It's not easy. The marketing and lobbying is against this kind of attitude. You are met with active hostility. Facebook will delete your account if someone reports you as not revealing your actual personal data to them and will try to get you an official ID. You can't post on twitter without giving your phone number (even though Russian bots have no problem with that). But it's worth it.
It's even more stupid. The ransom was paid in Ether (ETH) which the kidnappers then exchanged to Tether stablecoins (USDT). Tether is a centralized company that can freeze and block any blockchain address from using the stablecoin that they issue and that's exactly what they did, they froze the ransom.
We'll probably have more details about this in a few days just goes to show how you can't hide on public blockchain ledgers.
About half of the police force is military in the first place (Gendarmerie). It's typically split between the purely civilian National Police (urban areas) and Gendamerie (everywhere else).
In any case, if there is any sort of kidnapping or hostage taking they send the tactical units.
To foreigners, GIGN is perhaps best known for being one of the counter-terrorist teams in the Counter Strike game.
Here's an example of an intervention, a video where they shoot in a guy's leg (long distance, with a submachine gun...), to prevent him from shooting himself:
They will send them everytime there a situation that the regular police can't handle, if you take your neighbour hostage for exemple, does not mater if you're armed or not.
Probably as much as possible.
Those are expensive teams to maintain and deploiment is probably not much compared to it.
If you are cynical you could see it as just training for an important case.
I've lived in the US all my life, and I've never heard anything remotely like someone needing to bribe the police to help in a situation like that. In fact, I have a friend who is a retired police officer and who commanded the SWAT team in a major US city. His team was dispatched more often than not to help people at the very bottom of the socioeconomic ladder.
The "statistical value of a life" doesn't mean what you think it does. It's essentially a measurement of how much, on average, people value their own live at the margin (i.e. how much are they willing to pay for a slightly safer car, how much more does a slightly more dangerous job have to pay for people to still apply etc.)
It's not a political "cap on how much to spend on saving somebody's life". There have of course been rescue operations more expensive than that per person, and some medical expenditures exceed that cap as well.
It is used in public healthcare, for example, with biologic drugs. According to my rudimentary calculations, Spain has an 80-100B euro public healthcare budget. If every person who would benefit from a biological drug treatment received it, that would add close to 40% to that budget.
And in the US, these drugs are much more expensive.
What drug treatment are you referring to, in particular?
In many countries, including those with both socialized and private healthcare, insurance companies routinely pay for treatments costing much more than the statistical value of life.
Also, these incredibly expensive single-dose cures usually are that expensive because they don't benefit from any economies of scale and/or haven't recouped their investment yet. In competent healthcare systems, the price is driven down substantially sooner rather than later for almost all drugs through negotiations.
I have a significant amount of crypto and use a ledger wallet. Recently I noticed that the ledger app on my phone requires precise location access to function. It just hit me that ledger has precise locations and wallet balances of all its customers.
It's just a matter of time when this information falls in the hands of organized crime. I have since then moved to another wallet and am thinking of selling my house and moving. I have taken steps to ensure that none of the apps that have my crypto balance do not access my location (graphene os with location disabled and always on VPN etc.)
This news bothers me. Maybe the criminals asked for data access as well?
Ledger’s e-commerce and marketing database got popped around June 2020, and the hackers walked away with a bunch of customer emails and some subset of physical addresses/phone numbers. Ledger acknowledged the breach in July, but the data ended up getting shared and reposted multiple times afterward—most famously in December 2020, sparking a wave of phishing attacks.
I know the details cause I work in the field. It's quite crazy that they are still in business.
There are multiples alternatives to Ledger, they are the laughing stock of hardware crypto wallets since they've started their online seed backup solution... at least among power users.
Coldcard if you aren't into shitcoins, and Keepkey if you partake in them would be my choices. I would have recommended Trezor at some point but their customer data leak tainted their image for me, they've made a lot of their customers targets just because they chose to use a third party to handle customer data for marketing purpose, if you run a business this sensitive, do this in-house and apply banking standards for this data handling, seems like a no-brainer.
>they are the laughing stock of hardware crypto wallets
Well that's not even close to true. Only the hardcore Bitcoin maximalists were pushing that lie because ledger was supporting Bitcoin cash. What a weird pathetic lie to keep telling all these years later.
