Episode Transcript
[00:00:01] This episode is about lessons learned, the risks of complacency, how to protect your hardware, wallets, your bitcoin and your devices from a physical attack. And what we know so far about the guy who broke into our room in Lugano.
[00:00:19] Here's what happened.
[00:00:22] It's time for a Guy's Take episode.
[00:00:25] The Best in Bitcoin Made. Audible. I am Guy Swan and this is Bitcoin. Audible.
[00:00:47] What is up, guys? Welcome back to Bitcoin. Audible. I am Guy Swan, the guy who has read more about Bitcoin than anybody else. You know, we've got an interesting episode today. This is a little bit out of schedule and I just want to say it was so awesome to see everybody in Lugano and get to hang out. There's so many people that I finally got to meet.
[00:01:12] Actually managed to bump into Roy Seinfeld, which I did not expect. And it was only for a minute, but it was awesome to see him and I had an absolute blast. It was such a fun conference. I had a great time with the meme panel, the sophisticated art of shitposting, and also really enjoyed. I thought my speech went, went pretty well on Fiat Money and just had just had an all around amazing time. But for those of you who were there, or for those of you who were in the room when I talked about this on stage, actually, because I can't even remember what talk it was after now, but I was emceeing on the peer to peer stage and somebody ended up finishing their talk really quick and I think we had like a 15 minute gap and I was like, well, this is actually a pretty good opportunity because we were trying to sort out this situation and figure out what happened. And I was specifically trying to go through all the bad decisions I made and like how I had been framing it in my mind because it took so long for me to even begin to really put this in my mind in the place that it should have been from the very beginning. But our room was broken into and we actually saw the guy. We. I'll give you the whole story in just a minute, but I think someone was there targeting bitcoiners with the attempt to get information to sell or to get into devices or to steal hardware, wallets. It's hard to say exactly what it was. And also it's important to understand this was not a cheap hotel. This was not a low. This was. This was the.
[00:02:57] Quite possibly the most expensive or I guess nicest hotel I'd ever been in. In fact, honestly, I'm not a huge Fan of paying a lot of money for hotels, so I always just kind of go to run of the mill stuff. I just need a place to sleep. But they gave us a really, really nice, like a five star place for the speakers hotel. And someone 100% was in our room. And we don't know exactly what he did. My MacBook was in there the whole time. So was a hardware wallet, although the hardware wallet itself, it was a ledger and I don't, I can boot it up and look, but there's nothing. I don't even think there's anything on it to speak of, and certainly not, certainly not any substantial amount. Just maybe used it with an old mobile or something in the past or a wallet that's on my desktop computer. But this is such a great example of separating your keys from your devices and why. And also about multisig, which is why, you know, things like Casa and Nunchuck and Spectre, all of these things, like these wallets that are built around multisig and around separating out these keys from your devices are actually so critical. Because this is exactly why I'm not really concerned about my Bitcoin, even though I am concerned about, you know, the potential of having gotten into LastPass or KeepassX or dump something from RAM on my computer, who knows what. And also just unsure about the sophistication level of the attacker. It seems like a just kind of run of the mill. Like he doesn't seem super sophisticated and he clearly didn't have any other additional knowledge or a very clever setup. He didn't have anybody warning him that we were coming upstairs, that sort of thing. Unless, of course, whatever he was doing took that long to undo.
[00:05:02] But honestly, really hard to say, which is a problem. And I will be going into my traveling in the future thinking about knowing exactly what happened in my room while I was gone. And also, of course, not leaving any device anywhere that I feel is at risk or could make it subject to. In fact, I may even just bring a dummy, like a travel computer that just has existed, exactly what I need on it, maybe an old one, and not even bring my main Mac or anything. Because I'll tell you, this is the most.
[00:05:45] It is a horrible feeling to think that, and specifically to think that I might have been targeted. And, you know, I was talking to Giacomo about this. I was trying to let a bunch of people know that a number of speakers know, and I hope word kind of got around to everybody to check their stuff. And luckily we do know how long he was in the building. But I was talking to Giacomo and, you know, he was like, no offense, but, you know, you're not the most important person in bitcoin. And, you know, that's all I could think as well, is that, you know, I'm. I have a podcast. You know, I've been in the space long enough. Sure. They could make the assumption that I could have access to a lot of people through communications. I could.
[00:06:28] I likely have bitcoin from, you know, a long time ago. I certainly am likely to have more than most people, but I don't have developer keys. I don't have, you know, keys to like, like, the people who are also there.
