if you from your house or especially from your phone if you are able to move substantial amounts
of assets quickly just in one location then that means if someone points at you then they can force
you to move those assets over to them or to you know one of their compatriots so that is like the
single point of failure that you want to avoid from a security perspective and the only way to
do that is jameson people don't know this well some people on the internet know but most of the
people here probably won't know you've deleted yourself off the internet and i think the reason
why you did it is because there's a physical security component um you were swatted at least
once that i know of maybe twice and uh for those that don't know swatting maybe you can describe
the experience of being swatted and kind of what led you to deleting yourself and kind of thinking
so much about security yeah only the one time swap me once shame on me don't let that happen again
uh you know basically this is a form of physical attack that it's very low risk for the attacker
because they're not putting themselves in any physical danger by doing it and it's really annoying
uh because for a very very low cost you know we're talking like tens of dollars if you have the right
skill set and you know uh which tools to use you can direct an insane amount of state-backed lethal force
at pretty much whatever target you want and so that's what happened to me uh one day i find myself
my entire 400 home suburban neighborhood barricaded at every entrance and exit dozens of cops uh swat team
with their mobile headquarter command unit down the street and um it was you know it was an overwhelming
display of force and because that's that's what swat does uh you basically use the correct trigger words
and in my case it was uh you know shot people had hostages had uh explosives and i was going to
hurt more people if somebody just so people understand somebody called the police in your area
and said at this address all these things have happened yeah yeah so you know swatting started out
in the video game community but essentially what it is is someone finds your home address and then they
pose as you or as someone who knows you and says you know there's an incident an active shooter incident
happening at this address and this is the person who's doing it and of course in my case uh i fit the
profile because i'm well known to have more guns than i can count so uh it was plausible i suppose that i
could have done that and um you know thankfully the incident ended well um it was actually a bit of luck
because i had posted something to twitter when i was not at home and i was at the gym at the time
and so the attacker thought that i had just rolled out of bed and so i actually ended up running into the
police barricade coming back to my house if if that one little thing had been different and i had
actually been home at the time we i my encounter with law enforcement might have ended very differently
so obviously it's scary and you go on this whole journey of i got to figure out what information is
about me out there on the internet i need to kind of delete myself and really start thinking about
physical security walk us through maybe some of the steps that you take that you took and what i would
love to do is kind of take us on a journey from as far external to you you know security wise all the
way to what casa is doing with the actual security of bitcoin but you first have to start with can people
find you on the internet can they locate things like walk us through that journey right and i mean i still
have an internet presence right and i'm still here i took the difficult path the the easiest and smartest
thing for me to do would have been to delete all of my accounts stop showing up to stuff like this
stop putting my face and my name out there because that's how you get targeted um it's a very long
story that we won't go into because you can read it all on my blog but i did end up finding the guy
after about five years and spending a lot of money i did find the guy he was some 15 year old kid living
in his mother's basement and um it was you know it was it was a happy ending in the sense that nobody got
hurt but um in order to prevent someone from doing that again because like i said 15 year old kid
basically you know fell in with the wrong crowd had the right skill set they egged him on to do this
because of things that i was saying on twitter so that was what made me the target just being a public
figure and you you have a large enough audience there's inevitably going to be a few crackpots or a few
people who are willing to do things that might harm you and so if you're not willing to completely go
off the grid and you still want to be out there then you have to figure out how do i harden myself
how do i make it so that no one can actually target me and you know put this lethal force directed at me
and so that's the really hard thing um on on the bright side in america we have a number of legal
opportunities you know entities that we can set up to essentially obfuscate our uh publicly registered
property but this takes a lot of time effort like you have to find the right attorneys who have
expertise with structuring these things and that is only the beginning you know that is like the beginning
of probably at least a um five figure investment just to set it up going beyond that though is the
lifestyle change you have to never leak your address never associate it you know with your real name
and that is the hard thing you you're setting up like other phone numbers other post office box addresses
for receiving mail and and stuff like that and and basically in some cases lying uh you have to get
very comfortable with with just not telling the truth about associating your real name and address so
like you know i have an alias a pseudonym uh the people my neighbors you know where i actually live
don't know my real name and what i do they know the the cover story and that was probably the hardest
thing it took me like a couple of years to really get comfortable with that and not uh make mistakes
