>That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone.
Not to victim blame, but it really is odd to me that someone would leave any amount of BTC on their phone, let alone millions of dollars worth.
>The Hamilton teen faces charges of theft over $5,000 and possession of property or proceeds of property obtained by crime
I've always wondered why the line is drawn at $5,000. It's mildly interesting that stealing $46M and stealing $5,000 result in equivalent charges.
The SIM swap attack was used to access an online service where the BTC was stored.
I know the classic cryptocurrency trope is that Bitcoiners will move money to a paper wallet and then store the passphrase securely somewhere, but in reality that's about as attractive as cashing it out as 46 x (hypothetical) $1 million dollar bills and storing it in a safe.
In other words: Most people who have that kind of money really don't want to do anything like that. Most people who don't have that kind of money really overestimate how easy it is to safely and securely store something like that.
But that's beside the point. We could debate all day about storing paper wallets in bank safety deposit boxes or using Shamir's Secret Sharing or any other number of increasingly complex scenarios, but in practice most with that kind of wealth aren't really interested in locking it away and not touching it. If they want to make an investment, trade, or purchase, do they jump through all of the hoops to unlock and move some of the money and then securely store it all away again? Surely someone might, but in practice most people want it somewhere that that can trade, invest, transfer, and access with reasonable security.
This inevitably turns into one of those internet OpSec debates where people on the sidelines imagine scenarios where they are smarter than the victim (with the benefit of hindsight, of course), but in reality there are many, many people out there storing vast amounts of wealth accessible by 2FA with their phone and it's rarely ever a problem. Cryptocurrency makes this more complicated because the transactions are irreversible, fast, and (somewhat) easy to hide.
So if you happen to be internet famous for bragging about your Bitcoin wealth, definitely take steps to make it impossible for people to access it via phones or anything else. But you also probably want to obscure your physical location and invest in personal security, because in-person attacks are the next step. But in reality, a huge number of people have access to a lot of funds via digital access without such problems on a regular basis. It's fun to fantasize about ultimate OpSec, but in practice most people want the money accessible and tradeable on short notice.
A dead-simple soft-wallet, which requires about 2 steps to setup and 2 more to transfer and hold your millions of dollars in, would have prevented this. Roughly 15 minutes of time, at most.
You don't need to be the NSA to secure your crypto, as you seem to be implying.
I said that people keep their funds hot to use them, not that you need to be the NSA to secure them.
Trust me, I know how to set up a crypto wallet and secure it.
My apologies, I guess.
I'm speaking neither hypothetically nor in hindsight since I pre-ordered the first hardware wallet back in the day and have never lost coins.
That's very hypothetical, though. There are a few key differences:
1. Moving money to a paper wallet is not difficult in practice. Ideally, yes, you would generate the private key in an air-gapped computer running a secure operating system and print out the private key and the Bitcoin address, then incinerate the computer, storing away a second identical computer that doesn't have the wallet on it yet, and that would have a similar level of difficulty to buying and installing a safe. In practice, you can probably get better security than a physical safe just by generating a new wallet in Electrum, writing down the seed phrase, and deleting the wallet from Electrum. When you need to spend some of the coin you can reanimate the wallet, sign a transaction, and delete it from Electrum again. If your cellphone is backdoored then the thieves can loot your wallet at reanimation time, but that's probably harder than drilling a safe, most of the time.
2. As you point out, million-dollar bills are hypothetical. The largest US dollar denomination ever printed was US$10k, and the largest in circulation since 01969 is US$100. So, in practice, you're talking about a safe containing 460,000 US$100 bills, which will be very difficult to either acquire or dispose of without getting robbed.
3. The dollar inflates, by design, so it's a terrible investment. It's lost 96% of its value since the end of the gold standard in 01971, and an additional 6.2% over the last year. That's the reason why a safe full of dollar bills is a total failure for wealth preservation. Bitcoin suffers from a lot of volatility but it's structurally designed to not suffer from secular inflation, and in fact one of the principal criticisms of Bitcoin is that it's inherently deflationary. It seems to have returned an average of about 150% per year over the last 10 years: https://bitcoincharts.com/charts/bitstampUSD#tgSzm1g10zm2g25..., and while that trend surely must be nearly over (it can't continue for more than another 5 years and might already be over), it also clearly hasn't been suffering from inflation. In this sense, the most important difference, the dollar and Bitcoin are opposites.
Yes, it's true that there are people who like to gamble by day-trading cryptocurrencies, but most people who do that end up losing all their money. Investing wealth doesn't require your assets to be "accessible and tradeable on short notice"; it requires rebalancing asset classes every three months. Berkshire Hathaway makes a few dozen transactions per year. You don't need to make more transactions than Berkshire Hathaway.
