading to the attacks.
>> Yeah. Uh self-custody, it being a bare asset just adds this whole entire different layer, you know, cuz people are so used to having their whole entire financial life just stored up in a bank somewhere, you know, behind a behind an app. But no, Bitcoin gives you so much responsibility that many people aren't necessarily ready for, but uh I think everybody should strive towards, right?
That's that's the goal. Agreed. And like self-custody is it's a term we use in Bitcoin, but it's an old concept, right?
Gold, diamonds, guns, stock certificates, right? Like self- custody has existed and in fact most of the financial history of the world has been in self-custody, right? this whole like, you know, banking and fractional ownership and like all all of that's a fairly new instrument. Uh so, you know, we're not new, right? The problem is it's self-custody plus transferability plus fungeability make for that that theft to be actually fairly easy to m to actually retain, right? If you steal a diamond, you got to figure out a way to fence it, right? If you steal a watch, right, it could be a rare watch and it's hard to monetize, but you steal a bitcoin, right, and it's basically yours.
>> Yeah. that finality of settlement.
That's why they like to go after a lot of these attackers. So, let's talk about some of the cases that we are seeing around the world right now. Uh, this big one out of California really caught my eye. Uh, cross-country scheme to steal cryptocurrency involved fake food orders and violent breakins. Prosecutors say it might sound like a tale from the gold rush. Three men leave Tennessee hoping to strike it rich in California. But the twists of their saga as laid out this week in a federal indictment are closer to a horror story. With pistol whipping, lives threatened, and people tied up in their own homes. And investigators say the men weren't looking for gold. They sought something you can't hold or even see. The trio, according to prosecutors, wanted to make quick millions by stealing cryptocurrency. According to an indictment unsealed last month, federal prosecutors say the defendants, uh, Elijah, Nino, and Jaden, all from the Nashville area, swept across several California cities in a little more than a month. They're accused of using several ruses to force their way into people's homes, assaulting unsuspecting residents, and holding them hostage for their own money and demanding access to their crypto accounts. All right, so I know that you are wellversed in this story. Um I can read some more but first I want to get uh your take on this in terms of this is home invasion right these are people are targeting uh people and breaking into their homes. Uh what are you seeing in that regard?
>> Yeah this this is a really good case to highlight because this starts at the digital targeting and it ends at the physical targeting which is frequently what we see like it's not just a physical attack. It's not just a cyber attack. not just a digital, you know, open- source investigation. Uh, and so this really shows you that whole killchain. Um, and so to get into a little bit more of like what's available publicly about this is there was some element of triaging good targets, right?
So these and these are kids, right?
These are not like super sophisticated adversaries and it's not DPRK, right?
It's not organized crime. And so, uh, they went around and through some process of elimination found people that were potentially good targets because they were associated with Bitcoin. And we don't we definitely have to we could only guess as to what led them to neck that down, but they necked it down. And then they combined that with people who had made some OPSAC mistakes. And so what it appeared to be is that these people were reusing passwords for some of these accounts, Uber Eats, Door Dash, UPS, etc. And so they combined the likelihood of being Bitcoiners with the opsec mistake that allowed them to get into their accounts. And then they were watching their what's called pattern of life, which is they always order pizza on a Friday, you know, Amazon truck comes on a Wednesday, right? Like whatever it is. And they injected themselves into that pattern of life with the credibility of that facade of like being Door Dash or whomever. And they used that to escalate into the physical privilege of access and the credibility of wearing the, you know, the right hat and coming with the box of pizza. And they were actually, from what I understand, they saw the order and basically inserted themselves between the order happening and the actual delivery of the correct order. So that the victim was expecting Door Dash to show up, right? So when they saw them at the door, they're like, "Oh yeah, that's that's my pizza." And once they did that, like they're, you know, forcing them away, forcing themselves into the house and the rest is, you know, the we'll cut your fingers off unless you open up your ledger.
>> Um, and so the key takeaway to me on this is if if you don't want to be that story, then protect yourself at that digital parimeter. And the physical side's very unlikely to happen if the digital side wasn't there, right? if they hadn't been reusing passwords, if they hadn't been uh somehow like maybe publicly associated with self-custody, then they're much like less likely to be on that list.
>> Yeah, wild story. And it's like who can you trust, right? Uh you've got you've sort of definitely need to put your tinfoil hat on and be aware that there are guys out there who who are targeting Bitcoiners uh in particular. Uh, so if you want to just get a little bit more of the write up of this story, the case of the three men from Tennessee appears to have begun 5 days before Thanksgiving last year with a couple of pizza orders to a house in San Francisco. But these orders weren't done as a prank.
Prosecutors say they allegedly were an effort to see whether their mark was home. The date and details in the federal charges match a case in Mission Dolores, San Francisco's oldest neighborhood and one of its most expensive that was previously being investigated by local police. The initials of the victim in the federal indictment match the name of a resident in the home, a prominent tech financer, uh, who previously worked for the venture capital firm Y Combinator. Uh, the CEO of Wine Combinator, Gary Tan said on social media he was a friend of the victim and posted surveillance video showing the hooded suspect approaching the door and asking for the victim claiming to have a UPS package for him.