[00:06:46] Adam Back, Peter Todd, Marty Malmy, Luke Dasher. Like, so many people, like, there's a huge number. Like, I'm just a guy who does a podcast and makes audiobooks. You know, I'm the guy who read more about bitcoin than anybody else. You know, but for me to be specifically targeted, I still just can't come up with a good reason for it. And it's not like I'm like, I'm exactly low hanging fruit either. So I'm inclined to think that it's largely that of the things that are coincidences, the fact that we caught him in our room, I think may just be the combination of the coincidence that we didn't go to the speaker dinner, so we came back early, and the fact that we were at the end of the hall and it may have just been where he started. And if he could get into the room, this is another thing. So let me give you the whole breakdown. So we're out, just hanging out. We went. We traveled with Mechanic and somebody else who was with us.
[00:07:48] God, I can't. I can't even. I can't even remember.
[00:07:51] But we were just going out to the speaker dinner, and then there was also the drone show, and they were. They were headed to the speaker dinner and we went there, but it's like straight across from where the conference location is, which is where the drone show was going on. And I wanted to watch the drone show. I'd never seen one, and it sounded cool. So they went into the speaker dinner and I was like, all right, well, we'll just go over to the drone show. So my brother and I walked back over there. Drone show was really cool. Only lasted for, you know, 10 or 15 minutes. And it was like, okay, well, we could go back to the speaker dinner. We could go in and I hang out and do the Satoshi Rockamoto. All that Stuff they were having a big luau. But, you know, we had not gotten. I'd gotten like an hour of sleep. Maybe he got like 30 minutes on the plane up there. So the whole first night, which we lost six hours in the trip across the Atlantic anyway, we had no sleep. And then the night, that other night, the night just before that one, before the first day of the conference, we had like five hours of sleep because I'd stayed up late. So I was just exhausted. And we were just like, you know what? Screw it. Let's just. Let's just be party poopers and go back to the place. So, and we're walking back. It takes about 15 minutes. So I assume we walked back at about 9:00 and we got there about.
[00:09:10] I guess it'd be a little bit before that. We got there at 9:07. And we know this because we looked at the hotel security cameras. And for the sake of making this more easily accessible to people, I'm going to do a YouTube and rumble video. And you'll be able to see the guy. He's not identifiable because the cameras are a little bit too further, too far away, but you can see him and also kind of get the idea, get a better picture of exactly what happened. And I also want to make sure that my thoughts on how to respond to this or how to prepare yourself and kind of defend yourself from this sort of a situation, because I see no way whether or not he very explicitly was targeting me as like, I want to get into Guy Swan's room, or I want to get Guy Swan's address at home, or I'm getting some piece of information off of his computer and selling it online, or I'm trying to get into his. Get. Get a back door or man in the middle, him for his wifi, whatever it is.
[00:10:14] If he is targeting Gaius Swan specifically, then okay, but I feel like that's so unlikely. And if he was, then it would make sense for him to actually just know where I was, where me and my brother were for the night, rather than just make the assumption. Whereas if he was thinking, oh, I'm attacking the bitcoin speakers, well, this was in the middle of the speaker's dinner, so he can expect. And the hotel was largely a. Just a ton of like, it was very, very packed with just the kind of. The conference and speaker crowd of the, like the bitcoiner bitcoiners that were at the conference. So that seems like a pretty prime target. So we come up at 9:07 at night and we are walking down the hallway, and we're on the second floor at the very end of the hallway. This is another reason why I kind of suspect that we just kind of interrupted him at the beginning of what he was planning on doing, because I feel like it kind of makes sense that you would just want to be as far away from the staircase and as far away from passing traffic as you could when you started looking through rooms. So it kind of a naive assumption. Makes me feel like, okay, you go all the way to the end of the hall and you just kind of start there. And then if you hear anybody in the hallway, you also have the longest amount of time in order to, you know, get out or respond to it. And you just know the degree of, or the chance that someone is actually coming to the room that you are in if you know there's only two rooms down at the end of the hall. Now, on that, it takes about, say, two minutes to get from the front door up to the end of the hallway. If you're just.
