| Security

Productively Paranoid: A Personal Security Guide for the Crypto Industry (Part 1)

You already know that security is priority #1 at Kraken. We’ve talked at length about the many things we do here to stay paranoid in productive ways. This three-part guide will help you to do the same.

Unproductive paranoia would be putting all of your assets in cold storage, burying them in an underground bunker, wrapping your home in tinfoil and completely disconnecting from the internet. You’ll finally be secure, but it’s going to be hard to live your life.

Productive paranoia is a balancing act: It’s impossible to eliminate all of the risks, but there are simple ways to greatly reduce your chances of becoming a victim. Being “secure” is not just about implementing strong passwords or 2FA, it’s a mindset and for some a (gradual) lifestyle change. To start, let’s look at how to minimize the risk of an attacker finding you in the first place.

Part 1 – Take the Target Off Your Back.

Talking about crypto on social media? Might as well be a bullseye. Criminals use social media sites to find their victims. Distance yourself from crypto on public forums as much as you can.

While it’s tempting to revel in your market success and share it online, this creates unnecessary risk. If your online personas have anything to do with who you really are, the mere fact that you list Bitcoin or crypto in your profile makes you a target. We know from our intelligence activities using honeypot profiles that groups actively lurk in social media and chat rooms compiling profiles on the individuals and then target them with an attack.

The same goes for traditional media. It’s really exciting to be approached by reporters and to be quoted in an article. It’s also great to help them with stories about the crypto space. Afterall, that’s one of the best ways to help crypto go mainstream. But, please be mindful about what you say so you don’t become a target. Instead of talking about the lambos and luxury items you’ve acquired, work with reporters to tell them about why you’re passionate about the industry. Take the opportunity to educate readers on how bitcoin can change the world.

Unless you are in a position within a company or project that is publicly facing – where disclosure of your role and participation is required for you to do your job – we highly recommend that you do not make this fact public.

Think very carefully before doing so. Other than the emotional boost (which is something big, we admit), what benefit will it bring you to post all over social media that you own or trade cryptocurrency? What benefit will it bring you to have your family and friends telling their friends that you are “into cryptocurrency” and “have a ton of bitcoin”?

A good rule of thumb is that you can tell your spouse or significant other, your children, your parents and your best friend but include in that conversation that for their safety and for your own personal security, they should not tell anyone about what you do or talk about your possession of cryptocurrency with anyone.

Don’t give criminals the benefit of being able to locate you as a victim by just monitoring social media hashtags. These threats are real and we have seen and heard from many where the root cause of their exposure and eventual targeting by criminal groups all started with a tweet.

Productive paranoia doesn’t begin and end with your digital persona – it also extends into the physical world. Think carefully about what you may inadvertently disclose that would make yourself or someone you know a target. We use the word “inadvertently” here because a public discussion could include a normal social conversation in a familiar setting with familiar people. These situations happen when you let your guard down and don’t fully analyze the world around you for potential threats. Loose lips sink ships. The conversations you have and the information you disclose both professionally and personally are things to be mindful about at all times.

Consider the following to stay vigilant:

  1. Public places take many forms: hallways, elevators, restaurants/bars, airplanes, taxis and ride shares.
  2. Be aware of your surroundings and mindful that someone may be listening to your conversation or even covertly recording it.
  3. Never mention cryptocurrency, your involvement in the community or the amount you have in your physical possession or even in your cold wallets.
  4. You should not consider a hotel room to be a private environment, there are many instances of rooms being bugged, especially in business districts globally.
  5. The physical location of private community meetups or industry business meetings should be kept secret and never disclosed to anyone other than the intended audience.
  6. When traveling, never live share your physical location – whether in videos or photos. You can certainly share your experiences with your friends, family members and followers but do this once you get back from your trip or have left that geographic location. There is nothing quite like being considered a target by a criminal group and then posting to Instagram you will be staying at a specific resort or hotel for the next three weeks.

Next up, we’ll dive deeper into your digital life and provide guidance on how to better secure that aspect of your world. Until then, stay frosty.