The video shows a suspect following the person who answered the door inside after asking to borrow a pen. So, don't let them in, right? Um, never don't don't let them inside the house, no matter what their request is, whether it's use a bathroom or borrow a pen, and uh don't let them get you into the van, I think, is another great uh lesson to learn there, too. Right. Um, in terms of just uh sus suspicion of people that you meet, how do you balance that when it comes to making sure that you're a private individual?
>> Yeah, it's unfortunate, right? because we would all I would rather live in a world where you know someone coming to the door who needs to use the bathroom is exactly that and that I would want to be neighborly to them. Unfortunately, my lived experience in this world and especially in the security sector is that you can't do that anymore and you especially can't do that if you're a Bitcoiner uh because of this stuff. And these are edge cases, right? But no one wants to be the edge case and imagine the impact on you and your family and you know the psychological fallout of having you know lost trust in the sanctity of your home. these things are very very difficult to reclaim. Um and so I would say you know put on that defensive mindset whenever possible and even if it requires you you know overindexing on security I'd say you know oldest saying in the book but better safe than sorry in these >> and so the people who come to Haven X are they usually those who have experienced a crime like this or are they doing this in preparation? Yeah.
So, we have cases and clients that we're call like left of bang and right of bang. Um, and so more of our customers are in that like security hedging preparatory like I'm not sure what I need to do but let's do something to prevent the attack. And then we've been involved in several cases like post incident. And post incident is brutal um because like there's a very real downstream effect that is well beyond the financial one. So yeah, maybe some crypto was stolen and usually like that's the last thing people are worried about. It's like my kids are afraid to come home now. Like my wife doesn't feel comfortable when I'm away for work. You know, I think we have to move, right?
Like these are really vicious downstream effects of, you know, these attacks and the physical remains of an attack could be there too. People who have lost digits, you know, people who have, you know, been beaten, right? Like these are savage attacks. And the article that you mentioned refers to the fact that there's the people in the room which are kind of the lower level guys and usually there's some coordination element somewhere else and that might be the more sophisticated technical side that's going to start popping that crypto you know washing it cycling it moving it into privacy coins whatever they're going to do to offiscate the link analysis of the theft to whatever the xfill point is for those coins and so you are typically dealing with kind of the brute force guys and the technical guys all at the same time. Um, and this the psychology of like some remote person that you never saw being involved. That's really difficult for people because at least the people that come in the house like you kind of like you feel like, oh, I could I could spot that person if they came back. But you don't know who the kind of hooded hacker is that's back in the basement, you know, doing the rest of it. And, you know, people will report back to us that that really lingers with them like potentially forever.
>> Yeah. Because if you're a victim of one of these crimes, you really have been surveiled for a while now, right? Like they're not going to just do this randomly. They're going to stake you out and make sure that they're they're watching your movement. So, it definitely adds a level of psychological horror that we're we're not used to. Uh living in the modern age, man, it comes with its definitely it some of its drawbacks. Um, but the other stories I want to bring up quickly before we dive into more topics such as privacy and liberty and uh mass surveillance, uh, I want to continue on the physical aspect because the country where it really seems to be just getting out of control is France. Uh, France reports over 40 cryptocurrency kidnappings so far this year. Since late 2024, French authorities have been dealing with a string of kidnappings and extortion attempts targeting the families of wealthy individuals dealing in cryptocurrencies. So yeah, I mean, you've got uh companies such as Ledger.
Uh there's a bunch of big crypto companies over in France, of course, and they've been just targeted, right? I mean, there's there's footage of people being drawn into white vans on the streets of Paris, uh that you can find on X, and it's just it's gotten out of control. uh they just charged 88 people including miners in these crypto wrench attacks cracked down. So it seems as if the French authorities are taking it seriously, but it's gotten so far out of hand. And one of the way that that these criminals have gotten this information is the fact that tax agents were selling personal data to these organized crime outfits and ratting out the people who who own Bitcoin because the French government wants to know if you own it.
So you report it to them and then these tax agents will go and make a buck selling your data to gangsters. Uh do you have any color on this situation here over in France?
>> Yeah, so obviously the France story at large is probably the most prominent in the $5 wrench world and uh as to to frame it right somewhere in the order of 26% of all the physical attacks globally last year occurred in France and France has less than 1% of the global population. So that kind of gives you an idea for how disproportionately bad it was. I think that um to me the key data point here is and we can sort of get into like a a political philosophy from this, but the fact that there was someone inside the government, you know, selling the information, private information about citizens, you know, address information, tax return information that might indicate that they're holders of crypto, right? Like this is why like the government isn't necessarily a trusted authority in our lives. It's not that it's untrusted, right? But we have to have the ability to have private entities, right? To be able to abstract ourselves away from reporting every single thing to the government, right? Like I understand the government needs to collect taxes. Like I'm not anti-government, but there's this like over reporting and overolction of information and it doesn't take much.
It could be a cyber breach. It could be an insider threat like that for that to be highly highly weaponized. Um and so you know where it is legal of course like I would encourage everyone to just figure out what the minimum amount of information is required to comply with the law.
>> Um and so in the US the bad news is that there's tons of data in the open source lots of marketing databases like the collection of information is much easier because we don't have quite as rigorous a privacy laws like GDPR and in the EU.
