Bitcoin Self-Defense, Part 2: In-Person Transactions

Image credit: http://spelunk.in/2013/07/14/los-angeles-bitcoin-meetup-2-writeup/ See also: Bitcoin Self-Defense, Part 1: Wallet Protection The in-person
Image credit: http://spelunk.in/2013/07/14/los-angeles-bitcoin-meetup-2-writeup/ See also: Bitcoin Self-Defense, Part 1: Wallet Protection The in-person
Op-ed - Bitcoin Self-Defense

Image credit: http://spelunk.in/2013/07/14/los-angeles-bitcoin-meetup-2-writeup/

See also: Bitcoin Self-Defense, Part 1: Wallet Protection

The in-person Bitcoin economy is an exciting place to be. Ever since “Satoshi Square”, an in-person Bitcoin exchange event in New York City, had its first meeting in May, the popularity of trading bitcoins for cash, and for goods, in person has been growing exponentially. In the two months that followed, Satoshi Square spinoffs have been held in Los Angeles, Boston, Toronto and even, albeit without the “Satoshi Square” brand, Berlin. Bitcoin meetups in Argentina are seeing hundreds of people attending, excited about the currency’s potential ability to help them protect themselves against inflation and tight capital controls. Wired ran an article entitled “Why the Only Real Way to Buy Bitcoins is on the Streets“, and a journalist from Market Watch entitled his piece “I walked into a bar and watched as people swapped thousands of dollars for bitcoins”. These developments are highly positive; not only does in-person Bitcoin exchange help increase Bitcoin users’ privacy in the face of regulations forcing nearly every exchange to demand personally identifying information from its users, but such events also help build community, establishing the Bitcoin ecosystem as a tightly linked parallel economy – in fact, a full-scale parallel society, where an increasing number of people are finding their hobbies, jobs, friends and products all at the same time.

However, at the same time it is of the utmost importance to realize that in-person Bitcoin trade is not without its risks. As a Bitcoin user, there is a high probability that you come from an upper middle class, low-crime, background and spend sixteen hours a day in front of a computer. This type of lifestyle is certainly not in any way wrong or immoral; I myself am a product of such an upbringing. However, it does mean that you have so far been living a very sheltered life, and even the most basic of warning signs that experienced “street kids” take for granted will be simply lost on you. The risk of dealing with strangers is much lower than what media reports make us believe, but that does not mean that it will never happen; in fact, if you publicly establish yourself as a Bitcoin user carrying thousands of dollars worth of value in your digital wallet, the chance that something will happen to you may go up drastically. So far, we can be thankful that there have been only a few minor incidents of in-person Bitcoin crime taking place. When a major one does take place, however, that may seriously shake the public’s confidence in the growing Bitcoin community – so by delaying that day through exercising caution and vigilance, it is not just you that stands to benefit.

Risk 1: “I never paid for that!”

The following scam sounds too brazen and too simple for it could not possibly happen in practice, but two months ago it did. The story is this: a Bitcoin user was buying headphones from another in person in a restaurant. The seller gives his Bitcoin address, the buyer types it in, the seller confirms that it’s correct, and the buyer hits send. Then, however, “He casually stands up, has the headphones, and walks away. I stand up pretty quick, and shout after to him, accusing him of theft. He says a quick comment around the lines of ‘If you can’t pay the price don’t waste my time, I said $80′ and walks out. I contemplate chasing after him, calling the police, or fuck maybe getting some public attention, then I realized I didn’t have a leg to stand on. Cameras would show a guy sitting down at a table, showing me headphones, me inspecting them, then playing on a computer for a bit, with him walking off.”

It is a common assumption that people make that being in public automatically makes less one more safe. In reality, however, this is far from always the case. The most notorious counterexample of all is the story of Kitty Genovese; as Wikipedia describes it:

Arriving home at about 3:15 am she parked in the Long Island Rail Road parking lot about 100 feet (30 m) from her apartment’s door, located in an alley way at the rear of the building. As she walked towards the building she was approached by Winston Moseley. Frightened, Genovese began to run across the parking lot and towards the front of her building located on Austin Street trying to make it up to the corner towards the major thoroughfare of Lefferts Boulevard. Moseley ran after her, quickly overtook her and stabbed her twice in the back. Genovese screamed, “Oh my God, he stabbed me! Help me!” Her cry was heard by several neighbors but, on a cold night with the windows closed, only a few of them recognized the sound as a cry for help. When Robert Mozer, one of the neighbors, shouted at the attacker, “Let that girl alone!”, Moseley ran away and Genovese slowly made her way toward the rear entrance of her apartment building. She was seriously injured, but now out of view of any witnesses …
[A few hours later] Moseley proceeded to further attack her, stabbing her several more times. Knife wounds in her hands suggested that she attempted to defend herself from him. While Genovese lay dying, Moseley raped her. He stole about $49 from her and left her in the hallway. The attacks spanned approximately half an hour. A few minutes after the final attack a witness, Karl Ross, called the police. Police arrived within minutes of Ross’ call. Genovese was taken away by ambulance at 4:15 am and died en route to the hospital. Later investigation by police and prosecutors revealed that approximately a dozen (but almost certainly not the 38 cited in the Times article) individuals nearby had heard or observed portions of the attack, though none saw or were aware of the entire incident. Only one witness, Joseph Fink, was aware she was stabbed in the first attack, and only Karl Ross was aware of it in the second attack. Many were entirely unaware that an assault or homicide was in progress; some thought that what they saw or heard was a lovers’ quarrel or a drunken brawl or a group of friends leaving the bar.

