Jameson Lopp: Restraint is important to avoid third-party risks, phishing attacks are a major threat, and a three-wallet system can improve security.

Important takeaways

• Self-restraint in crypto is important to avoid relying on third parties, which puts you at great risk.
• Privacy serves as the first line of defense in crypto security, preventing further attacks.
• Physical attacks on crypto holders are on the rise, highlighting the need for improved security measures.
• Trusted third parties remain the main threat to crypto holders, overshadowing smart contract risks.
• Economic pressures on crypto companies can reduce the frequency of smart contract audits, increasing the risk for investors.
• Phishing attacks are a very common threat to people who hold their own crypto assets.
• Digital security must be prioritized to protect against the high probability of phishing attacks.
• Fraudsters pretend to be reputable products to trick users into giving permissions, leading to stolen goods.
• Physical threats, including home invasions, are a major threat to crypto holders.
• Devices targeted by malware that protect private keys pose a major threat to wallet security.
• Social engineering is a common technique in phishing attacks, which emphasizes the need for user awareness.
• A three-wallet system is recommended for risk management in crypto trading.

Guest introduction

Jameson Lopp is the founder and CTO of Casa, a Bitcoin security company specializing in key management solutions. He previously worked at BitGo, where he developed multi-signature security services that now protect 20% of all Bitcoin transactions. Lopp also created Statoshi, a platform that monitors the Bitcoin network for attacks.

The threat of third party trust in crypto

• “The biggest threat to crypto natives is relying on untrusted third parties and not keeping their assets.” – Jameson Lopp
• Self-defense is emphasized as an important preventive measure to reduce accidents.
• “Privacy is the outermost layer of security in the crypto space.” – Jameson Lopp
• Physical attacks on crypto holders are gaining attention, highlighting new security concerns.
• “The biggest threat to crypto holders comes from trusted third parties rather than new smart contracts or branch attacks.” – Jameson Lopp
• Economic pressures may lead to fewer smart contract audits, increasing risk for investors.
• Phishing attacks are the biggest threat to people holding their own crypto assets.
• Digital security should be prioritized to protect against common crypto threats.

The rise of physical and digital threats

• “Fraudsters often pretend to be legitimate products to trick users into giving permissions that allow them to steal goods.” – Jameson Lopp
• The most dangerous act involves potential physical threats to individuals and their families.
• Attackers often use malware to compromise devices that protect private keys, leading to potential wallet theft.
• “Almost all phishing attempts involve elements of social engineering.” – Jameson Lopp
• Fighting digital threats in crypto requires simplicity and reducing attack surfaces.
• Users should separate their crypto wallets based on the amount of funds and the risk involved.
• Completely avoiding on-chain activities may not be the best solution to reduce risks.

Managing crypto security through wallet techniques

• “A three-wallet system can help manage risk in crypto trading.” – Jameson Lopp
• Simply owning an ETF instead of participating in crypto activities defeats the purpose of owning a digital asset.
• Properly managing private keys and seed phrases can greatly reduce the risk of losing crypto assets.
• Users should avoid keeping all their crypto assets in one wallet to minimize risk.
• A good way to separate a portfolio is to use a hot portfolio for small amounts and a cold portfolio for larger assets.
• Social engineering is the most common form of attack on crypto holders today.

The importance of self-control and safety measures

• “People need to realize the responsibility that comes with keeping their crypto assets.” – Jameson Lopp
• Using a crypto wallet requires a high level of understanding to avoid costly mistakes.
• Transactions involving on-chain assets should never be rushed, especially under emotional stress.
• Many social media channels lack authenticity, making them vulnerable to impersonation.
• “I don’t trust an incoming message that seems blurry.” – Jameson Lopp
• Using internal shared information to ensure trust rather than random words.