However, we have way more freedoms to enact our own privacy here. Um, and so if you are inclined to be a DIY privacy person, the US is actually the best jurisdiction in the whole world. If you want the government to take care of your privacy, which is not I'm not saying that's wrong, right? Like GDPR is better than what we have here. Um, but because we can still set up anonymous companies and there's, you know, Wyoming and Delaware and South Dakota and and New Mexico, like there's a lot of options on that and you can live in your home privately without it, you know, blasting into every marketing database and you can use like mail relay points to collect mail such that it doesn't all drive back to your home address. Like there are options we have here that would actually have made this particular attack vector very difficult to be successful, right? And so like even if you have an insider at the government, like you can still protect yourself from those things. And I just would urge people, you're never going to have the time to do all of this. But if you're if you're in a position where you have to share information that you consider private or personal, just check and find out what the minimum amount you have to share is. And a lot of times like the form doesn't need to be completely filled out. or you can use like burner credentials and that still accomplishes the same goals of the registration as you know giving them your personal Gmail and your cell phone number. Um and so I'm not saying like you know tear it all down and start a fire in the building but just push back a little and a lot of times you'll find that there's actually more wiggle room than you would expect.
>> Interesting. Uh so yeah we're going to dive into that next what we can do personally but I just wanted to take one last look at this website put together by Jameson Lop over on GitHub. It has a full list of all the $5 wrench attacks going back to 2014, 12 years of coverage here. Um, and so if you scroll all the way down, uh, you're going to get to 2026.
And when you do that, um, I mean, again, France, France, France, United States, Hong Kong, Hong Kong, France, United States, France, France, France, France, Spain, France. It's crazy. Uh if you're a French Bitcoiner, uh I don't know what to tell you other than maybe maybe move somewhere else. It's this is just out of control really what's going on over there. So power to you. Keep your OPSAC high. And uh if you are looking for privacy services, Alec right here is your man. All right. So let's uh and actually one thing I heard you say is that you've learned a lot about privacy from Jame Lop. Correct.
>> Yeah. So, uh, yeah, that's a great resource. Everyone should take a look at it. And you can just scroll through and click and get a flavor for what these attacks look like. Um, and some of them are opportunistic, some of them are highly coordinated, some are successful, some are not. A fair number of people do get caught. Um, but the the takeaway is that these things do happen all over the world and some of them are like small potatoes, you know, very small amount of theft, highly opportunistic, some of them are huge, right? Um, but you know, go through that list and click until you find one that looks like you, right? And you will find one that looks like you.
There's someone in there that has every single type of profile.
>> Crazy. Okay, so let's get into actionable tips. What are the lowest hanging fruit that we can do today, this week, this month to clean up our online privacy?
>> Yeah. So, um, there's a there's two terms that that I'll share or introduce you to. So one is called a point of aggregation. And so in our investigative or open source world, which is the same technology that a adversary would use in targeting, one of the first things we're looking for is a point of aggregation.
And so that could be your cell phone number, your email address, your physical address, it could even be your name, right? And so a point of aggregation in the open source world will spider out into all sorts of other things in our digital pattern of life.
And an example of this is if you, no offense to anyone that does this, I used to do this, too. You use the same Gmail address to register and sign up for literally every single thing and it's in a bunch of data breaches and it's associated publicly with accounts. And so an investigator loves that because they'll take that and they'll run it through a bunch of different tools and it'll show this link chart of all the things you're associated with online.
And if you're in the OpenC breach and the Ledger breach and the Traorar breach and you know on down the list, you start getting an idea that this person's in crypto. maybe they've been in it for a while because they were in a data breach, you know, eight years ago. Um, and so in order to disagregate that, you can use services I really like one called an addi. You can use hide my email from Apple. Uh, Proton Mail has one built into it, right? Like that allow you to create unique email addresses for every single platform that you engage with. And the downstream effect of that is if I find one of your addresses, it tells me nothing about any of the rest of your accounts. And so you've cut off that point of aggregation. And the same thing can be done with burner phone numbers, right?
Don't use your cell phone number for every single sign up. You know, you you run through your your kind of digital life and try to disagregate those main points of aggregation and you automatically become a hard target. And that actually might be sufficient to get you removed from the list, this proverbial, you know, adversary targeting list. And what we're seeking for people is something we call abort mission criteria, which is just to say the adversary is looking to steal some Bitcoin. They're going down the list like who's easy to find. Can we find their address? Can we find their phone number? If if they're an easy target, maybe they stay on the list. If Rob's doing all this stuff I just described, they're like it's such a pain to even figure out is that his real address? Is that old? I can't tell if he's, you know, associated with crypto for sure or not. I can't tell how long he's been in the space. And so, but for someone that is really clued in on you, Rob, right?
Which, you know, maybe that happens, but it's super rare. They're just going to move on to the next target. So, that's one thing. The second thing is something called link analysis. And that's where you hop around digitally and even physically into predictive information.
And so, if I can take your phone number and then hop to your email and then show accounts that you have and then point to a physical address. And sometimes you can collect information about how your phone moves throughout the world. You can see phones that you know are what's called co-traers, which is a phone that moves with another phone frequently.
Maybe that's a spouse, a child, right?
