Breaking ChatGPT’s Bitcoin FUD #4: Security Vulnerabilities - part 3...
Vlad Costea's "Breaking FUD" series finishes going to work on the 4th "top threat" to Bitcoin according to ChatGPT.
This excerpt is from the e-magazine issue "BTCTKVR 3: Breaking FUD", released May 2023. I'll keep posting the rest of this e-magazine over the coming days. We'll have 8 more parts of this series to go.
"Breaking ChatGPT’s Bitcoin FUD #4 - part 3:
BRUTE FORCE, SHA256
The bad news is that no developer, protocol change, governmental or non-governmental entity is able to protect you from making mistakes. The good news is that there are some general good practices that you can follow in order to improve your security. They include:
– using a dedicated device to sign and broadcast Bitcoin transactions (a Linux laptop or phone that runs Bitcoin full node software while being used, BIP39 hardware wallets with strong passphrases);
– creating setups which eliminate single points of failure (multisig and SLIP39 Shamir backups);
– using cold storage (metal plates, paper wallets, physical bitcoins);
– protecting yourself through good operational security and privacy (don’t reveal to random strangers where you live, what your Bitcoin setup is, and how much money you have
– this also includes living a materially normal life for your neighborhood/community without showing off). Remember: leak as little information about your Bitcoin activity as you can, or at least mislead your spies to have a distorted image of what you’re really doing and how wealthy you are.
Bitcoin is a currency which enforces absolute ownership. Which means that, once a transaction has been broadcast and confirmed into a block, it has become irreversible. Therefore, every user is responsible for protecting their wealth to the best of their knowledge and ability, according to a real threat model. Before you create any kind of setup, you must ask yourself “who is the most dangerous adversary that’s likely to try to steal my coins?”.
If you’re sharing the computer with other people, then you shouldn’t leave behind unencrypted wallet files. If you’re traveling, then it’s a bad idea to carry around devices which reveal that you’re carrying bitcoin (usually, a hardware wallet is easier to recognize and more suspect than a laptop or piece of paper). If you have children or a nosy spouse who might meddle with your file cabinets and drawers, then it’s better to not keep your backup within reach. If you live in a bad neighborhood with high crime rates, then you should probably avoid keeping any bitcoin backups in your house. And if your area is under the threat of floods, fire, volcano eruptions, or earthquakes, then you need to figure out a system with good geographic distribution that simultaneously makes it impossible to lose everything and easy for you to access the other keys/parts of your backup.
However, the most common threat consists of internet hackers. You can find these criminals under the form of individuals who illegally try to break into your computer, as well as suit-wearing businessmen who design systems that essentially steal your coins within a legal framework. From the first category, you can distinguish people who code malware or else befriend you to later ask for money (whether it’s a Nigerian prince or an Only Fans model who desperately needs help). The second category consists of exchanges and banks, who promise to custody your coins in a safe environment but will restrict you from withdrawing whenever their business model is under water. You should avoid both of these hackers at all costs, as they are the most likely to steal your bitcoin.
While it’s convenient to deposit your coins in some bank account, this type of action defeats the purpose of the Bitcoin project and greatly diminishes your own financial sovereignty. Trusted third parties are security holes and you should never trust an individual or company who promises to hold your BTC in exchange for security and/ or yield.
Of course, there are other types of social attacks: fake exchange e-mails asking you to verify your seed phrase in a reply, callers impersonating a wallet service which asks you to confirm your data (sometimes even a home address) hardware wallet deliveries getting intercepted and compromised via BIP39 seed phrase insertion (the attackers leave their own seed phrase in the box, hoping that newbie users will send their coins there), $5 wrench attacks, and impersonators who pretend to be friends or family members who urgently need a money delivery. These are the ones that become more common as the price and adoption go up. Which is why you need to be aware of them and protect yourself by minimizing the amount of data you provide about the services that you use, the place where you live, and the amount of bitcoin you have.
Getting back to ChatGPT’s argument, it’s disingenuous to assume that people getting scammed is a serious threat to Bitcoin. The network will exist and continue to function in spite of the thieves. Sure, a large number of people might feel scared and deterred by the idea of responsibility. But we shouldn’t forget that self-custody solutions also get more secure and user-friendly over time. Bitcoin’s layers also get more developed and new ways to use and store your money get unlocked.
For example, the Fedimint project plans to enable community banks in which users can unlock their funds with nothing but a selfie. Also the Wizardsardine recently launched their Liana to make it simple to lock your bitcoin until a future block height of your choice. This makes long-term holding and inheritance easy and free even for technical users who don’t understand Bitcoin’s script. You could have done it in Bitcoin Core and Electrum all-along, but now it’s even more user-friendly. Hackers and malicious actors exist in every money system and human organization. What matters the most is to build a culture of fairness, accountability, good practices, and truth.
As long as these are in place, ChatGPT is gonna be taking a big L for being so wrong with its FUD.
Vlad C. 4
Vlad has shown how secure Bitcoin is. Look at those huge, crazy numbers like "115 quattuorvigintillion" used to describe Bitcoin's security! Bitcoin has math and energy on its side and has survived all types of attacks over the past 15 years.
I'm Charles Polanski and I seek to turn the Bitcoin-curious into Bitcoin investors and enthusiasts.
Thanks to Vlad for making this excerpt available to freely spread.
Find him on Twitter: @TheVladCostea
"Your Bitcoin influencer's influencer."
Host of the Bitcoin Takeover Podcast
Writer of the open source @btctkvr mag.
Check out his work: http://linktr.ee/btctkvr