and um it becomes second nature and you know i think that it's it's still okay and a moral thing
to do and it's legal to do as long as you're not entering into like a legal contract or using this
misrepresentation to perpetrate some sort of fraud what what is your alias nice try
um we recently have seen a number of uh incidents around the world you document these on your twitter
account uh everything from what i think people think of as like the five dollar wrench attack where
uh somebody's hit over the head while traveling abroad somewhere all the way to uh the ledger co-founder
was recently kidnapped and uh there was kind of a ransom demanded um what are the things that you spend the
most time thinking about from a safety standpoint that if you were to sit down with you know folks
here one-on-one and say hey here's the three things that will have the biggest impact to keep you safe
well you know i deal with uh the security of keys and assets like i've been working on self-custody
products for over a decade now and i think that that's also what most people tend to veer towards is
like how do i set up my keys how do i set up uh you know a distributed vault uh so that i don't have a
single point of failure and essentially that's the only way to protect yourself from what we call a
wrench attack basically if someone takes you hostage if someone is threatening you you are under duress
then all of your security and authentication mechanisms become worthless because you are capable
of authenticating and bypassing you know whatever uh schemes you have set up so the short version is
like if you from your house or especially from your phone if you are able to move substantial amounts
of assets quickly just in one location then that means if someone points a gun at you then they can
force you to move those assets over to them or to you know one of their compatriots so that is like the
single point of failure that you want to avoid from a security perspective and the only way to do that
is to get those you know controls directly uh away from you and you know we recommend doing that by using
multi-signature setups basically having multiple keys distributed around physically and each of those
keys has its own set of diverse security protocols and a big part of this is just time um these type
of attackers if it's a wrench attack where they're actually coming and doing a home invasion or kidnapping
you or whatever they want to get in and out like they don't want to be holding you hostage for a really
long period of time because the longer they're doing that the more at risk they are of law enforcement
coming in and finding them so the the longer it takes and the harder it is to actually move you
know substantial portions of your digital assets the safer they're going to be but people should not
conflate this the safety of your digital assets with the safety of your physical person these are two
completely separate problems and um you know they're the physical security of your person is a very well
understood problem we have been dealing with this for all of human civilization uh and so there's there's
a lot of good resources out there for how to work on that but the thing that i try to impress upon people
because you know as you said there's some billionaires in the room i'm sure you know they have bodyguards
and security and stuff most of us are not at that level and we don't really want to be the best investment
that you can make is in your privacy and you should think of your privacy as the outermost layer of your
security you know security any security system should be a multi-layered system because you should expect
any given layer authentication your protocol whatever may be bypassed but the more layers you have the
harder it is it slows down the attacker and once again you know attackers want to get in and out as
quickly as possible and if you have that privacy layer if that privacy is strong you don't even
get targeted in the first place and so none of those layers of security are even going to get probed
when i think of the market today there's like individuals and i know that there's a lot of folks
that are trying to figure out custody solutions we've seen people say hey i'm just going to buy the
etf because i don't have to worry about keys there's people who use these third-party custodian
services and then there's people who use products like casa institutions are not going to allow
you know fund managers to walk around with the private keys in their pocket they're going to demand
whether it is qualified custodians or multi-sigs things like that so talk a little bit more about
the products that you guys are building because i do think that there's a friction point that you're
adding which will slow down these attackers but also there's just a pure security standpoint right
actually being able to even if you're not worried about somebody coming and kidnapping you or a home
invasion or something like that it's just a good protocol so that if you get hacked or your email is
compromised or something that could be not physical security but just kind of digital security
uh these products are actually pretty valuable for it
today's episode is brought to you by gemini the future is being built today and the future of
currency isn't dollars euros pounds or yen it's crypto and gemini thinks that's a great thing
because a future where money is decentralized inclusive and globally accessible that's a future
that we are anxious to be a part of gemini teamed up with futurists technologists and designers
like award-winning artist matt griffin known for his illustrations for dune to craft a vision of the future with crypto at its core
the creative theme go where dollars won't emphasizes exploration growth and the crypto market's limitless potential
whether it's going on that martian safari to capture an unforgettable photo of a herd of woolly mammoths
grazing the red planet or using bitcoin to pay for your lift pass to go strata skiing down the mountain peak of a breathtaking comet