And so you start doing link analysis and you paint this picture of digital habits and sometimes that projects into physical habits. And the importance of that is your home might not be the best place to target you. Um, and it might not be a good place because you live in a building. It's a high-rise with a door man. It's just hard to get into and hard to get out of. It might be bad because, you know, you've got a bunch of neighbors in a culde-sac and everyone's got cameras, right? There's a lot of reasons why the home might not be a good spot. But if you're on that target list and the home's not a good place to target, then the adversary is going to look for that pattern of life and they're going to find something else, right? And they're going to see that, I don't know, maybe you check in at the gym online, you know, three times a week and it's always at the same time. And now we're just like, ah, is there a good spot between the gym and the home? You know, sometime between seven and 8 am when he's always there. Uh, and so that link analysis will take the points of aggregation and enrich it into a bigger target set. What we're recommending to people, and this is in the category of things you can do yourself almost for free or or for free using open source and just good OBSAC is anonymize your life as much as possible. Don't reuse passwords, don't reuse usernames, try not to reuse phone numbers. uh and then you just become this spiderweb of information that's hard to track. Uh and I can tell you because we've done this type of analysis on people, you know, over the years because we do like offensive analysis on clients. We've seen it when we come to a client that is already doing that and it is a very difficult report and usually the client doesn't even like the report because there's not much to show them, right?
And then they're like, "Oh, you didn't find much." And you know, ultimately that's good news. Um, but it is achievable. Uh, if if you're willing to do that kind of stuff, >> it's work, right? You got to put in the effort. Uh, this is not going to come necessarily easily because everybody just loves the the Google one-click login for everything, right? It just makes it so much easing up your passwords, uh, having a password uh, store on your computer, of course, so you can easily access them and use them, not have them saved on your browser, right? That's a big one. Um yeah. Um so actually one question came to mind is these attackers themselves like there's there's a profile for a Bitcoiner right uh usually 20s 30s 40s uh like is into tech somewhat has somewhat libertarian leanings. What is the profile of these attackers? The ones that go after Bitcoiners.
>> Yeah, good question. So they actually are they tend to be younger. Um at least the guys again the field guys the guys that are doing the grunt work. Uh it's really hard to say what the you know ring leaders look like. Um but from cases that we've worked on. I'll give you an example of one that was from Europe. So the there was a home invasion. Uh they did a home invasion.
You know offense to this current situation but they did it during a live stream because they knew the guy was home at the time. Um and so they knew where he lived. They knew he was home.
He was associated with a crypto company that he had founded. Uh the home invasion occurred during the live stream. The guys that came in were so this was in Northern Europe. These were guys from North Africa that were sort of low-level criminals and they tied him up and they tied up his girlfriend and horrible, right? But he reported that on the other end of the phone when he was dealing with whoever is on the receive side that sounded like something maybe Eastern European, maybe Russian, right?
actually spoke very good English. And so that side of it was maybe the more sophisticated side, the side that's harder to catch, the side that maybe lives in jurisdictions where there's going to be no extradition. And so the guys that end up being in the articles, like the CNN one you wrote, read, those are the 26-y old schlles that go do the grunt work. Uh someone's probably pulling the strings in the background.
And I'm not actually sure what they look like necessarily.
>> Yeah. Another thing you hear a lot about is the the social engineering, right?
And there was an amazing recording done by Jun Seth last year. He was actually able to get one of these guys who was posing as a Google support or Coinbase support to crack and to tell him his story cuz the kid he wanted to flaunt, right? Uh he was willing to divulge all of his secrets. They met as a crew of like 13-year-olds on Roblox and then started this group together. all moved into a mansion in Los Angeles by the time they were 17, 18 and they were running these social engineering scams, telling people that their Coinbase has been hacked and that they need to reset their password and then boom, they steal all their their Bitcoin. Um, the social engineering side of this uh how do you protect yourself from that?
>> This is a great example. And so, first of all, just set the table, the some of the people perpetrating that are victims themselves, right? not in the case you describe it. A lot of them, you know, are kind of quasi indentured servants or almost like slaves that work in these, you know, farms that, uh, are in, you know, Southwest Asia, uh, and they're run by organized crime. And it's a very sad story, right? And they're forced to, you know, run as many romance scams as they can to hit their quotas. Uh, however, some people are just pure criminals like you described. The, uh, a couple of the challenges. So, even five years ago, you had to actually speak native English to pull this off. Now the AI tooling is such that like you don't it's really like you could just find linguistic errors and be like yeah that's obviously not legitimate. That whole thing has been resolved by AI. So you know voice AI uh text to text. So the original like hey does it make sense? Is there error of of context or or styography that no longer applies. So now you really just have to be hyper vigilant and do what I call outofband verification. So, you should be suspicious of any call you ever get from because Coinbase is not going to call you. Google's not going to call you.
Apple's not going to call you. But let's say you're not sure, right? Just be like, "Hang up. Go to apple.com, find their support, go message support directly. You can validate it very easily. Takes a little bit of extra effort." I think a lot of people listening here would probably even infer to do that. But talk to your parents, talk to your aunts and uncles. like there's more vulnerable parts of the population that might be a more ready target because they fall for these things because they're they're kind of like less uh incredulous of inbound contact. Um and then the last thing is you should be aware of what's out there on you in the open source. So if you have been posting on Strava for five years about how much you love running and everywhere you go running and every vacation you've been running on and you've shared that with the world then a pre-texting for a social engineering attack is going to be fitness it's going to be running right it's going to be travel and so if you know what's out there about yourself and we do this but you can do it on yourself too then you can start being mindful of that type of social engineering approach uh if you're not into cars and you get a you know social engineering approach about cars.
