While there is a known exploit that can be used against Trezor devices, it requires a fair amount of sophistication to pull off.

⚠️ REMEMBER: the goal is not to make every component of your key setup perfectly secure against an adversary with unlimited resources. The goal is to make it difficult enough that no attacker can compromise a sufficient threshold of your keys quickly enough that nobody notices until it’s too late to react.

Digital security

If a physical attacker manages to start collecting your private keys then you can’t take those keys back, but by slowing down the attack you can create a window of time in which you can move your funds to a new wallet away from the attacker’s control.

5 dollar wrench attack

There are several issues with duress wallets.

  • You are speculating that the amount in your decoy wallet is plausibly large enough to satisfy an attacker whose knowledge and motivations you have know way of knowing.
  • You are speculating about the attacker’s propensity for violence. For all you know, their plan all along may be to leave no witnesses alive.
  • How far do you take the ruse with the decoy wallet? Do you transact regularly from it so that it looks like a wallet that is actually used rather than a dormant decoy? Will an attacker be sophisticated enough to be suspicious of a decoy wallet with no activity?
  • You can’t realistically test how you will react in such a situation.
  • We’ve yet to hear of a single case in which a victim successfully managed to get an attacker to go away by giving up a decoy wallet.

5 dollar wrench attack xkcd

Want de kans is groot dat je je vuurwapen niet overal mee naartoe kunt nemen.

Alternatief: neem ​​pepperspray mee

5. Stel een dummy-portemonnee in

Als je bijvoorbeeld voor € 100.000 aan cryptocurrencies bezit, zou het geen kwaad om een ​​aparte portemonnee te maken met een aparte set privésleutels en er honderd euro in op te slaan. Op die manier zou je, als je ooit het slachtoffer zou zijn van de moersleutelaanval van $ 5, er mogelijk mee weg kunnen komen door een goed verzonnen alibi te maken, zoals hoe je je munten weggokte en nu heb je alleen nog maar honderd euro aan munten ; zoiets.

You can probably talk about bitcoin with friends occasionally, but as much as possible prevent unnecessarily telling people about you buying bitcoin, or you owning a certain number of bitcoins, you earning big bucks on your recent successful trade, or something along those lines. If such sensitive information about your finances reaches the wrong people, you might be in trouble. Boasting about your cryptocurrency holdings is just adding unnecessary risk to yourself, or worse, possibly even to your family and friends.

If someone you don’t know or don’t know well asks you about bitcoin or cryptocurrencies, the best answer would probably be: “What’s bitcoin? Never heard of it“.
Or something along those lines.


Maar wat is het en hoe bescherm ik mezelf ertegen?

Wat is een moersleutelaanval van $ 5?

Kortom, als iemand ontdekt dat je een aanzienlijk aantal crypto coins bezit, kunnen ze je rechtstreeks fysiek aanvallen , of je dreigen de privésleutels (code/password) van je portemonnee te overhandigen, of je dreigen het geld naar hen te sturen met behulp van een dodelijk wapen of een basisgereedschap dat voor het toebrengen van letsel kan worden gebruikt, zoals een keukenmes, een hamer, een schroevendraaier of een goedkope en roestige moersleutel van $ 5.

Hoe veilig je geld ook is in uw hardwareportemonnee of op een van uw apparaten, geen enkele computerbeveiliging kan u van dit soort aanvallen behoeden.

Dus, hoe bescherm je jezelf ertegen?


5 dollar wrench attack2

Hou het privé

Dezelfde reden waarom het een heel slecht idee zou zijn om iedereen te vertellen dat je de loterij hebt gewonnen.

Je kunt waarschijnlijk af en toe met vrienden over bitcoin praten, maar voorkom zoveel mogelijk dat je mensen onnodig vertelt dat je bitcoin koopt, of dat je een bepaald aantal bitcoins bezit, dat je veel geld verdient met je recente succesvolle handel, of iets in die richting. Als dergelijke gevoelige informatie over jouw financiën de verkeerde mensen bereikt, dan kan je flink in de problemen komen. Opscheppen over je cryptocurrency-bezit is gewoon een onnodig risico voor jezelf, of erger nog, mogelijk zelfs voor je familie en vrienden.

Als iemand die je niet of niet goed kent je naar bitcoin of cryptocurrencies vraagt, zou het beste antwoord waarschijnlijk zijn: “ Wat is bitcoin? Nooit van gehoord “.

5 dollar wrench attacked

I discussed the trade-offs in this recent post.

Time locking doesn’t give you the same protections that slowing down an attacker does. As stated earlier, the goal should be for you to be able to spend your coins and move them to a new setup before the attacker is able to spend them – it’s a race for control.

However, consider a scenario in which an attacker is compromising your keys. Even if you know your setup is being attacked, you can’t move your coins to a new key set until Date X.
You’ve effectively given the attacker until Date X to continue their attack and collect more keys.

5 dollar wrench attackers

But, what is it and how do I protect myself from it?

What is a $5 Wrench Attack?

Basically, if someone finds out that you own a significant amount of coins, they can straight-off physically attack you, or threaten you to hand over your wallet’s private keys, or threaten you to send over the funds to them by using a deadly weapon or a basic tool that can be used for harm like a kitchen knife, a hammer, a screwdriver, or a cheap and rusty $5 wrench.

No matter how secure your funds are in your hardware wallet or on any of your devices, no computer security can save you from this type of attack.

xkcd: Security

So, how do you protect yourself from it?

1. Keep it private

The same reason why it would be a very bad idea to tell everyone that you won the lottery.

Retrieved August 29, 2009.

  • ^Hoffman, Russell D. (February 2, 1996). “Interview with author of PGP (Pretty Good Privacy)”. High Tech Today. Retrieved August 29, 2009.
  • ^Percival, Colin (May 13, 2010). “Everything you need to know about cryptography in 1 hour (conference slides)”(PDF). Retrieved December 29, 2011.
  • ^Ranum, Marcus J.

    ( October 16, 1990). “Re: Cryptography and the Law…”Newsgroup: sci.crypt. Usenet: [email protected] Retrieved October 11, 2013.

  • ^“The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem”. SANS. Retrieved 6 June 2013.
  • ^ ab“The RIP Act”.
    The Guardian. London. October 25, 2001.
  • ^ ab“Regulation of Investigatory Powers Bill; in Session 1999-2000, Internet Publications, Other Bills before Parliament”.
  • May 2015 (UTC) It says in the comic that the ‘crypto nerd’ is a ‘him’: “His laptop is encrypted”. – 15:45, 5 July 2020 (UTC)

    Same concept as 416: Zealous Autoconfig. Shanek (talk) 12:31, 1 May 2015 (UTC)

    What would happen if the owner of the computer used deniable cryptography with some decoy message? — 08:35, 15 July 2015 (UTC)

    As pointed out by the wikipedia article, deniable cryptography might either fool the attackers, or make them keep beating you even after you give them the real password. 22:48, 13 October 2015 (UTC)

    Surely if he’s encrypting his PC, he should be using something like 256-bit AES/Rijndael, as it’s more secure? Walale12 (talk) 10:11, 24 July 2015 (UTC)

    I doubt the crypto “nerd”‘s nerdiness. RSA is not generally used for disk encryption.

    Similar Posts:

    Leave a comment