As someone who has worked for and/or audited most major crypto custody companies, I am sad to report every single one takes shortcuts that give single individuals acting alone the power to move billions of dollars in value. They also never review third party dependencies. They blindly merge any code dependabot tells them to merge from internet randos and give it control of the funds.
This level of negligence should be illegal, but it isn't. Negligence is the default in crypto custody. There are no useful security regulations in this space.
Even the ones that think they have a good split custody solution or claim to use HSMs always let an IT manager have remote access to all workstations involved or a release engineer build the software that is used shifting the centralized power and risk to them.
Kidnappings and torture are becoming common as people realize this
https://github.com/jlopp/physical-bitcoin-attacks
If you directly or indirectly control secret keys of any significant financial value on your own, you are endangering yourself and your family.
Even if you only maintain an open source library used by crypto custodians that do not review the code you write, someone has good reason to coerce you into sneaking in malicious code.
To engineers working at custodians: Make your employers manage keys with a quorum of geographically distributed individuals with HSMs, immutable time delayed access controls, and a software supply chain that is full source bootstrapped, reviewed, compiled deterministically, and signed by multiple people so no single person can manipulate the flow.
My team and I open sourced a lot of tooling to do this safely. Please use it, or use it for reference to ensure your internal tooling meets the same bar.
But don't you see, dear kidnapper, you've made such folly for my systems do not allow me any access to grant your one desire. I'm worthless to you! In fact I'm only a liability now!
Related ongoing thread:
Wrench Attacks: Physical attacks targeting cryptocurrency users (2024) [pdf] - https://news.ycombinator.com/item?id=44087183 - May 2025 (50 comments)
The most telling or disturbing thing I learned from a recent article posted here about the Crypto-related kidnappings was how criminals found some of their victims’ addresses and personal information in marketing data that companies kept on their customers.
The recent Coinbase leak is mostly stored KYC data AFAIK, so even if the company isn’t using it for marketing, they’re probably being forced to store data that they’re not responsible enough to protect.
Yup - KYC is of course going to have identifying info on customers.
> Inside the home, the police found Polaroid pictures showing the man bound and being assaulted
Because of course. These people live in a world where nothing can touch them, least of all the law, so why wouldn’t you literally make your own evidence of your crime and leave it lying around.
To send to the man's employer/friends/family for ransom if the crypto thing didn't work out?
This is part of why I designed Tarsnap to keep data as secure as possible, even from me. If someone stores their crypto keys -- or world domination^W optimization plans -- on Tarsnap, I don't want to get kidnapped and tortured by anyone trying to steal that data.
What if they force you to change the way your software works so the data is no longer encrypted unknown to the user?
If torturing and kidnap are on the table, how does this help? They can torture you to give them the keys just like a password.
He can’t give the attackers the customer keys or any other data. But yes as another poster says downtown the attackers may not actually understand that.
You might want to study asymetric cryptography.
No, you'd better hope that the kidnappers have studied cryptography. If they think they can extract something, they'll go ahead anyway.
Who can access it?
the person who uploaded it only (or whomever they shared keys with)
Okay, so kidnap them, right?
yes and? you get the data of only one tarsnap user.
The comment you were responding to was from the tarsnap creator where he was saying he doesn't have access to those keys so cannot be coerced to give them (and thus has no way to decrypt the data of all the clients).
And the point is, the main creator isn’t the target in any of these situations anyway. The end user is. So what’s the point of the statement?
You really think the kind of people who do such things will read your website and just give up? "Aw shucks, he's using e2e encryption, no point trying anything"?
You missunderstood the comment. He can not access the data. You need to find the person who uploaded it, despite him hosting said data.
I think you misunderstood the comment. Or maybe I did.
My understanding: the rubberhose crypto-analysis, even if unsuccessful, will result in some major damage done. Determined attacker might try to apply it regardless of any online statements on the off chance that the statements are wrong.