Like that's easy to wave off, right? But if it's kind of in line with your personal proclivities, those are sometimes harder and you might fall for it because you're inclined to click on it or answer anyway, right? Like, oh, I do want that $100 gift certificate. I do want to sign up for that race. Like, whatever it is.
>> Yeah. It's gotten to the point where I barely answer my phone anymore if it's not a number I know, right? Because it's Google, Google, Google. It's not Google.
Google will not call you. Uh, so yeah, it's it's gotten wild. And a lot of Bitcoiners have also gotten or fallen victim to somebody reaching out to them on Telegram who looks like a friend and then says, "Hey, let's do a Zoom chat."
And then you have to install something and that's when they they steal from you. Uh so talk about the the Zoom vector.
>> Yeah. So this is actually a very current one. I'm glad you mentioned it. Uh Telegram also is just like a hot bed of I know everyone, you know, uses it for crypto. I'm I'm so wary of Telegram that I keep my Telegram account on an isolated phone completely separate. Um you need it to communicate with people in the space, right? I get it. But Telegram is not to be trusted. Um the the attack vector is exactly what you mentioned. And so sometimes they've actually taken over the act the account and sometimes it's just a impersonation of an account that looks real enough that you fall for it. Uh, and what they're trying to do is escalate you into some trusted dynamic. And that trusted dynamic could be a pitch call, something to get you onto uh a link onto your calendar, right? Like past your EA, like whatever that looks like. Um, and the payload, which is the malicious part of this, is exactly as you described.
Sometimes they'll say, "Oh, it looks like the, you know, Teams link, the Zoom link isn't working. Can I send you, you know, another version? Can you download this? Can you click here?" Right? Can you put this in your browser? or like any kind of like participation on your end that requires them to send that payload. And a lot of times once you've just clicked yes or download or whatever, that's enough for that payload to execute on your device. And at that point, they're exhiling data, taking control, you know, it could be something you can see on the screen that could be completely surreptitious in the background. Um, but back to that sort of OBSAC mindset is you can verify out of band. Is that Rob that messaged me on Telegram? it takes you two seconds to do so, right? Uh if you can't verify it and they're sending you stuff that you're not sure about, just be like, "Hey, I'm not comfortable with this. Let's find another way." Um and you know, especially in our space, we're so lucky.
People in Bitcoin are going to be totally cool with you doing that because if they're legit, they're going like, "Yeah, that's awesome. Like, I love the OBSC." Uh and if they're not, then it's a win. So, um you know, be be a little paranoid. Like, it's cool.
>> Yeah. It it literally happened to me a week ago. Uh a well-known Bitcoiner. He reached out to me on Telegram. He said, "Hey, let's set up a call for next week.
Uh, cool." I sent him my email. He sent me a invite, which is very unlike him.
And then the time came up and then I was like, "Wait, didn't he say a while ago that his telegram got hacked?" Uh, this guy would never send a Teams link.
That's how I knew that I would never be speaking to him on Teams. And that's how I was able to sniff it out and said, "No, this is this is h happening." I did exactly what you said. I messaged him on another app and he's like, "No, dude.
That's not me." So >> yes, protect yourself and be wary even with friends, you know, if they reach out to you on an app, it could be somebody else behind it.
>> Well, and let me add to that quickly.
So, uh, people have probably heard the term social graph and some applications reveal social graph much more easily than others, right? So, like an open Instagram account reveals your whole social graph. A signal account does not reveal any social graph. Um but social graph is where you can build in to the pre-texting some element of um friendship or relationship dynamic that makes you lower your guard, right? So there's an affinity to the attack because you think it's this person, you know, it looks like their account, it looks like their Gmail, right? It's either a spoof, a typo squatting, they've taken it over, whatever it is.
And so, uh, someone being recognized as someone you know in your social graph is not necessarily, uh, a defense against the attack vector.
All right. Now, let's bring it back to Bitcoin. Uh, there's been a lot of stories, documentaries, uh, investigations into who is Satoshi Nakamoto. New York Times claims it's Adam back. The latest documentary Finding Satoshi says it's Len Sassimon and Hal Finny working together on it. Do you think as technology progresses we'll be able to find out who Satoshi is?
>> Great question. I mean I love the Satoshi mystery. Uh because like as a privacy person and as an OBSAC person, you know, Satoshi obviously did a really good job and could Satoshi have known how much scrutiny would be on them and how much more technical advances there would be in OSEN, you know, back in 08 and09, you know, when they were first getting active? Probably not. Um, there's a really good book on this called The Marvelous, The Mysterious Mr. Nakamoto by a guy named Ben Wallace. And I think he does the best uh, and he's like a a Bitcoin guy himself, right?
He's a journalist, but he doesn't claim to know who Satoshi is. And the investigation is more along the lines of like here are the interesting people in the world of Satoshi lore. Um, and it respects the privacy of the Satoshi story more so than like the John Keru article, which is like such a gotcha.
