Money is power – your money, the power to spend.
An escape hatch from the Monetary System
Recently I was the victim of several types of fraud through the legacy monetary system, banking counter-party risk basically.
- Debit card fraud: A transaction that I did not make showed up on my account. Required getting a new card and the bank did take care of the fraudulent charges.
- A fraud about debit card fraud: A fraudster called me, preceded by a text that told me of a suspicious card transaction, spoofing the banks own phone number no less. They tried to get me to give up my credentials over the phone and then pretended there were several checks written against my checking account. They tried to run me through the process of setting up Zelle and having me send money to a weird email address. I just played along and acted like I didn’t understand how to use the Internet until the call dead ended.
- Law firm fraud: A law firm, a lawsuit mill, files a fraudulent suit in the wrong venue using a fake address, so I get sued without my knowledge, resulting in a default judgment. I caught this in time before they were able to execute the judgment, or else they could have performed a money grab out of the bank account, without my knowledge. I informed the court of the fraud, the lawfirm, the Consumer Finance Protection Bureau CFPB and all other parties that had a hand in this. This was a shocker as I didn’t even realize that his type of fraud existed.
Thoughts
After all this I was thinking about what could be done to lock up money, away from the reach of fraudsters as there is counterparty risk to a lot of things money related, especially in the legacy banking world. Some banks don’t even offer good security, like 2FA via a security key only and NOT 2FA texting to a mobile number that can be spoofed or email, equally weak.
Self custody of Bitcoin seems like the most solid way in light of the weaknesses in the monetary system. Why Bitcoin? Other tokens have less utility, why do we need 1000s of them, and some might be counted as securities someday and some have more inflation as tokens are minted at the whim of the founders or core team and so on.
But, there are caveats:
- You need to know what you are doing or else you can blow you cover and compromise your keys and therefore coins and also be too ‘public’ with transactions.
- Corollary: Not your keys, not your coins!
- Don’t trust, verify
- Bitcoin is pseudo anonymous. You are sitting behind a public key and if you use a limited set of keys repeatedly it is possible to trace, via history on the blockchain, who you are and how many sats you have stacked. This is particularly true of an address used, lets say as a donation or payment address which is static. Ideally, you want dynamic addresses. Revealing too much information like this could make you a magnet for fraudsters that decide it is worth trying to, let’s say hack your warm wallets by injecting malicious code on your phone or PC, via an email with a cat video. Or spoof your phone number to bypass 2FA and so on. Heck, they might even try to track down where you live via social media and park in front of your house and break into the WiFi by stepping in on the four way handshake used to secure it, then they are on your home network and have access to every device directly!
- Always visually verify addresses you send to. Just in case some copy/paste virus gets in the middle and changes the address.
Suggestions for caveats:
- Your keys = Your Coins: Store the bulk of your stack on a cold wallet or paper wallet, in a safe place. Seed phrases as well. Keep only a small amount on a hot wallet, like an app or web wallet, exchange,etc.
- Stay Private: Use methods to conceal the path of transactions by breaking the address linkage, effectively creating dynamic addresses. Porting through privacy coins comes to mind here and for a BTC only solution, Wasabi wallet, linked to a cold wallet such as Coldcard, BTC only wallet that can be air gapped.
- Equipment SEC: Air gapped wallet allows you to use something like an SD card to move a partially signed transaction to the cold wallet to sign and back to a hot wallet that is watch only, so it can only take in but, not spend BTC. You can only spend by creating a partially signed transaction and moving it by hand using SD card to cold wallet, signing and moving it back via SD card. Sounds complicated but, is secure. No compromise and follows the verify and don’t trust the hot wallet sitting on the phone or PC connected 24/7 to the Internet, making it only medium secure. Keep phones, PCs and Wifi secure, good passwords/biometrics and keep thinking through the holes lurking in security.
- Dumb Human Things: Verify addresses when sending, use excellent passwords and PINs, read the instructions on equipment, like wallets, seedphrase security. Don’t get conned, don’t brag, don’t accidentally dox yourself. People are always inventing new ways to screw things up, so even with the best technology and encryption, mistakes happen, look on the Internet for more examples.
Idea on using Wasabi Wallet to enhance privacy along with cold storage
You can use Wasabi Wallet to enhance the privacy of your coins before transferring them to a cold wallet. Here’s a step-by-step process:
- Transfer Funds to Wasabi Wallet:
- Transfer your funds from the exchange or other warm wallets to your Wasabi Wallet. This can be done by sending the funds to an address generated by your Wasabi Wallet.
- Initiate CoinJoin Transaction in Wasabi:
- After receiving the funds in your Wasabi Wallet, initiate a CoinJoin transaction within Wasabi. This process will combine your transaction with those of other users, significantly enhancing privacy.
- Wait for Confirmation:
- After initiating the CoinJoin, wait for the transaction to be confirmed on the Bitcoin network. This may take some time, as it depends on network congestion and the number of confirmations required.
- Send Funds to Cold Wallet:
- Once the CoinJoin transaction is confirmed, you can safely send the funds from your Wasabi Wallet to your cold wallet. This step ensures that the funds you send to the cold wallet have undergone the privacy-enhancing CoinJoin process.
- Consider Multiple Rounds of CoinJoin:
- For additional privacy, you may consider repeating the CoinJoin process with the funds in your Wasabi Wallet before sending them to the cold wallet. This can be done by initiating another CoinJoin transaction within Wasabi.
Remember, while this process can significantly enhance privacy, it doesn’t provide absolute anonymity. Also, the privacy features depend on the number of participants in the CoinJoin process, so it’s beneficial if more users are actively participating in CoinJoin transactions.
Always stay informed about the latest features and best practices in using Wasabi Wallet, as the specifics of the wallet’s functionality may evolve over time. Additionally, consider the transaction fees and potential delays associated with the CoinJoin process and Bitcoin network confirmations.
Alternative Idea Using Monero Swap
Just an idea that I was thinking of, not sure if it would be as good as the solution above using Coinjoin. But, the idea is to take some kind of coin BTC, USDC, whatever that you on ramped from USD via an exchange. Use some kind of swap, like SimpleSwap or the swap feature of a wallet such as Exodus and swap the non private coins from an exchange into XMR on a wallet, then swap to something like BTC on the cold wallet. When spending, run backwards, swap to XMR, then to the crypto of your choice and spend
When you convert BTC to XMR, the transaction history of the BTC is effectively broken, as the privacy features of Monero make it difficult to trace the source of funds. However, when you swap back to BTC, the privacy features of Monero may not be as effective, and your transactions could potentially be traced from that point onward.
It’s essential to note that while Monero provides strong privacy features, the overall privacy of any cryptocurrency transaction depends on various factors, including the platforms and services used for the swaps. Additionally, the regulatory environment surrounding cryptocurrency exchanges and transactions may impact the level of privacy you can achieve.