You understand correctly. I suspect that in the experience of such attackers, it's not even an "off chance". They're probably up against exaggerated claims of security more often than truly well-founded ones.
And you really think that people who routinely use torture to extract information, and for whom claims that "I don't know it!" is basically the standard obstacle to overcome, will just believe him without even trying, because it's "math" and therefore true?
The reality is, in the xkcd Rubberhose cryptanalysis scenario, being actually unable to give up the information is a MUCH WORSE situation to be be in than having a key to give up before they permanently maim/kill you. It might be better for a third party who benefits from the information remaining secret, but not for the person unable to divulge it.
But thinking you're safe because the attackers will read, understand, and believe your claims of uncompromisable cryptographic security is dangerously naive.
Ah okay, I get what you mean now. I thought your comment was suggesting he actually can access the information.
I still believe, which might indeed be naive, that this is the best way. It results in a failed mission lowering the risks for others and if applied for all theses services (again naive), in a general understanding.
[dead]
When the weakest link between the criminal and the cryptocurrency is a single person (the holder himself in this instance), that person alone would need to withstand all attacks and “rubber hose cryptanalysis”.
The most effective protection is a combination of discretion, strong security practices, and advanced wallet configurations like multisig and passphrase protection.
You could store passphrases in a hardware wallet in a bank vault in a small European country.
> You could store passphrases in a hardware wallet in a bank vault in a small European country.
A little bit of irony here having to store your crypto related stuff at a bank to keep it safe.
And in the "socialist" Big Government over-regulated hellscape of Europe no less.
I would have thought one of those libertarian seasteads or enclaves would be axiomatically the best place for such things?
Yes, ironic. But, of course, nothing in this attack has anything to do with blockchain or crypto per se. They could have been torturing someone for the password with access to the bank's old school accounts or safe deposit box.
Not all bank vaults are in banks, here's the basement of a prog rock musician and his wife's house (a former bank(?)) .. https://www.youtube.com/watch?v=CM6iqwcyC1A
Physical security for digital credentials is the main point here, that doesn't always imply a regular bank, many modern banks lack the bank vaults of yore in any case.
Tangentially, avoid showing up unannounced at grandparents house: https://www.youtube.com/watch?v=oZZmFG07OVs
That won’t stop you from being tortured. You need to make sure nobody knows you have cryptocurrency
Hard to do when they’re potentially getting info from exchanges.
NYC catching up to Paris - https://arstechnica.com/security/2025/05/we-have-reached-the...
Stay safe out there.
Personal and physical security for founders, operators, and investors
[0] https://a16zcrypto.com/posts/article/personal-physical-secur...
Pretty rich coming from a16z, someone who famously rug pulled Solana investors.
Maybe there should be a version for investors to stay safe from a16z also
What’s the back story behind this?
There was an article in the Atlantic about this (https://www.theatlantic.com/ideas/archive/2025/05/extreme-pe...) mentioning crypto founders and whales who go to quite extraordinary lengths to keep their home addresses and other information private.
Had Satoshi known the impact his innovation would have had on the world, all said and done, I bet he would have chosen to keep it under covers.
The problem is not the crypto, that kind of things develop is happening for everyone easily if you are known to be rich.
The real problem is that developed countries that used to be safe enough are becoming as unsafe a mexico.
People have been kidnapping other people to force them to give up their valuables for millennia. It's far from a new or unique thing in this context.
True, but crypto is easier to launder. I feel safer with my money at a brokerage or a bank.
Normal banks can also recall transactions.
To some extent. Wire fraud happens pretty often, and after a day or so the money's usually unrecoverable after going through several foreign countries. Home real estate and B2B transactions have been particular targets.
> Inside the home, the police found Polaroid pictures showing the man bound and being assaulted, the law enforcement official said.
... Why on earth would you document this?
> Two butlers who worked at the home were also present and agreed on Friday to be interviewed by the police, the official said.
... Why on earth would you do this in a place where you weren't the only person present?! (Also, butlers, wtf?)