Like, I figured it out. like it's me and there's sort of like a vanity to that story. Um I like his book a lot and so on the Satoshi mystery could it be discovered potentially and it could be come out in the form of a data breach of information that's not in the public domain now? I think that most of the available if not all the available open- source vectors against the data that we do have have been extinguished at this point. Um, but I think it's also as Bitcoiners, it's important, right? Like the the Satoshi mystery is much bigger than just like who who was Satoshi? Was it a group? Was it a person? Um, and what they started is is well beyond the cult of any personality. And so I think it's a fascinating story from an offsex perspective, but I'm also a little wary of like the unmasking for unmasking purposes because like that's not as a privacy person to me that's >> 100%. I think uh Satoshi wanted to be kept private and we should respect that.
You know, he's given us so much. That's the least that we can give him. Uh but when it comes to Satoshi and finding him, a lot of the tools that they use are related to stylemetry, right? That's the right word. Uh explain what that is and explain how even if you use a nim on social media and you don't reveal yourself, you can still be tied back to your actual identity just by the way that you type.
It's actually so that's great point and there's actually two versions of this.
One is technical and one is more of like this it's a little bit more of an art than a science. Um and so what it is is like we all have inflections in how we write you know use of words grammar uh it's style. And so if you have a big enough compendium of someone's writing you can compare it against maybe the synonymous writing and make an inference on a probability level. Right? So it's not going to say 100% yes or 100% no. I was going to say like 46% chance or 82% chance, right? Um and so to to me it's kind of an indicator. It's not just positive in of itself like there isn't finality to it. Um and you have to have a sufficient enough sample of writing.
And so you know you Rob being in the media world like you've written a lot of things. And so like that's an easier set to work with than someone you know who hasn't really the other side of this it's kind of interesting and it's not the same thing. It's not styometry, but the cadence at which we type is actually a unique signature as well. And so there's a unique kind of like way that you hit the keyboard and the timing of it. And on the technical level, you can actually fingerprint something someone from that too. Um, which I find like doubly creepy, but it involves like really like, you know, kind of having a malicious payload on that device. Um, and the same with the like the gate with which you walk uh is is unique to you.
So there's all these newer emerging forms of you know data collection and targeting that you add to what we know already and it's like you know sometimes I wonder right like it's hard to hide.
It is it's it's it is very very hard to hide in this modern world especially because now we have AI uh how much more difficult has AI made your job >> easier and harder. So as investigators, right, it it's helped us. Um, but the same is true in our industry as is everywhere else. The quality of inputs on the prompt side, the underlying data that's being interrogated, and the quality of the analysts reviewing the information are as valuable as the actual model doing the work. Uh, and so, you know, garbage in, garbage out, for sure. Uh, it does make it a little bit easier to compile information quickly.
Um, but in the open source investigation world, the the underlying data is the really important part. And so if you have a great model but not good data, then it's really not going to be a step order increase in in vulnerability. On the defensive side though, what what we like is that AI will allow people to bridge the gap on their own that they might not have felt comfortable doing so previously.
And so we've all been there where like, you know, there are things where you'd get stumped. You're like, I got to call Rob about this because I don't know how to do this last part and I got to wait and then, you know, I've got to go read something or download something or watch a YouTube or whatever. Now it's like right at your fingertips. And as you know, I know in our business, we sell services, right? But in in my personal worldview, like I want everyone to feel like privacy is accessible to them.
>> And so now we can make suggestions and you can go on your LLM and maybe like finish the job yourself because the tools are there and the instructions are there. So, I I personally see that as a really positive thing.
>> And that brings me to an even wider subject, which is just mass surveillance, right? People are giving their whole entire life stories to these LLMs, telling them every single detail about themselves, things they would never tell to another human being. Uh, so between the LLMs as well as these cameras, these flock cameras are spreading everywhere across the country.
Uh, how do you protect yourself and what do you think is coming next when it's in terms of mass surveillance?
Yeah. So, I think the same way that people know uh casting no espersions on tattoos, right? But some people grow up later and they regret a certain tattoo, right? It's got the ex-girlfriend's name on or something. I think the same is going to be true for like the the stuff people are putting in these, you know, third party models. Right now, I'm a big fan, as would be no surprise, of like open source models that are self-hosted.
That's what we use, right? The open source models are catching up. They're actually really good now. GMA 4 is great. Um, and so you don't have to exfilt training data to any third party if you don't want to. Um, the the other side of this though is like the mass surveillance world. I'm not sure if everyone realizes like what a huge industry it is. And as a data point, so if you just take the US data brokers, just the US data brokers, and you aggregate the revenue of the top 10 US data brokers, it's bigger than the entire budget of all 17 intelligence agencies in the United States. And so you would I would think maybe, oh, the NSA is like that's the boogeyman, right?
