Here’s how to keep your crypto safe – Cointelegraph Magazine
“When the mafia kidnapped me, I had the choice to pay the ransom in either fiat money or Bitcoin. I did not hesitate before choosing the latter. Had I picked the first option, the criminals would have held me in a dark, damp cell for days in the Pacific Islands until the funds went through KYC, identity check, or, God forbid, the bank placed a hold on the funds. But after I paid, I was let go instantly. Who knew the network’s 10-minute transaction time and cross-border anonymity could be such a lifesaver?”
— Dr. Anon
According to a recent report compiled by Chainalysis, the intersection between cryptocurrency and crime has grown to become a $14 billion industry in 2021. Regrettably, societies worldwide are far from perfect, and the rapid rise in the market capitalization of digital currencies has led to an explosion of crime targeting blockchain enthusiasts. The good news is that the money lost in criminal activities as a percentage of crypto’s overall market cap is actually going down.
While there is a wide range of variance in tactics, the common theme is the exploitation of individuals’ naivety and blind trust in the legitimacy of the crypto services they sign up for. The first step toward compounding gains with crypto investments is to be super diligent and to avoid losing your vigilance.
We’ve spoken to three experts to get their advice on protecting one’s hard-earned capital. First up is Dr. Anon, a Cointelegraph staff member, who, long before joining the firm, was targeted by the mafia out in the Pacific Islands for his expertise in crypto (as you may have gathered, his first security tip is to remain anonymous online to avoid letting bad guys know you even have crypto). Dr Anon is frequently abroad for work and had to think quickly to get out of quite a few dangerous situations. He explains why it’s essential to keep a low profile.
Don’t post online about your success in crypto
Dr. Anon: In many parts of the world, people remain underexposed to crypto. Their only insight comes from sensational media stories of individuals getting rich off an early investment in Bitcoin or a lucky bet on Shiba Inu. When you travel to certain countries and mention that you work/invest in crypto, the locals’ first impression about you immediately switches to that of “millionaire” or “billionaire.” It will make you far more susceptible to crimes such as robberies or kidnappings. Unless it’s someone you trust, make up a cover story about what you are doing.
In addition, some investors are very emotional about the state of affairs of their favorite coins, or are downright zealous. Be careful about posting criticism, strong negative opinions, or factual information about certain coins on social media if you have a public profile. Some blockchain fanatics could retaliate by doxxing you — posting your phone number, addresses, spouses name, etc., for a broad (possibly crazed) audience. If you have to say something deeply controversial on the internet, keep yourself anonymous.
How to protect yourself from a $5 wrench attack
Dr. Anon: Long story short, a $5 wrench attack is when someone finds out you have a lot of crypto and physically attacks or threatens you and coerces you into giving up your private keys. Very few of these attacks happen
impromptu; that is, they are highly sophisticated, carried out by “professional,” organized criminals. It’s a “your money, or your life” situation.
Suppose you became a target of kidnapping for crypto ransom. In that case, chances are the perpetrators have already scanned your LinkedIn profile, Twitter accounts, Crunchbase, public addresses listed on voter records, etc., and planned days, if not weeks, in advance to account for all the variables during the act, such as escape. The only way to access one’s private wallet is through the keys, so expect some pretty rough action if one refuses to hand them over.
That said, one can significantly limit their losses by having a “decoy” crypto wallet. In other words, don’t put all eggs in one basket. One strategy is to put, say, a small percentage of one’s crypto net worth into a separate hard wallet. Then, if a robbery, kidnapping, etc., were to occur, simply hand it over and call the police afterward. It’s a smaller loss than otherwise, and no amount of money is worth the risk of getting tortured or killed for refusing to pay.
Pulling the rug from under you
Personal security aside, the risks facing crypto investors regarding DeFi rug pulls, hacks, phishing scams, etc., are significant. In fact, Chainalysis estimates $2.8 billion worth of DeFi rug pulls took place in 2021. Cointelegraph reached out to Hank Schless, senior manager of security solutions at Lookout, for his insight on crypto cybersecurity.