I suppose, much like the crypto people are slowly rediscovering why the modern financial system is as it is, maybe they're also figuring out how to do crimes by trial and error.
Technology isn't even a cool field anymore, the major innovations (crypto, blockchain, AI) have such a film of sliminess around them. You have to ignore or be ignorant of the fact that they're going to be used for scams and bullshit more than for good.
AI is slimy? Please elaborate.
> the major innovations
You mean the overhyped extremely niche technologies?
The idea that a technology that challenges Google search, and digital money are ‘niche’ is… odd.
AI is not niche. Blockchain ledgers are because centralized ledgers are cheaper, faster, and controllable by law; which is what most people want if they spend a few seconds thinking about it.
This is the typical HN 2015 crypto knowledge. It was accurate a decade ago but isn’t any more.
- Centralised ledgers are multiple orders of magnitude more expensive (2.5% to 6%, a typical blue and white square checkout is 3.5%) versus something like $0.000025 on the most active blockchain)
- At their best (2-3 second confirmation) as fast as current gen blockchain networks and an order of magnitude slower than next generation (150 milliseconds block time so expected subsecond confirmations).
- Tokens have techniques like permanent delegate for OFAC compliance.
This isn’t meant to be a personal attack, it’s just that this view of crypto is akin to saying that ‘AI is customer service chatbots that don’t work’ - correct ten years ago but not anymore.
Axiom, YC W25 is the fastest growing company in YC history hitting 100 million in revenue in five months.
You're comparing different things to try to prove something that is obviously wrong to anyone who spends a few seconds thinking about it.
> Centralised ledgers are multiple orders of magnitude more expensive (2.5% to 6%, a typical blue and white square checkout is 3.5%) versus something like $0.000025 on the most active blockchain)
I was comparing cost of recording the transaction. Think for 2 seconds. Obviously, a centralized ledger is going to be cheaper. You are comparing the cost for completing a transaction on one side with the cost of completing a transaction plus fraud fraud mitigation, chargebacks, etc. on the other.
> At their best (2-3 second confirmation) as fast as current gen blockchain networks and an order of magnitude slower than next generation (150 milliseconds block time so expected subsecond confirmations).
Same mistake. Think for two seconds. Obviously, the speed of recording a transaction on a centralized ledger is going to be faster.
Whatever you build on a blockchain ledger you can build faster and cheaper on a centralized ledger.
People fooled by crypto grifters don't have enough economics education to understand "ceteris paribus" let alone everything that comes after in an introductory course.
I’d like to start by saying “think for two seconds” is not a respectful way to communicate.
Do I need fraud mitigation and insurance to buy a coffee or groceries?
Regardless of the capabilities of centralised networks when you last bought something using a Visa card was it hundreds of milliseconds or was it two or three seconds to confirm?
> People fooled by crypto grifters don't have enough economics education
That’s a very broad statement about a lot of people highly regarded in traditional finance.
This story is unreal.
Great job score one for crypto holders who plan on not revealing their key under torture.
This is said to happen in Russia all the time, except the police never intervene and the bodies are just incinerated once the keys are tortured out.
Theres alot of really rich crypto people in nyc that are up to no good.
"Brute force attack"?
Of course there's an XKCD about this: https://xkcd.com/538/
Man Charged with Kidnapping and Torturing Crypto Investor for Weeks
considering that the crypto investor was a man and assuming that the man acquired the wallet he was tortured for by investing in crypto.
This would have been a much more accurate phrasing.
Bring back the penny. A bag of them can be used to stop an attacker.
> Bring back the penny. A bag of them can be used to stop an attacker.
You'll just have to use a sock fulla nickels now I guess ... :shrug:
If the title read 'human charged with kidnapping a d torturing a man' instead does that mean all humans are bad? I fail to see the linkage here
The whole point of the kidnapping and torture was to steal bit coin cryptocurrency.
Of course it's material to the story. It'd be conpletely artificial to pretend otherwise.