This isn't true at all. Ledger has not been a laughingstock of the cryptocurrency community. Their hardware wallet has survived multiple attacks that Trezor has not. It has the strongest security model and easiest to use interface of any cryptocurrency wallet intended for regular use.
This sounds a lot like a sales pitch by Ledger, is the next service you are going to sell me involving me sending my seed, online, to Ledger so it can be sent to 3 third parties... because that is what made so many people laugh at them last year. They can add as many layers of cryptographic schemes on this, it so antithetical to what you should do with a seed you want to secure that it ruined their reputation for a lot of people. If you have missed this episode or prefer to forget about it, it doesn't make it less real.
I'll add that even if that didn't make them a joke to you, I am just as concerned by their customer data leak (similar to what I've mentioned above for Trezor) and that alone makes me not want to recommend them, I just didn't mention it as the other point is egregious enough on its own.
>value (probably wrongly in this case) convenience over absolute security?
I'm guessing there has been far more crypto lost through people forgetting/losing their keys than by having been hacked. Though personally I prefer to lose it speculating on the futures markets. People are idiots a lot of the time.
It's simple, the surface of attack of their system is much larger with the mere existence of this backup scheme, even if none of their customer used it...for the convenience of a fringe of their customers (the real reason is to widen their userbase to less security conscious customers and make more money this way). They also have proven to be poor deciders in the past when it comes to protecting their customers' data. The two combined make me want to never purchase a device again from them, and made me demand that they delete all my PII from a former purchase.
If these red flags are not red enough for you, go on, use them, I refuse to recommend them anymore for the stated reasons, especially when there are alternatives with better security/track records.
You are correct of course! Ledger has long been a pillar of the community but villainized by the Bitcoin core maximalists when ledger started supporting Bitcoin Cash (BCH), the original bitcoin.
Like so much in this space people think with their wallet and will villainize anyone who doesn't help sell their bags.
I can only second that. I don't have a need for their crypto products personally, but everything I've seen from them (both their open source software and their security research) seems to be a level above the competition.
> do this in-house and apply banking standards for this data handling, seems like a no-brainer.
The no-brainer is thinking that cryptobros are going to do the opposite of whatever banking standards are. Following existing standards in not what disrupters do. It's not what someone flaunting all of the traditional rules of "fiat currency" do. Expecting a scorpion to not sting you is on you.
> the ledger app on my phone requires precise location access to functio
Are you sure that's not just for Bluetooth access (which shows the same message, since it can indeed be used to derive somebody's location)? What business reason do they have to send users' location to their servers?
> graphene os with location disabled and always on VPN etc.
If you don't trust Ledger – how much do you trust your VPN provider? They know both your original IP and what you're doing on the Internet (or at least to which services you're connecting).
>If you don't trust Ledger – how much do you trust your VPN provider? They know both your original IP and what you're doing on the Internet (or at least to which services you're connecting).
Well, the big difference (for what OP is worried about) is that two distinct companies would need to be compromised instead of just the one.
I've long dreamed about having "anonymous" internet through coaxial/DOCSIS because the modems should work anywhere on the same node (or maybe even beyond) as long as your connection point is physically connected.
I could put down any name and nearby(ish) address I want...
Upstream is shared by less subscribers than downstream. Usually in the same neighborhood. So, it is easy to spot a wider place and then put boots on the ground to do the rest.
Any of widely used VPNs is much more generalized. Chain two or more in case of real concern.
As long as you never connect a phone to that modem (which will leak its GPS location to Google), or order anything from Amazon for delivery to the physical address.
IP address is often resolvable to a precise location, given access to databases maintained by surveillance capitalism entities. I think parent said the second party that would have to be compromised is a VPN provider, assuming that's being used to hide the relatively insecure ISP assigned IP address.
As I said, I'm not using ledger anymore. The new wallet's app does not have location permission and my location is turned off anyways.
VPN is just an extra layer. I'm sure VPN can see I'm connecting to the wallet's servers, but they can't see my crypto balance (I hope the communication is encrypted by the app).
Arguably the feature that makes kidnappings for ransom unattractive isn't necessarily traditional banks being trusted, but rather that traditional bank transfers are usually reversible (e.g. due to a court order).
I haven't usually been enthusiastic about GNU Taler's "senders should be anonymous but recipients shouldn't" approach, but I guess kidnapping for ransom is an example where that policy might be beneficial.