How to spot a potential DeFi rug pull
Hank Schless: Rug pulls, which occur when a crypto developer [or outright scammer] abandons the project and runs away with any investor funds, are unfortunately fairly common. Often, you can spot a potential rug pull by looking at how that particular crypto is traded. For example, if a smaller number of wallets hold a massive percentage of the currency, or if its liquidity is abnormally low, odds are it could be a rug pull scheme.
Also, if the developer chooses to remain anonymous or the project seemingly appeared out of nowhere, this could be because the developer is malicious and trying to execute a rug pull as a quick money-grab scheme.
Common traits of exchange hacks and protocol security breaches
Hank Schless: Cryptocurrency platforms make for appetizing targets for a handful of reasons — many of which align with other financial cyber crimes, such as targeting banks and their customers.
Crypto platforms themselves have a mountain of highly sensitive, personally identifiable information.
To register for most crypto platforms, individuals need to give their legal name, home address, date of birth (and the last four digits of their Social Security number in the United States). In addition, they need to link their account to a bank account and a debit card to make cash purchases of new crypto.
Cyber criminals can target employees of the crypto platforms with phishing attacks that intend to steal their corporate login credentials. With these credentials, the attacker can log into that employee’s account and move laterally around the infrastructure until they find valuable data to exfiltrate, encrypt for a ransomware attack, or funnel customer funds out to their crypto wallet.
The No. 1 thing to keep your crypto safe
Hank Schless: The number one thing, which is not a novel tactic, is never sharing your login information with anyone. As a personal investor, you rely on trading platforms to keep your data safe, but to keep attackers from gaining access to your personal funds, you should never interact with a link or email that asks for your login. If you receive a text message or email that claims to be from the platform you use, contact the platform directly and validate the communication.
Keep your funds in cold storage — but even that is not completely secure
Hank Schless: No piece of hardware or software is entirely invulnerable. There are inevitable flaws in code and manufacturing, which could lead to critical vulnerabilities, but with enough time and resources, anything can be hacked. In the case of cold wallets, the most significant risk occurs when a malicious actor gets physical access to a wallet and can take the time to try to guess its PIN. That being said, it’s still far more secure to store crypto on a cold wallet than anywhere else.
Social engineering and time pressures are ways to exploit the desire to get rich
Hank Schless: When targeting consumers, attackers know that crypto is relatively new and uncharted territory for most people. This may cause consumers to exercise less caution or have difficulty spotting red flags that indicate mal-intent. However, the recent boom has driven high interest in crypto and engagement with these platforms as people hope to make money from this alternative form of investing.
There’s also a particular type of individual who chooses to invest in cryptocurrencies, especially less established ones, to take on higher risk for potentially higher reward. This opens the door for aggressive social engineering and [the creation of] fake apps that either look real or promise higher returns and more real-time data.
Attackers will always try to create high-pressure situations that cause you to not think about what’s happening. It’s essential to take a step back, evaluate the situation, and find different ways to validate what’s happening.
If you’re ever contacted in this way, and the individual asks you to download an app or click a link, simply don’t. If this does happen, it’s important to ensure you’re protected by having a mobile security app on your device that will block connections to phishing sites and alert you if you download a malicious app.
A word on tax
And lastly, while pretty much no one in the crypto world is fond of taxes, almost all types of crypto acquisitions/dispositions are taxable events.
Despite the “Wild West” regulatory environment, crypto investors can face severe penalties should they be found to be non-compliant with their tax obligations — so, keeping your tax affairs in order is essential to protect your hard earned funds.
In an interview with Cointelegraph, Andrew Henderson, an international tax attorney and founder of the Nomad Capitalist tax consulting firm, discussed the nature of crypto tax transactions and the consequences for not abiding by the law.
Is there any way to legally avoid the tax bill?
Andrew Henderson: You’re paying on pretty much everything acquisition/disposition related; it’s like
with fiat money — if you live in the U.S. and get paid in euros, or even crypto, it doesn’t mean it’s not taxable. Other examples, such as staking or getting rewards from a DeFi pool — that’s income and taxable as well.