The CIA is the boogeyman. They have all the data. Actually, the data set is bigger in these like commercial data aggregators than it is now. like they don't have satellites that are overlooking, you know, terrorist houses, right? But they have huge data and then they get breached. And so an example would be Axiom, one of the top 10 data brokers. They were breached and they lost a billion customer records. A billion. And that's phone numbers and addresses and email addresses and known associates and like spending habits and all sorts of things. And then what they will do is they will say, you know what, this data is anonymized. You don't need to worry about it. And the reality is it's so granular that it becomes a fingerprint. And yeah, maybe it's a hash of your name as opposed to your name, but there's so many different data points that it could easily be mapped back to you. And there was an academic study a couple years ago that basically studied like, can you take geoloccational information and anonymize it? And the data brokers say, "Yeah, we can." And what they found is if you have three or more geoloccational data points for a person, there's like a 96% chance that you can identify them by name. So all this like you know hashing anonymization, it's total BS. Um and the best thing you can do is try to like do that disagregation. Don't give them the crown jewels of information. Um but we do live in a surveillance state and I'll just say this on like flock. I love security and there was this this shooting in Austin that just happened and Austin proper is not a flock city but I guess like an adjacent city is a flock city. the guys were caught in the flock city very very quickly and that was a horrific event and we do want you know active shooters to be interdicted and even as a big privacy advocate like I feel a little conflicted on it too right like I don't want the cameras on my street corner I don't want the mass shooting happening either and I'm not I'm not sure I have the answer on that right like but I think what we're what we've been told by people who have predated us in history is if we're willing to hand over our liberty in exchange for security then we might not have either there, right? Which is like a paraphrasing of Ben Franklin. Um, and so like if I'm going to come down on one side or the other, it's the privacy side, but I get the security side, too.
>> Yeah. Because the big worry about these flock cameras is that I mean, they got your license plate, right? And they know exactly where you're going. They can put together your whole entire life story, and then some random employee or contractor can just log into that system and know everything about you, right?
So, but and I'm sure you run up into this a lot is that people say, "Who cares though?" right? Like I'm an open book. I'm not doing anything wrong. So why should I give a crap about privacy?
What do you say to them?
>> Lot lots of people say that. Uh and so some people are not that interesting yet, right? And so uh there was like when that whole um GameStop thing was going on, there were the big bad hedge funds, right? With the you know billionaire hedge fund managers that were obviously the boogeymen. What was less reported was that the rank and file employees of those hedge funds were getting doxed and harassed as well. And so what I would say to that like financial analyst level two at you know exhedge fund that's like I'm not that interesting. Like you became interesting through no fault of your own. You didn't make any capital allocation decisions.
You had nothing to do with it. You just show up and punch a clock and all of a sudden people are doxing you on Reddit and you know you're getting hate mail and whatever. And so, you know, it's just like we wear a seatelt even though the chances of, you know, getting in a car crash on any given day are very low, but we wear the seatelt because in the event that that something happens, you want to have it on. Um, and I see privacy the same way. Like, yeah, are you going to have a data breach every day? No. But like when it does happen, it's already too late.
>> 100%. Um, and when it comes to privacy and liberty, which you were just referencing a second ago, uh, what is the the tie between the two, and is that does that case resonate with people when you share it?
>> It resonates with people who who already were inclined to it. Um, right. And so, like, I don't know if I've won a lot of debates on that one. Um, but there are people for whom like that is an inherent belief. for me too. And so, um, privacy is is part of the maintenance of liberty. Uh, and I say that because like one of the founders of Haven X, who I've worked for for a very long time, uh, told me that when I first met him, and he's a cryptographer, and he says that all the time. I think he actually put it on one of our the versions of our website. But the the thing is right like uh it's we need to protect our right to privacy because the alternative even if it's benign can be weaponized at some point. And so like you know even if you share all your information with a super benevolent government that just wants to like you know render great services to a population how confident are you that that same government is going to be in charge in 10 years or 40 years or when your kids are having kids or whatever it is? Uh and so we've seen that with data comes the ability to weaponize and the that ability is leveraged usually at some point.
>> Yeah. Um I think as Bitcoiners we are naturally suspicious of authority in general and uh that's one of the reasons why we love this thing Bitcoin so much because we don't have to rely on anybody else and nobody else can tell us when or when we cannot use it. So I think that argument works with us but for the average person again there's a reason why not everybody is a libertarian or a Bitcoiner right so >> however once you learn about Bitcoin you tend to become a libertarian so >> it changes >> one is a path to the other >> yes uh and so then let's talk about Bitcoin and privacy right uh you use Bitcoin and you use Monero a lot of Bitcoiners say don't don't mess with the Monero stuff you can get privacy on Bitcoin if you do it properly if you learn the right steps Uh, where are you in that debate and do you see a use for both?
>> I do see a use for both. You know, I've been a bit of a Monero nerd for a long time. Um, so what I like about Monero is that I do think privacy by default is an important feature. Um, and so yeah, you and me are DIY people and like there are ways to acrue privacy on chain, but they're not really um they're certainly not by default and they have their vulnerabilities and their heruristics around them that you know can be exploited and the chain analysises and TRM labs and all those guys like they pay top dollar to the best data scientists in the world that spend all day every day trying to figure out you know how to circumvent the privacy on any chain. And from what I understand, like no one's really ever fully been able to exploit Monero. Um, and we've never really seen it exploited any like legal proceeding, any case, any discovery, right? Um, and so, you know, I think the integrity of Monero is we can probably assume that it's pretty solid and it's privacy by default. Uh, and so even if like I told my mom to use Monero, she would get the full benefit of Monero without understanding any of the Ring signatures or the confidential transactions or the stealth addresses.