A common reaction is to attribute the witnesses’ inaction to some form of human callousness and depravity; in reality, however, it was not a willingness to act, but the lack of knowledge that there was something to be acted on, that takes greater responsibility for the tragedy. The headphone thief was banking on precisely this sociopsychological result. From the buyer’s point of view, and the point of view of outsiders having the full information of the incident after the fact, the seller was obviously guilty of fraud, and the buyer subconsciously expected the rest of the restaurant patrons to share the perspective. In reality, however, as the buyer realized seconds too late the other patrons had no way of knowing who was actually in the right.

Mitigation

A perfect solution here is in fact something that the Bitcoin community is doing already: Satoshi Square meetups. Rather than meeting up to make trades in anonymous restaurants, what safer place is there to make a Bitcoin sale than in the middle of dozens of experienced Bitcoin users doing the exact same thing? Satoshi Square events could become not just the hub of Bitcoin for fiat exchanges, but also a recurring, ephemeral flea market for people selling used goods. In most cases, finding a buyer for some esoteric product is difficult among a few dozen traders, so the buyer and seller would need to make an agreement online beforehand, but as a place to meet Satoshi Square is the perfect candidate. If you are going to meet on your own, be sure to plan ahead, and know exactly what you are going to do if the counterparty turns out to be less honest than you had thought. Make sure the product is in your hands, or at least on the table, before you make the payment.

Risk 2: Outright Mugging

Fortunately, a true Bitcoin mugging has not happened yet. The closest thing we have is a story of questionable veracity from a German Bitcoin trader who claimed to have bought 60 BTC in person for $4500, and was then beaten and robbed by the seller of his cash, laptop, smartphone and watch. The attacker was unable to recover the bitcoins, but the victim also lost them because the fifteen-character Blockchain.info password was stored only on his laptop. In general, regardless of whether it is true this story is not particularly instructive, except as a reminder to keep many backups; aside from the incidental loss, it was little more than a conventional mugging. The more interesting question is, how would an attacker rob a victim of their bitcoins?

The main challenge in a hypothetical Bitcoin mugging is not the coercion; if the attacker knows how many bitcoins you have, it is easy for them to keep whacking you with a five-dollar wrench until you cough up the wallet password. Rather, the challenge is figuring out how much you have in the first place. In theory, Bitcoin has the potential to provide a very high level of privacy to its users and thwart many attempts at de-anonymization. In practice, however, if you do not take precautions breaking privacy can be quite easy. The attack is this: first, the attacker sells the victim some trivial item (eg. $10 USD) for bitcoins, and lets the victim make the payment. Then, the attacker takes advantage of a key insight: if a transaction has inputs coming from multiple addresses, those addresses are all probably owned by the same person. Starting from the address the victim used to send the payment and iteratively applying this process, the attacker computes a set of addresses called a “closure”, that are quite likely all owned by the victim. Tools exist to do this automatically. This provides a lower bound on the victim’s Bitcoin wealth, and is used to weed out low-net-Bitcoin-worth individuals. When the attacker finds a high-net-Bitcoin-worth victim, they can then follow them into a dark alley and demand their private keys. Sometimes the attack is much simpler: simply look over potential victims’ shoulders and see if anyone has more than $5000 worth of BTC. Even worse, the coercion step may not even be necessary – simply shoulder surf) to get the password (including the computer’s screen lock password), physically whack the victim one or two times to get the computer, and input the data yourself.

Mitigation

The best defense against such attacks in general is to keep multiple wallets: one spending wallet and one savings wallet. The spending wallet should be optimized for convenience, whereas the savings wallet should store the bulk of one’s funds and be used only occasionally. Consider sending your bitcoins from the savings wallet to the spending wallet through a proxy to keep the savings wallet anonymous; for example, deposit from the savings wallet to an exchange or gambling site, and then withdraw those same funds to your spending wallet. The process usually does not link the two in the blockchain. Even if you do not take this extra step, however, this wallet separation will still help massively – you can keep the keys to your savings wallet printed on paper at home, and even if you do not you can still claim that you do, and potential muggers would not have any way of getting anything out of you beyond what’s left of your spending wallet.

Sometimes you might need to get your savings wallet out at Satoshi Square; many people want to trade thousands of dollars worth of bitcoins, and you can earn a healthy commission by making these trades both ways at a one or two percent fee. This is okay; as long as you are in Satoshi Square the presence of dozens of other Bitcoin users around you protects you. Once you leave, however, you are vulnerable to being followed as a high-value target; the best safety tip here is simply to send all remaining bitcoins to another wallet which you can only access from home (or pretend that you can only access from home) once the event ends. If your defense is based on pretending, it is best to set it up so that potential muggers get at least some small amount like 0.095 BTC; this presents a much more convincing case that that is really all you have. Anything that looks like blatant resistance is an easy way to get yourself hurt.

Conclusion

Most of you will never have to deal with any of these issues. Crime is fortunately an increasingly rare occurrence in the developed world, and many people go through their entire lives without ever seeing anyone in person that is genuinely interested in harming them physically or financially for personal gain. However, eventually some kind of incident will happen, and if it does it is much better to be prepared. All safety is fundamentally about risk mitigation; no measure is guaranteed to protect you, and outright avoiding offline trade out of fear of being defrauded will not help anyone. However, there are certain basic measures of protection that we can take: stick together when possible, don’t carry thousands of dollars in an insecure wallet, don’t publicly advertise that you are carrying thousands of dollars even in a secure wallet if you can open it, and everything will very probably be fine. All in all, it is better to be vigilant earlier rather than later.