[00:12:09] If you're just strolling, if you're just walking at a normal pace. Now, part of that also makes me wonder, you know, how likely is it that he went again, straight to our room? How likely is it that he didn't wander around a little bit and see who was around and was there anybody down the other hallway? You know, what's the stair like? Did he quote, unquote, case the place a little bit before getting started, or did he just kind of confidently and easily, you know, stroll all the way to the back and just kind of get started at the end of the second floor? Really hard to say. But we do know we found him on the security camera walking in from the same direction we did at 8:54 at night. So this was 13 minutes before we came up. So say he was targeting us specifically, and he's got maybe 10 minutes, 11 minutes max in the room. Now that's a long time to be in a room with somebody's laptop or devices or to go through their luggage if you're looking for something. So we're coming up at 9:07 and we go up the stairs. And as we get towards the end of the hallway, like I said, long kind of winding hallway all the way down to the end as we get there. And my brother was looking down at this point, he wasn't. Neither one of us was really like super focused on the room or the door or anything. We were just BS and chatting about bitcoin, you know, probably solving the world's problems and, you know, coming up with the best ideas that you've ever heard. And when we're about maybe 10ft away from the door, he just comes charging out and closes the door behind him. And it just totally takes me off guard. I'm just like, what? What? Whoa. What the hell? Like, I'm. I'm going back through my head. I'm immediately like, he just came out of our room, and so I tried to stop him. And Asa said, what the hell are you doing? And he says that just pretended not to be. Either couldn't speak English or pretended not to be able to speak English. And he just, like, no, he's okay. He's okay.
[00:14:27] And he's, like, sweating bullets and, like, super, super awkward. Like, so awkward. I was like, no, what. What do you mean? It's okay now, what were you doing in the room? And at this point, he's, like, pushing past me, and, like, now he's looking back at me and going, no, there's the water. The water. Water. It's okay. It's okay. And now I'm kind of walking behind him as he's power walking down this hallway, like, really in a rush to get out of there. Like, everything was just super, like, I remember. You know, I'm not thinking at this point. That's. That's one of the things about these sorts of situations is you don't have time to analyze anything. In fact, it took us an extremely. An embarrassingly long amount of time to kind of go through and put this whole thing together in our heads. It's like, no. There is no explanation that makes this make sense. And it's funny, I didn't remember the bag. What I remembered, what stuck out in my mind when I saw him, was that, like, my brother remembered that he had a beard. And I kind of remembered just, like, hair on his face or, like, stubble on his face. I thought. I thought it was just kind of, like, dirty.
[00:15:37] Not. Not dirty, but like. Like dirty as in, like, just unshaven for a long time, so to speak. But I do remember that he was wearing, like, some sort of a jacket or hoodie or something. It was all black, and he had a shirt on underneath it that said boss in really big letters. Or it said something like amboss or abosa or something like that. And I could only see boss because of the jacket or whatever that was over it, but I distinctly remember that. And I don't know why my brain even pulled that out, but I can remember that on his shirt better than I can remember his face. But we started just kind of like walking behind him and I'm still just asking him. And then he just turns away and he's just like not answering us anymore. He's like, yeah, whatever, whatever.
[00:16:27] Just fine, it's fine, it's fine. And I'm like, no, it's not fine. It's definitely not fine.
[00:16:32] And then that was when I was immediately like, oh my God, he took something.
[00:16:37] And for some reason we turn around and go to the room.
[00:16:46] My reaction was to go check in the room for if something was gone. Which in retrospect, in hindsight, that was so stupid. Like I should have just followed him down. And in fact, get this into your brain because the difficulty and the importance of having the video footage in this situation. Get your phone out, get your phone out and start recording and have a death grip on that thing in case he tries to take it from you. If anything like this happens or if there is any awkward situation, just start recording. There's nothing bad. There's no trade off in which you just wouldn't want the recording. And if for some reason you don't want it or it is of no use to you, you just delete it. It is totally fine. But you should have a recording. Because I would have his face. I would be able to identify and describe him if I had had him on video, even if it was just for a second turning around in high definition close up. And importantly, if he had taken anything from the room, then I still would have wanted to follow him. I would. Like, so stupid. But again, like, this all happened in a matter of like a second or two. You know, I'm not. There is no, there's no logical process. Like you're, you're just a complete moron. No matter who you are or how smart you are, if you're not prepared for the situation, if you haven't worked this out in your mind what exactly to do, you're an idiot in that situation. You're just a complete idiot. And you're going to do something stupid and you're going to make the wrong decision and you're probably going to reframe because, you know, it's easy in hindsight knowing what actually happened, but it's just so awkward. You're like, what just what? What just happened? And you don't have any, like, clear evidence of anything. And to the point that like, I almost was trying to excuse it in my mind because, you know, I'm not doing like deep mental analysis on remembering exactly how everything was and how the door was and who he was and what his face looked like and what shoes was he wearing. Like, nobody does that day to day when they're just walking through something. And when you're caught off guard in an awkward situation, you're doing it even less. You're just trying to. You're confused by what the hell has just happened. So we go back to the room and we immediately start looking through all of our stuff. Do I have my wallets in my pocket? My passport's in my pocket. Okay, My computer. And I went and I specifically looked. It was over behind the bed with my bag. And it was still like Velcroed in with just a little strap. It did not look like it had been touched at all. Start looking through the rest of my electronics, my microphone.