You don't have to understand any of it.
you just send and receive and there's privacy to that. I think that's valuable. It speaks to me. Um I know it's like sacrilege among like the kind of purists in the Bitcoin world, but uh to me I think there's space for that and I would love to see that level of privacy move onchain for Bitcoin, but it's not there yet. And so I think there's space for for Monero, at least in my world.
>> Yeah, I think the biggest argument against Monero is it's all about the on-ramps and off-ramps, right? You can send Monero back and forth and it's completely private, but once you go and try to spend it somewhere or turn it into dollars, good luck keeping your privacy in that regard, right?
>> True. Yeah. And so you know staying on chain native is you acrew more there but you can at least break the link between you know the source of funds and the disposition of funds which you know there's value in that potentially >> and it's a good hedge right to just like hang on to you know like >> having a rainy day Monero fund maybe not a bad idea.
>> All right taken taken. Okay. Uh, one last thing I want to touch upon with you that I heard you say, which was super interesting, is that the number one thing you can do for your privacy in America is to take steps when you're moving. That can completely reset everything. Explain what that means.
>> 100%. So, um, if you have already live somewhere for a while, from the point at which you move in, data is being collected and and bought and sold around that. And one of the biggest resellers of data is the post office when you give them a change of address uh form. The I think somewhere on the order of 30% of the entire post office budget comes from reselling change of address data. So uh you know once you set up utilities and and everything at that residence then it compounds and so it becomes easy to to map back to where you live. When you move is when you're breaking that connection and you can do a full reset.
And so even if you're not buying a place, right? If you're moving into a rented apartment or something, you can still do a reset. If you're buying a place, you can use a trust or an LLC, right? It requires some work. It's it's bad timing, right? Because moving is already stressful and you're dealing with a bunch of stuff and now I'm saying, let's make it complicated for sport, right? Um but it can be done.
It's not as difficult as people think there. We can help, right? But like you can do it on your own. Uh having an attorney is potentially helpful in the process, but not mandatory. Um, and so if you make sure that you move into that property cleanly and you pay for your utilities cleanly and you're not in county property records tying it back to your name, you could potentially, if you do the work, live in that place privately in perpetuity. It is 100% achievable. I've been doing it for many, many years. Um, and I've learned things along the way. It's gotten harder and easier and, you know, kids change things like there's all sorts of factors. Um, but that move is the number one point at which you can make a huge impact.
>> Well, there you go. All right. Well, if you enjoyed this conversation, you should definitely join us tomorrow at PubK. We're going to be live, Alec and I, on stage at PubK 6 p.m. to 8:00 p.m.
tomorrow night in Manhattan, of course, your favorite Bitcoin bar in the world.
We're going to be discussing all of this and so much more. Um, tell people why they should go tomorrow night.
>> Because it's Pub, right? Like, got to support. No, listen, it's going to be fun. I'm super honestly like thrilled to be doing this with you guys. Um, we're going to be having a similar conversation like today, but more informal, uh, super friendly. A lot of us will be hanging around, you know, uh, friends, colleagues, privacy nerds, Bitcoiners. Um, and so, you know, even if you're just into it for for snacks and pub food, right? like uh please come out and would love to meet people in person and then we can all figure out how to like stealthily go home so that no one follows us, right?
Uh so yes, just put the link there in the comments um over on YouTube. If you're watching us on YouTube, be sure to subscribe, join the channel. We are going hard on YouTube now. Very thankful to be over there. Um, so Alec, do you have any final words of advice and where should people go to find HavenX?
>> Uh, yeah, so thehavenx.com.
Pleasure doing this with you, Rob. Uh, and and you know, kudos to the massive growth at at Bitcoin News. Um, you know, reach out to us. We're super we're nerdy, but we're friendly, right? And and I would just say to people like this stuff is achievable, right? You absolutely can do it. We can help, but you can do it, right?
Yeah. And uh Bitcoin is only going to keep going up and that means that your privacy is only going to get more and more important. So yeah, hit up Alec if you want to learn more about this. Join us tomorrow night in PubK. It's going to be awesome. We love doing live events over there and super excited to meet you all in person. All right, everybody.
This has been Rob with Bitcoin News.
We'll be back next Wednesday, 11:00 a.m.
for another live doing another great deep dive just like this. Thank you for tuning in and we will catch you soon.
相关推荐
Trump's Crypto Bill Just Cleared Committee—Here's What It Actually Does
UNFTR
290 views•2026-05-16
HUGE QUANT BREAKOUT!🚨 | QUANT (QNT) PRICE PREDICTION & NEWS 2026!
CilinixCrypto
144 views•2026-05-16
How is crypto exposure risk being managed by long-term XRP holders? #xrp #crypto
JakesDigitalAccessionGroup
120 views•2026-05-16
Don’t Sell Crypto — Borrow BTC Against It (How Crypto Loans Work)
kqqkqqkq
242 views•2026-05-16
HBAR JUST IN: US Insurance Integration is OFFICIAL
CheekyCryptoNews
143 views•2026-05-15
The XRP Myth: $1 Today = $100 Tomorrow?
odes_ai
2K views•2026-05-18
Kaspa’s Next 30 Days Could Change Everything
cruxofcrypto
501 views•2026-05-18
HBAR The Hedera Council Members WAKING UP?! | QNT Hidden Perspective!
Crypto-Growth
349 views•2026-05-20