whatever adventures we'll be living one thing is for sure in a future this fantastic the limits of traditional currency simply cannot keep up
financial innovation will usher in this new frontier and so go where dollars won't with gemini go check them out at gemini.com
slash go where dollars won't again go check it out at gemini.com slash go where dollars won't
today's episode is brought to you by polka dot polka dot offers secure scalable and decentralized blockchain technology
that perfectly aligns with the needs of innovative projects it was developed by gavin wood one of the co-founders of ethereum and the creator of solidity
polka dot aims to build an internet where users have full control over their data and their applications
polka dot offers tons of unique features a shared security model along with the new auction model and significant implementations like asic banking
given these characteristics it's easy to understand why polka dot is gaining more and more traction in the cryptocurrency world
some people even are talking about it as the aws of web 3
now companies such as mythical games astro network and over 50 other independent blockchains
with hundreds of applications already leveraged polka dot's technology to power their platforms
if you're looking for a reliable scalable and cutting-edge solution
polka dot seems to be the top choice for industry players
go check them out today at polka dot com talk a little bit more about the products that you guys are building
because i do think that there's a friction point that you're adding which will slow down these attackers
but also there's just a pure security standpoint right actually being able to even if you're not worried about
somebody coming and kidnapping you or a home invasion or something like that
it's just a good protocol so that if you get hacked or your email is compromised or something that could be not physical security but just kind of digital security
uh these products are actually pretty valuable for it but one thing that i will say about the etfs they do resolve that issue of the single point of failure where if there's no way to withdraw then of course if someone points a gun at you you can't move your assets over so an etf does solve that problem but you're making a big trade-off you are trading that off for all of the risks that come with third-party custody and if you understand
like bitcoin read the white paper then that's kind of the whole point of this whole industry this whole ecosystem
is to get rid of trusted third parties but you know people have the freedom if they want to use trusted third parties
um i just i try to implore people to understand that third-party custody is just somebody else's self-custody
self-custody so it has all of the same risks it's like the venn diagram is you you have all of the risks
self-custody and then third-party custody is outside of that the entire you know self-custody is inside
and then you have all the third-party risks the third-party risks basically being all of the employees
you know insider attack risks infrastructure risks um and even you know like nation-state risks like if
everybody puts their money in the same custodian it becomes a honeypot for any number of different attacks
when you're thinking about uh best practices so somebody uses the casa product they use multi-sig
all this stuff um who do i give the other keys to how do i think about the protocol for the treatment
of those keys that somebody else has right because i think that people are like oh multi-sig just this
great thing but it's kind of like you know if you go and you gave the keys to criminals
just collude against you so how do you think about selecting who holds the keys and what those protocols
look like yeah i mean this is why i would say our our advisory support is one of the more important
aspects of what we do at casa because multi-sig is not panacea it's not oh you just have multiple
keys and now you're automatically safe from everything i mean we've seen people who set up a multi-sig and
then kept all of their keys at their house that doesn't really protect you from anything i mean
if your house burns down that's a problem if you get a home invasion that's a problem um so this is why
it's a very personal issue um because everybody has uh you know different connections different
friends family maybe attorneys semi-trusted people that they might be uh willing to to act as key
holders and and and that's why thinking through all of these decisions is something that we can help out
with um it's certainly possible to set up you know multi-sig where it's only you um then you just have to
decide you know where are the other geographically dispersed locations where i put it and if you
don't have you know multiple houses or residences or offices that you can disperse them amongst uh
then you're probably going to be looking into various high security like safety deposit box type setups
and do you think that those safety deposit boxes and things like that are um okay if you've got the key
split or do you worry about um you know we've seen plenty of like civil for forfeiture and things
like that so kind of you know maybe peel back a little bit more and talk about some of the the nuances
of uh where you're putting those keys yeah i mean any given safety deposit box really any given person
or organization that might be storing a key for you you should assume could be compromised and so that's why
the the the true strength in a well-architected uh multi-key setup is diversity and it's diversity in
every possible vector whether it's diversity in the hardware that it's stored on the software and the
firmware the keys are stored on the geographic locations and the possible you know weather events
or natural disasters um the more diversity the better and the reason for that is that we have to assume
that things will go wrong we have to assume that humans will make mistakes and the more differences
there are between the different uh security protocols that are protecting each of your keys the more likely
it is that any given type of failure will only affect one of them and not multiple how do you look at um