[00:19:34] We looked through my brother's bag. Not only did nothing, was nothing gone that we could think of, but it also looked like nothing had even been touched. And then in thinking about it is, we had the knob to turn off. The water at the spigot was incredibly difficult to turn off. In fact, both of us had turned it off before, and it seemed like it was all the way off. And then it started slowly trickling a little bit later. And we'd go back into the bathroom and the water was just trickling out of the spigot. And we'd have to, like, really manhandle it and get it, rig it tight, and then it would finally stop. But twice this has. This had happened already in the two days that we were there. And so we're like, okay, maybe. Maybe he was just checking on that. Maybe a maid saw this and he was just going up and just turned it off. And again, nothing was missing. No indication of anything. My computer was locked and asleep. And when I turned it back on, nothing was open. Nothing was out of the ordinary. All of the things that had been open before were still open. Again, no indication that anybody had touched anything. Even had a. Like I said, a hardware wallet. Had a ledger in my bag. Unless there was another one that I can't think of. And unfortunately, I have enough hardware wallets. That is totally possible. I have two. Bibi didn't bring any of my cold cards with me. I tried not to bring those while I'm traveling. I. I leave those at home. And then I've got two bit boxes right here in my desk, and I have.
[00:21:19] Okay, well, let me just check to see if I've got all my cold cards accounted for. So I have one cold card, two cold cards I have my. I have my cold card queue with me, but that one's still not set up, and that was still just in my bag. I have my ledger nano with me, which I only have one of the ledgers, and it's pretty old now. That one was not taken.
[00:21:42] And, you know, if you're. I mean, he wouldn't know where the hell it was like or what was on anything. So, you know, what did he just. If there was a bit box in there or something or a cold card, would he just assume that the cold card was the. The better thing or the more likely one that something was on it? But I don't think I'm missing a cold card. I have my cold card, my CC4. I have two fours and one three, and I have both of the fours and the three in my case that. My waterproof case where I keep. Where I have consolidated all of my hardware wallets. My keystone wasn't with me. In fact, the only hardware wallets I had with me were my tap signers, and those were. Or actually only one tap signer, and then my queue and my ledger, and I have all of those. Those are the only ones that I think I have with me, unless I had another bitbox that I didn't remember. But I know it's not the bitbox that I use, because the bitbox that I. My main bit box that I use is the one with the little orange crypto cloaks case that it has. And that one is also in my big waterproof case with my other hardware wallets. It's a problem you need to take. You need to. If you have a bunch of hardware wallets and a bunch of mobile wallets and crap like that, you need to take stock of them and actually have them organized, because mine's my. I have so many, and they're such a mess that I literally do not even know if I lost one. That's a bit of a problem. That's a. I guess that's a bitcoin podcaster problem or just somebody who's been in Bitcoin since 2011. But I have no indication. And I cannot. Anything that I actually know that I use and. Or likely had with me is accounted for. So, anyway, we're trying to excuse it. We're trying to figure out what explanation makes it make sense. And that was the only thing that came up, and we were kind of dismissing it.
[00:23:43] And so we started to just kind of go on with the night, and my brother took a shower. And then after about, like a little Just a little while passed, and both of us separately were apparently thinking at it, about it. And he got out of the shower, and I was like. And both of us, like, basically at the same time is like, dude, that. That shit did not make any sense. Like, that dude was 100% up to something. There was no way this was about the spigot. Why the hell is he in plain clothes in the nicest hotel that we have ever been in? Like, there was no chance whatsoever they let someone or that that person was allowed to go in our room without full get up, without being in uniform for the hotel. So the more and more we thought about it, the more really, really uncomfortable we were about it. So we go back down to the desk, explain the situation.
[00:24:37] They said that they don't think that there would be any reason for the maintenance staff like, that that didn't make sense to them or that that didn't seem right. But to contact them again to come down when the manager was there in the morning. And so then our thinking is, okay, well, what's the.