If you’re a U.S. person, or a green card holder or a citizen, anywhere in the world, you have to report your crypto income to the IRS [Internal Revenue Service] each year.
Suppose you live in a residential tax country, like Germany, Canada, Australia, or pretty much every Western country other than the U.S. In that case, that is where they tax you based on your residence, and they tax you based on your worldwide income.
So, if you live in the country and stash all your crypto in an account in Belize, that doesn’t solve the problem; you will be taxed locally. The goal of having no legal tax obligations depends on whether you are a U.S. person and giving up citizenship, or whether you’re simply moving out of your country and following the criteria to no longer be a taxpayer there, for citizens of countries with residential taxation, such as Canada, EU members, Australia, Japan, South Korea, etc.
Affluent investors can move to low-tax countries. Is there a trade-off?
Andrew Henderson: I’m a person who believes in the culture of a country, and obviously, El Salvador is trying to move in the right direction, at least on that crypto front. But that said, I’ve been to El Salvador; I found it to be a highly unworkable country. San Salvador was one of the few places in the world where I felt very unsafe. So, I do think there’s a danger.
In a country like Estonia, when they announced their digital nomad visa, everyone thought that meant they would get citizenship, and everyone could get a bank account, and there was zero tax. No, no, they have tax; you pay it later. So, [Estonia’s residency visa] was not nearly as great as what it was touted for.
The Cayman Islands, the UAE — [there are] plenty of territorial taxation only countries. Tax-free, tax-exempt — now you can move to Portugal, you can move to Italy, you can move to Greece, you can move to Malta, you can move to Ireland. These countries all have tax exemptions for some time, at least. A lot of people have moved to Puerto Rico to reduce the taxes. But Puerto Rico responded [by] raising the tax rate from 0% to 12.5%. So, anyway, you don’t need to go to places if you are not comfortable there; alternatives exist.
Nomad Capitalist Live is the premier gathering of global citizens. Join us for four powerful days of “what’s working now” about creating a Plan B, second citizenship, offshore tax strategies, international investing, and the Nomad Capitalist Lifestyle.https://t.co/iqzErGYhQp
— Nomad Capitalist (@nomadcapitalist) January 14, 2022
The consequences of evading crypto taxes
Andrew Henderson: Some people who got stuck before they came to me flew too close to the sun. But, as a case study, there’s one thing they’re efficient at over in Spain — they’re efficient at finding you, and will get your money. I mean, look at people like Wesley Snipes.
You’re filing a tax return under oath, so if you omit or misrepresent, you could go to jail. You could have your passport taken away — citizenship or passport. Good luck getting a residence permit anywhere in the world if that happens. Maybe El Salvador would take you; some countries don’t require clean criminal records.
Even if you don’t pay and you haven’t been caught, it could come and bite you down the line. For example, if you want to move to Saint Lucia [island nation in the Caribbean], one of the questions is: Are you in compliance with all your tax obligations? If you say yes, and later it turns out you’re not, they have every right to denaturalize you; you could become stateless. Or, at the very least, you paid $100,000, and you got nothing because you broke the contract. The consequences are far-reaching.
To sum up: Small tricks can have a big payoff
We all love to express our successes in the crypto space, but remember that too much attention could potentially expose oneself to the risk of a $5 wrench attack or doxxing. Therefore, if you have a crypto fortune, keep as much of your public information hidden as possible, have a decoy wallet in case one becomes a target of crime, and have a cover identity when in not-so-affluent countries.
Never share your login information with anyone, and keep your funds stored in a cold wallet. Specifically, be wary of clicking on links in apps like Discord that lead to login pages, as such programs have repeatedly become the target of phishing in the past. Always remember the official site link and cross-check that with the link you are clicking, even if the link is posted by an admin, as the latter’s account is still vulnerable to being compromised.
Remember to keep accurate records of your taxable transactions — it makes life a lot easier when it comes to filing returns. Citizens of residential taxation countries have legal means of avoiding capital gains or income taxes on crypto acquisition/dispositions, such as moving abroad. It’s much better to pursue such methods and have one’s mind at ease rather than evade taxes and risk jail time.
Stay safe out there, frens.