Improving security through physical and digital measures

• “It is safer to go directly to websites than to click on links in messages.” – Jameson Lopp
• Password managers protect users from various types of phishing attacks by ensuring that credentials are automatically filled on legitimate websites.
• Investing in a hardware authentication key like the YubiKey is a smart decision for anyone involved in crypto.
• SMS two-factor authentication is not very secure and should not be used.
• Yubikeys provides high security two-factor authentication by storing secrets in the hardware device itself.
• Email accounts are the most critical aspect of most digital people’s lives.

Addressing privacy risks in the digital age

• “Investing in security measures like passkeys and YubiKeys will be important for everyone in the future.” – Jameson Lopp
• The goal of security is to have a better defense against potential attackers.
• Using a different mechanism to sign crypto transactions is a foolproof way to improve security.
• The number of violent attacks targeting people with digital assets is increasing.
• Attackers identify potential targets by monitoring their digital presence and wealth indicators.
• The digital age has created a greater vulnerability to privacy for individuals.

Organized crime and cross-border threats

• “Attacks on crypto accounts often involve kidnapping for ransom.” – Jameson Lopp
• Dubai has the highest rate of get-rich-quick attacks due to high-value face-to-face OTC trading.
• Corruption within the tax authorities can lead to the exposure of people with crypto assets to organized crime.
• Organized crime often involves a remote mastermind working with local criminals.
• Organized crime uses cross-border arbitrage to attack crypto holders.
• Attackers can easily identify the victim’s physical address through various data leaks.

Preventing physical and digital security breaches

• “Protecting yourself from becoming a victim is essential to reducing the risks associated with home invasions.” – Jameson Lopp
• Rich attacks can happen even when goods are stored with guardians, not just by holding them.
• Ransomware attackers have a success rate of over 50% and are capable of stealing tens of millions of dollars annually.
• To prevent a wrench attack, one must eliminate them as a single point of failure in their security setup.
• A distributed key system improves security by using multiple hardware devices from different manufacturers.
• Permissionless public networks can achieve security models that surpass traditional institutions like banks or Fort Knox.

The role of multisig protection and differentiation

• “Using air-gapped devices such as ledgers and values ​​is critical to protecting crypto keys from cyber-attacks.” – Jameson Lopp
• The biggest threats to security come not from hackers but from errors and environmental failures.
• The Multisig setup provides flexibility and redundancy in core management, reducing the risk of catastrophic failure.
• Decisions about key distributions in crypto involve trade-offs between convenience and security.
• Distributing keys to different locations improves security but can be disruptive.
• Physical defenses and setting up multiple signatures are critical to preventing a successful wrench attack.

The future of self-control and financial sovereignty

• “Vitalik Buterin’s multisig setup includes a community renewal approach to improve security.” – Jameson Lopp
• If the success rate of attacks drops significantly, attackers will find it less profitable to attack at home.
• Being a strong victim is essential to personal security.
• Strengthening home security can greatly deter unauthorized entry.
• Most American home construction uses inadequate safety features.
• Home defense requires a strategic approach to weapon access and security.

Improving privacy and security in crypto transactions

• “To improve on-chain privacy, it is important to use new wallets funded by different exchanges than those used in previous wallets.” – Jameson Lopp
• Using mixers for privacy can lead to compliance risks and unwanted connections.
• For strong privacy, it is best to use crypto designed with privacy features at the protocol level.
• Privacy in the crypto industry is currently insufficient and poses significant risks.
• Using exchange API keys in tax software can lead to security vulnerabilities.
• The responsibility of managing private keys can feel overwhelming and can prevent others from protecting themselves.

Balancing comfort and safety in your defense

• “Crypto independence may be the end game despite current obstacles.” – Jameson Lopp
• Keeping them in crypto empowers people by allowing them to manage their money without relying on external authorities.
• Human nature tends to be complacent, which makes it difficult to achieve financial self-control.
• Self-preservation in crypto should be made very easy to prevent users from giving away their control to other people.
• Empowering people through non-public agreements is essential to achieving financial sovereignty.