I guess is comes down to whether you think it's possible to prevent this kind of thing with nothing more than cleverly aligned incentives and cleverly applied cryptography.
If it is, then we'd be fools not to try, and having the trusted third party is just the better of several bad alternatives.
But it is a pretty audacious claim. I wish there were more radical optimists among us pursuing such things. Pity that that's not what most crypto is these days.
If Trump saw the potential in crypto that I see. He'd like it far less. e.g I've been tinkering with a protocol for refusing to pay federal taxes all at once. (Because it's not a useful threat if we're not united in it).
I draw a pretty thick line between what we're seeing out of it today and what we should be demanding of it.
I’m a big 2A supporter but would still want the would-be kidnapper to be deterred by other means. I can be incapacitated or caught unaware, JP Morgan and Charles Schwab cannot.
How does a game theoretic protocol stop someone extorting your friends into paying a ransom for your life? They weren't trying to get into his wallets, but getting his rich friends and relations to pay.
Transaction rollbacks. In this case the USDT ransom was blocked by Tether.
Rollbacks for non-centralized tokens & networks goes against the goal of most protocols though, so it's unlikely to become the norm.
Crypto aside, kidnappings for ransom are already embedded in a game theoretic protocol. The weights involved (e.g. the amount and probability of payout, the likelihood that you'll actually get to spend that payout, the penalty and probability of being captured, the likelihood of cooperation of victim and friends) are all determined via policy choices made by the state; these are things like regulating banks or making spending decisions re: policing and other such things. They determine how probable the crime is.
The cryptocurrency proposition is that that solution can be improved upon without implicitly trusting the state. I don't have that solution myself, but I'm not convinced that it can't exist. We'll know they've found it when these things stop happening, and it starts feeling like the riskier thing is to keep your money in a bank. Or maybe what they come up with doesn't feel like money at all, who knows.
When I try to imagine such a protocol, it involves a web of trust and crowd-sourced metadata such that people can refuse to accept coins which don't also come with proof that they're involved in activity that those people consent to. (A deficiency of dollars being that when I accept one I have no idea whether the loan that created it is for a venture that helps me or harms me, or whether the previous owner got it as a kidnapping ransom).
In such a scenario, the ransomed coins become useless without a backstory that identifies them to the recipient as non-harmful. If that backstory becomes prohibitively difficult to fabricate, then perhaps the crime doesn't happen.
Like upgrading from a tube radio to a feature-equivalent SDR implementation, nothing will have changed.
Except that having achieved feature parity, we'll then be in a position to consider new features which may not have been possible on the previous architecture.
I don't think crypto people have a great handle on economics along those lines. "We artificially limited the supply so it can only go up; what's money velocity?"
what do you mean? multisig with quorum has been supported by many hardware and software wallets for years. you cannot kidnap one of the signers and steal all the money.
in this case most of the ransom has been blocked which isn't new. many of the major crypto heists ended with arrests due to traceability of the funds or unusable funds due to blacklists.
Are you proposing that these measures have made crypto just as safe or safer for the average person to work with than fiat?
It's nice that there are tools available to prevent such things in theory, and it seems like there's some traction in the right direction, but what matters is whether it's safer in practice. I'd love it if that happened soon, but it doesn't seem likely.
At some point "the rubber meets the road", i.e., you have to bridge the digital world and the physical one. Increase the probability that thugs are caught and increase the severity of the consequences.
In the real world the ultimate countermeasure is bullets. All the rest is to avoid reaching this last resort.
Online the ultimate countermeasure is being a dog. If your currency brings you to the conclusion that you must be protected at all times with deadly force so you don’t get ransomed, I don’t know what to tell you.
I suppose that's an upside to all the crypto companies being headquartered in Dubai and Singapore. The surveillance state in those places can rapidly track down all the attackers. They don't mess around when it comes to violent crime.
You mean like a multi sig wallet? Has been a thing on ethereum for about a decade now. There are also a variety of systems that allow trustless social wallet recovery and other nice creature features that are required in the real world. The programmable nature of ethereum makes these sorts of systems readily buildable.
But its not bitcoin, so somehow its the shitcoin and the glacially frozen development environment that is bitcoin is what all the get rich quick cryptobros obsess about. I will never understand.