You say, "there are many, many people out there storing vast amounts of wealth accessible by 2FA with their phone and it's rarely ever a problem," and in a sense that's true; it's relatively unusual to have a meltdown like the Argentine collapse of 02001 (where all bank depositors lost all the dollars they had in the banks), Mt. Gox in 02014 (where all Bitcoin depositors lost all their Bitcoin, about 850,000 BTC or US$450M), Bitfinex in 02015 (where their depositors lost about 1500 BTC), the Greek banking system in 02015 (where Greeks were prohibited from carrying more than 3000 euros out of the country and could only withdraw a limited amount of cash from their bank accounts for three years), and Bitfinex in 02016 (where their depositors lost 119,756 BTC).
But it would be a terrible mistake to conclude that, just because an event like this happens only about once every four years, it is unlikely to happen to you. It's true that it's "rarely ever a problem", but when it is a problem, it's a problem for millions of people, sometimes hundreds of millions. Hosted wallets do not and cannot offer "reasonable security".
Today I see a lot of people who are "trading Bitcoin" but actually holding Tether in Binance accounts (which has replaced LocalBitcoins as the retail hosted wallet of choice here in Argentina).
Tether has historically been backed by fraud, and it's operated by Bitfinex, which (as noted above) has a history of its customers' money mysteriously disappearing, and which is locked out of the world banking system.
Binance is banned in the US and UK, is being criminally investigated by both governments, and has had to move its headquarters from China, to Japan, to Malta, which also says they're investigating it. It's also being prosecuted in Thailand.
Without casting any aspersions on the integrity of Binance's people, it's clear they're at significant risk of having their assets confiscated, at which point all of their depositors would lose their deposits. And Tether is at significant risk of collapsing, either due to fraud or to mismanagement. So these people are dancing on a tightrope, and most of them don't even know it.
So, run a wallet on your own hardware. At least a thin wallet like Electrum. Or get a Trezor.
One would think with any significant amount of crypto that you store it somewhere non-network accessible (at the very least, not holding it all in a single online exchange).
Most exchanges did not have proper 2FA until the sim-swath-swoop of 2018-2020.
The first thing I usually do is enable OTP but I know some companies will still fallback to SMS.
A lot of those lines are drawn completely arbitrarily, and might be very old and haven't been updated to reflect inflation/rising prices.
A classmate of mine copped a felony property damage charge as the threshold was set at a mere $500 at the time, for a typical senior year high school rivalry prank and it really fucked up his life.
There's an interesting effect where law makers can pass a law with static dollar amounts that seems reasonable at the time, but the force of inflation covertly expands the scope of the state's authority deeper and deeper into the society without any further action or political risk by present lawmakers.
A great example of this is the Bank Secrecy Act, which requires reporting of transactions greater than $10,000 to the federal government. At the time it was passed in 1970, $10k was the equivalent of ~$70k in 2021 dollars. $70k actually seems like a pretty reasonable amount as that's a very large transfer that the average person does very rarely for mostly legitimate reasons, like buying a house. It's easy to justify why the feds could use this data to investigate large scale criminals and money laundering. But as inflation has stripped away the value of the dollar, more and more people and activities are falling into that $10k limit.
Basically, the surveillance state gets to sneakily expand when laws are pegged to a currency that's constantly inflating by design.
$10k in 1970 was the equivalent of $70k today. So all the transactions between 10k-70k in today's dollars would not have been included in the original intent of the law, but are now included today. I won't pretend to know all the kinds of transactions that fall under that scope.
The reason for the differentiation is not to make a $5k theft and a $46m theft equivalent. There is a threshold because, for instance: stealing some pocket change is not a serious crime, and stealing large amounts of money is serious.
I'm curious if you actually think that I wasn't aware of this? I don't think many people need that pointed out to them.
My comment was on the arbitrariness of the line, or why there is a single line at all (opposed to a gradient, or multiple "theft over x" categories, etc.).
I, of course, was not suggesting that you didn't know the difference in seriousness. I am stating that the difference in seriousness is the reason for the line, because the underlying legal system generally differentiates crimes this way.
Just because a crime has a title [x] doesn't mean that the sentence is always [y]. Often the laws will provide for a range of sentencing depending on other factors.
It's bad and all and he is f'd, but "stole $46m" does sound like a pretty bad ass line item on a teen's wrap sheet.
I was charged with theft under 5 when I was 14 after stealing two candy bars and a drink from Walmart. Same charge as I would of had if I stole a 70" flatscreen TV, or a top of the line computer.
It basically comes down to if you steal more than $5000 you might go to a very bad place and if it's less, you only go to a slightly less bad place. The line has to be drawn somewhere, and no prison is a particularly good place so it really hardly matters.
$20 doesn't buy as much today as it did in 1800. :-)
When they're big enough, differences of quantity become differences of quality.
It went from 5.5 to 6 in 2011, then to 8 in 2017 and is still there AFAIK. It seems a bit haphazardly managed to me, but it's something.
Anyway fabricating evidence has been around for as long evidence has been needed to settle disputes.