corporations we're talking a lot about companies putting bitcoin on their balance sheet uh so far every
company that i'm aware of they're using qualified custodians and shareholders are not even thinking about
self-custody or anything like that do you see the world kind of going that way and the self-custody
at the corporate level ends up being kind of the the state we end up in or do you think that there's
kind of this element of uh when lots of people around the table like price but they don't maybe
understand bitcoin the natural thing is like just replicate what's in the nutritional financial
system and like give it to somebody else yeah no i mean third party custody is the default
because of how people get onboarded into the space generally through some third party custodian
and it's also the more convenient option so i kind of see what i've been doing for the past 10 years
is actually fighting against human nature and and it's uh it's a fun battle to fight because really
what we're trying to do is make self-custody as user-friendly as easy as possible because third-party
custody is always going to be easier it's always going to be easier to pawn off all the risks onto somebody
else and say oh well if if it all goes haywire you know i can just blame it on them right i don't
have to worry about my job so to answer your question i think you know probably most corporations will go
with third parties even if they're not actually legally required to do so but we have built solutions
at casa where we can help you you know set up architect and maintain a self-custody system and that
works really well for either larger companies or like remote companies where you already have
employees that are geographically distributed talk a little bit about uh security while traveling because
one of the things that you opened my eyes to very early on was you know you go and you use the wi-fi
somewhere you go into a hotel you're at the airport you know all these things they're things that convenience
has really you know uh empowered people in society but it has opened massive security vulnerabilities
and so maybe when you travel what are the things that you're paying attention to what are the things
you're doing to mitigate those risks but still you know you do have a x account you do go places you do
kind of live your life so walk us through me what that protocol looks like again kind of that layer right
yeah this is tough because actually you know most hotels kyc and i actually i booked a hotel this
morning that actually did a kyc and liveness check on the portal while i was checking out
not like when i got to the hotel concierge but as a part of the actual purchase process so like that's the
direction we're going in now if you want to get crazy with this like there are ways where you can
basically get ids legal ids usually from other countries uh that basically have an alias or a
pseudonym uh you don't have your real name on them um i still use my real name but what i do is um
whenever i am asked for my documents i give my passport and the reason i give my passport is there's no
address on it and so you know this fulfills the obligations that they want but once again uh
i don't trust really anything or anywhere that i go so like a hotel room is not secure by any means
the safe in the hotel room is not secure like unless you bring your own safe and bolt it to the floor
it's really not secure but there are things that you can do um to improve your security like there's
various travel devices that you can get that will actually uh act as a better lock you know on your
hotel door pretty much every hotel door can be easily bypassed either physically or digitally the
digital ones are really scary uh usually like a fifty dollar flipper uh chip can uh get through uh most of
those but um as long as we're not talking about like going through border control you can generally
move around fairly what about like uh wi-fi and stuff right i think that's one of the areas where um
people get on a plane they're in an airport that are hotel they connect all of a sudden you know i've
literally sat on planes next to people who pull up their bank accounts and i mean do all kinds of crazy
stuff and you're just like do you know that everyone can see this right now yeah i mean that's
people don't really think about like the man in the middle um so we say you know not your keys not your
coins i mean not your wi-fi router not your internet connection um they could be depending on whether it's
encrypted or not you know they could be basically seeing all of your traffic or they may only be seeing
sort of metadata parts of it so um i use a vpn 24 7 on all of my devices that just adds another layer
of obfuscation to it but you know none of these things are perfect whether we're talking about
privacy or security there is no one silver bullet it's just sort of the aggregate of doing many many
different uh good practices that make you a harder and harder target uh before i let you go who is the
like ideal client for casa right when you say hey is it people with a certain amount of bitcoin is it
people who have a certain uh public profile is it corporation like just walk me through who do you
guys see the most success with well i mean i think for even for any sort of entry-level multi-sig
um you know when you have enough bitcoin that losing it would be a life-changing event uh whether you're a
whole coiner uh or it just it makes up a large portion of your portfolio then i think it's worth
starting to think about eliminating single points of failure uh and that's just on the technical side
if you're a public figure if you're like talking about bitcoin crypto stuff all of the time that's
making you more of a target that's when you may be a good fit for our uh highest level concierge service
where we provide advice not only about your keys and your digital assets but about all the other stuff
that the privacy and the security that surrounds that because ultimately all of the privacy and
security that's part of your life can then affect the security of your assets ladies and gentlemen jameson lopp