Such things don't count for much if they're not in use. The trick will be getting people to use them effectively. It's more of an education problem than a tech problem.
Also it's not clear that that would work. If I got a call:
> They're gonna kill me if you don't sign this transaction.
I'd probably sign it rather than let my friend die to prove a point to the bad guys that you don't kidnap people on FooChain.
Ok, so you make one of the other parties someone who has a fiduciary duty but not an emotional one. "We don't negotiate with terrorists" is a common enough phrase.
I still don't think it's enough. Then you just figure out who the fiduciary is and kidnap their kid instead. It's gotta be something where the coins are useless once stolen because you can't fake a convincing enough history for anybody to risk touching them. And not because maybe the cops show up, but because the recipient is equally concerned about finding people to accept their coins. The value of a given token has to be tied to the acceptability of its externalities such that a theft is just a destruction of value, not a reappropriation of it.
Or at least that's the only way I can see it working. It's gotta be based on consent, not scarcity.
Only newer currencies you could lock your money into a smart contract, or just stake it, such that you literally could not transfer your money for a year (or more). Lower liquidity but would de-fang ransom like this.
Alternatively, a smart contract could require large transfers to escrow for X months, and could have a secret poison pill such that it would abort after 30 days if you used a trap password.
Edit: Given the downvotes I guess people just wanted to snark? I interpreted this as a technical question but maybe I misread.
I'd believe that necessary primitives are out there, but it's not really enough to have a solution in theory. A crypto project will have to stop such things in practice before they can legitimately claim to have obsoleted the banks.
If your intent is to lock funds for a specific number of blocks or a timestamp/block height you don't need more than these primitives (nLockTime, nSequenc, CLTV or CSV)... the first two are fields in any Bitcoin transactions, the others are scripting instructions. Some wallets allow to use these various flavors, from memory, both Bitcoin Core and Electrum offer some of these timelocks through their UI.
The point was not that this alone would make bank obsolete, but rather that this isn't just something "new" cryptocurrencies feature.
Or you overestimate how many competent psychos are out there scheming to do anything to make money.
Doing a kidnapping and getting a ransom is probably not too hard, but being on the run forever afterwards might not be worth it to most. People with money can hire their own bounty hunters/or plain criminals to go after them afterwards. Or just announce a bounty high enough (in dark channels, your high profile security company has access to) so people will do the hunt for free.
Most people like to boast about their action - so competent here means keeping quiet about it forever and coming up with a good excuse for why they have that money.
Really for anyone competent with crypto and unethical there are so many legal or semi ways to get money. Pump and dumps, rug pulls, launch your own meme coin etc.
But there’s already a decent chunk of people committing organized violent crime. Cartels set up their own shadow cellphone networks and run submarines. Maybe there are just easier crimes that pay better with a lower risk profile
"Cartels set up their own shadow cellphone networks and run submarines. Maybe there are just easier crimes that pay better with a lower risk profile"
Indeed, selling drugs is apparently easier. And I can imagine the cartels don't want to risk their daily buisness, by kidnapping the wrong person from the west, as that would mean more heat on their buisness. But they surely do kidnappings and worse. Mostly in their fight for local control as far as I know.
Like what, Russian and NK ransomware? Of course the perpetrators need to we physically in those countries, which is unattractive. Everywhere else the'll get caught.
I've been thinking for a while that the current security methodology for wallets is not great. YES, that statement is extremely obvious on the face of it. But, I mean, think of some of the basic measures people take. This hardware wallet crap, okay great, your keys are kept somewhere safe and there's offline signing, but so what? Boop the users head until they give up the wallet. H4xt funds. We should be able to designed a robust threat model for cryptoassets using smart contracts that resists many kinds of attacks (including kidnapping.) This is hacker news so I guess people will want details on how this might work.
I would probably start with how people use their money. If people have t funds, they usually aren't going to move it each day. So start with a fixed, daily spend limit. That's simple, to start with. Then past the spend limit, you might have extremely large, outlier transactions. This is an interesting phase because with actual non-shit-tier security you could have a secondary layer of confirmation. This could be based on different panic codes. Some could indicate that the transfer is being made under coercion and to notify law enforcement, some could indicate to accept the transfer and notify, and so on. You could outsource this to a third-party. Do you see what I mean? All this shit is easy to do with cryptography and actual good design. But no ones done it. I thought of this in the time it took to write this shitty post.
