Security: How Cryptocurrency Results in Violent Crime and How to Protect Yourself if Targeted

A must read for anyone holding, or planning to hold, sizable amounts of "crypto"

If you have been following the news, and we don’t blame you if you haven’t, you’ll know that there are growing numbers of people being assaulted, even abducted and forced at gun point, to gain access to their crypto.

In this article, we’ll address some considerations of how and why this happens, and what you can do to prepare yourself to hopefully survive and such assault and not lose all your cryptocurrency assets.

We’ll break this down into several related issues, let’s get started!

How and Why

If you have a lot of money in your bank account, it is not so easy for criminals to target you and abduct you. Considerable resources are needed to pull off such a feat: withdrawing your money undetected and transferring it into cash isn’t a walk in the park for any would-be criminals.

The story is very different with cryptocurrency!

Let’s say you have a few thousand dollars in cryptocurrency. This is stored in the blockchain where it is very secure, and only you have access to it, usually via your wallet app such as TonSafe. But herein lies the danger!

First, If anyone gets hold of your wallet address (for example, if you use a privacy-invasive wallet that gathers data matching your identity to your wallet address, or even anyone who uses such a wallet will compromise you if they ever make any transactions with you and save your name to their contacts), or you purchase something or send or receive money from anyone who actually knows who you are, then your wallet address is known.

Next, anyone can see exactly how much funds you have. Several thousand TON? Great, a good target! Now, if your location is known from your home or work address or anywhere else that the criminal gang can locate you, their job is relatively easy, as we have seen in several news items around the world.

They grab you and/or your loved ones, and hold you for a very short while and force you to open your phone and your TonSafe and to transfer all your funds to their wallet from where they can move it through various other addresses and exchanges, and convert it to cash or assets.

This is basically why this is happening a lot: it is not difficult to find out who is using which wallet, once you start using it. And if your identity is known, you are a potential target, especially since your balance is known to anyone.

So what to do?

Like everything to do with security there is some inconvenience. The more convenient something is, the less secure. So, without further ado:

1. If you have a lot of crypto, let us say you are storing it in TON which is a secure blockchain and a more stable asset than most other popular cryptocurrencies, and you are using the safest TON wallet, TonSafe.

2. Move most of the assets that you don’t need on a daily basis either into a cold wallet (this is not so easy, but if you truly have a lot of funds you should look into this option), or at least, a different TonSafe address. Do not use a different wallet such as those (which spy on your personal data), but make sure you have your 24 secret words, or a second phone, and log out of TonSafe, then create a new wallet using TonSafe. Never ever use the same 24 secret words with different wallets as you are then increasing your risk if there is anything insecure about a different wallet. Move the bulk of your assets into that wallet address by sending it from your TonSafe to the newly created address.

3. If anyone now forces you to hand over your crypto, you can do so, because you have a smaller amount which you use day to day, in your “actively used” TonSafe. You can pretend to put up some resistance, but hand over your phone and let them take that money, if this happens!

4. Do not use one of those gimmicky TON wallets which allow you to switch between different wallet addresses, because all these will be logged in and accessible: convenient yes, but very insecure if such a situation arises!

5. Always transfer funds form your logged-out “savings” TonSafe to your actively used TonSafe. Never ever trade with anyone from your “savings” wallet. In fact, if you have a Mac computer or Linux, you can use Toncoin wallet as your savings wallet, never logging in with TonSafe, and never using it to login to your TonSafe address. This makes it more convenient to send money to or from your “savings” wallet, at home on a secure PC.

6. Yes anyone can see money going to and from the “fat savings” wallet from your TonSafe address but they have no way to know that it belongs to you and is not for some purchase or investment, if the “savings” wallet is never used for any transactions to third parties. Again, do not use an insecure or privacy-invasive wallet, use Toncoin for convenience: it is a version 3 wallet meaning it lacks features, but we can consider it secure.

7. Whenever you are traveling, if you are carrying your 24 secret words with you, for your “savings” wallet, do not write down all 24 words in one place. Split them up into 2 or 3 lists, in different parts of your luggage. Never ever store 24 secret words on a phone or computer file, nor in the cloud, nor in a screen shot. Always write them down physically.

8. For back up, split up all your wallet passwords and give them to several trusted people so that each does not have all the passwords, so that if you somehow lost your own written copy, you can call on your friends, even over the phone, to read you the portions they have.

9. When traveling or when there is more chance of you being targeted, always log out of your TonSafe: this way if you are forced, it is more believable for you to grab your passwords and log in to your active TonSafe, than simply showing the criminals your already-logged in account. It show them that this must be your important account if you take so much care to log out.

What about Business Accounts?

Let’s say you have a business and take payments in TON. This account is likely to have more funds in it, but you only use it when on the business premises.

Let’s say you want to be really secure here, as it is known this business is yours, and that there are many funds in the wallet. Here is what you can do:

1. You should not be logged in to any such business account on your phone when not needing to send funds: and when finished with business, log back out. TonSafe is also ideal for this, and could be on a separate phone or phones used for the business or you could use Toncoin wallet on a PC.

2. The passwords for the business account should be split up between different staff members, so that whenever a transaction needs to be made at least 2, ideally 3 or more people need to be present. Each enters their 12 or 8 or 6 passwords, as the case may be, and never does anyone have all of the passwords and goes away after entering their passwords. The manager is the one who enters the last 12, 8 or 6 passwords, as he or she will be able to see all of them, but does not have them ever in possession.

3. If anyone from the business, even you as owner, is forced, you can then only hand over the passwords you have, and explain to the criminals that the others are kept by other members of staff.

Here are some other articles that are relevant to the topic of TON Safety:

Important: Self Custody Test

Hackers could have full access (!) to everything on the phones of WhatsApp users.

What is a seed phrase?

Keeping Your TON Cryptocurrency Safe