Provable deniability schemes can be done to make it look like a wallet only contains a certain amount, too, using various private transaction schemes. This is nothing new. These attacks of being forced to do reveal keys and so on are things cryptographers have thought of for a long time. It's why you had Truecrypt have the fake volume. There is other stuff you can add to the security scheme. Giving different persons a key and making them sign their portion. Co-signing by third-parties (already a thing -- the scheme I like best is keys.casa). Many different ideas to allow for funds to seem like they've been "sent" then allow for revocation later on. You could have all different enhancements to high value, anomalous transfers like forcing the incumbent of transfers to take longer and have a clearing phase and so on. I'm sure there are plenty of ways to improve it even further. Just some ideas for how to stop attacks like this.
Whenever I see headlines about hacked exchanges, hacked wallets, lots keys, broken transfers, etc... I just think that we're still at the stage where there's a fractal of shit and we have to do better. Make everything work flawlessly and without even thinking about it.
But how would any of that help in this case? They didn’t break his wallet, they didn’t force him to transfer money personaly. They kidnapped him and his wife and then cut off his finger and sent the finger to his associates asking for money.
The transfer would be initiated by the associates who are free. What would a panic code help there?
The only thing which might change things is the ability to reverse transactions. That would make the kidnappers keep them longer. At the cost of making every transaction on the blockchain less trustworthy. Not really a clear win.
It's like you're saying, make crypto more like real money — like how transfers over $10K trigger regulatory scrutiny. From my understanding (nocrypto) fans of crypto like that it's not like real money.
hardware wallets are a safe transaction signing device NOT a seed storage device
You use them to sign transactions that are perfectly safe even if your computer / phone where you initiated the transaction is infected with malware. They give you a chance to confirm that the transaction you're signingon the hw wallet is the one you initiated on your computer.
> daily spend limit
> different panic codes
> Co-signing by third-parties
What you describe already exists in "software multisig wallets" on smart contract blockchains. In essence they're smart contracts that require n of m signatures to initiate a transaction and can handle variable spending rules, custom signing schemes, 3rd party signers, things like 2FA / email for signing.
In theory they can be implemented for non-smart contract blockchains like Bitcoin using multi party computation schemes like FROST (https://github.com/ZcashFoundation/frost) but that's a lot harder
I remember a while back seeing a story from SE Asia about cops finding a guy walking along the road clutching a bleeding hand. Turned out thieves had robbed him off his car, which had a fingerprint reader so they'd taken a finger with the car.
My advice for people who own crypto is the same as my advice for people who own guns: You shouldn't own it, but if you do, shut the fuck up about it.
Guns and crypto both have unique properties: criminals want them, and they want there to not be a connection between their identity and the item they plan to do crime with. The obvious solution, for a criminal, is to steal someone else's guns or crypto, not for the value of the object itself but for the fact that it has your fingerprints on it and not theirs. It's a funny kind of identity theft.
> Under his leadership, the company has sold more than seven million hardware wallets worldwide, maintaining a perfect security record with no successful breaches of their devices.
yeah uhhhhhh, what about all of their newsletter subs and device sales shipping data though?
I wonder if he got one of the threatening ransom letters in the mail and didn't pay because they said it was a scam?
From the headline here on HN i thought they severed his finger to get around MFA or use it to unlock some crypto store - turns out they just cut it off to show they mean business and they actually kidnapped him
We've changed the headline to be the same as the article's, in keeping with the site guideline: "Please use the original title, unless it is misleading or linkbait" (https://news.ycombinator.com/newsguidelines.html)
(Submitted title was "Kidnappers sever finger of Ledger co-founder David Balland".)
Posting like this will get you banned here. (The thread title, when the comment was posted, was "Kidnappers sever finger of Ledger co-founder David Balland".) You may not owe cryptobros better, but you owe this community better if you're participating in it.
The thread title, when this comment was posted, was "Kidnappers sever finger of Ledger co-founder David Balland". We've changed it now, in keeping with the site guidelines. More at https://news.ycombinator.com/item?id=42819610.
Physical security primer for Bitcoin (2019), https://www.youtube.com/watch?v=HUgPhPkS2yc
reply