[00:24:55] If you were trying to attack Bitcoiners, what would you do? What would be the best way to go about this? To get into their devices or to get information from them that would be useful? And so my immediate thought was, okay, plant a WiFi middleman device, a fake node that, you know, is getting you to log into it or connect to it, thinking that you are the wife, it's the wifi, and using that to intercept all of your communications, you know, get you to log in, put in whatever information you have, or just to put a bug, get something on your laptop so that you then take it home and connect it to your own wifi, et cetera. And so we looked everywhere for a device. I mean, everywhere. We kind of tore the room apart looking for it, including getting behind the TV and looking for anything dropped behind. There's like, a faux wall with the cords hidden and stuff behind it underneath the beds and the weird little corner pockets behind the drawers where the desk is, like, you know, flowery and has, like, curves in it. So there's like, these empty pockets and these dead things behind, like a brace or support. I mean, we looked everywhere that we could think of on top of stuff underneath every. Every drawer. Granted, I don't even know how small a bug or a little bit of a little device like that can get and still be, you know, powered and useful these days. But we could not find anything. There was. There was nothing.
[00:26:37] I can't think of anything anywhere else that we didn't look. I mean, I guess there could have been. We could have missed it. We could have missed it. But we looked pretty good, pretty well. And I can't imagine, you know, if you were caught, you know, you'd probably take it out in order to not get called and for the device to not be called, because I feel like you would suspect that somebody would look for something or be really suspicious. And that's probably something that could lead back to you. So I hope whatever the plan was, we interrupted and he just wasn't able to do it. But we looked as good as we could. And aside from the rough check that I did. And also this is actually a really good point for understanding what a VPN does and why you want a vpn. A lot of people talk about VPN purely for privacy sake is that, you know, you don't want your ISP or Google or whoever to watch everything that you do. And sure, that's great and everything except that you're just trusting the VPN in order to protect you from the exact same thing. So the VPN knows every single thing that you do on your computer. They just say that they don't log and that they use shared IP addresses and that sort of thing, which is fine, but you're just trusting what they say to be true. So it's important to understand that you're just changing your privacy dynamic. You are not getting privacy, you're getting privacy in a general sense online, but you are still sharing all of your information with explicitly with someone that you have an account and an in a piece of software installed on a device that is identifiable with this person. So they have all of this information. NordVPN or whatever has my traffic information. So from a privacy standpoint, it is a useful tool, but it remains a very important trade off. And it is important to understand that that is the case. It's a still trusted relationship. However, when you are talking about the overwhelming majority of the kind of naive man in the middle attacks when it comes to wifi spoofing and that sort of thing where you are trying to get credentials, you are trying to forward and get people to connect to your device and just forward you websites that you request and not allow them to, or to interrupt your connection and to feed you malicious data or altered websites, et cetera, a VPN protects you from the overwhelming majority of those attacks. This is the point of public private keys is that you can send these keys over insecure communication channels and still establish a secure connection because you are encrypting locally on your device and you are sending your key to them, your public key to them, or I guess you're just getting their public key is really all you need to do. And then you establish a connection, and then that is encrypted. And so that middleman device cannot see anything that you are doing. So it is super, super critical, especially if you are on a wifi at a conference or because somebody could just be walking around with something like that in their backpack or their pocket and you could accidentally connect to them. If you're on a hotel wifi, you are in a Starbucks WI fi. These are public places with public networks. If you use a VPN for nothing else, use it in these places. This is the most critical and most important thing that you can use it for. In my opinion, especially as a bitcoiner who travels to places and as we move into a new bull market, how much more likely it is that we are going to be targeted. Especially if you're an idiot and you're known in the space like me, and you stick your name up everywhere and you go publicly speak about this stuff. Like, I'm a pretty serious target. Even though, you know, again, like I said earlier, it's not like I'm the target in that hotel. Like, I'm not that important. But it still is very possible that for some reason it could have been a targeted attack. I mean, he did. He was in my room. In that case, though, it also asks. It also begs the question is, how did he know which room was mine? I don't remember. I feel like maybe there was one time where I was talking to maybe Knut and Luke or, I don't know, maybe at some point where we were hanging out with close friends that, like, people that I trust and I know would not have forwarded that information to anyone, but that we were probably in public and it could possibly have been overheard that I may have said we were in room 205, or that we were on the second floor while discussing it with other people who were in the hotel. So that is possible, but it seems extremely unlikely that that guy was just like, hanging out near us and heard that, or that he was, you know, how. What are the chances that he's there at that moment or that he's following me around all day or something, waiting for me to just say that I have. I'm in room two. Just. It doesn't make any sense. Seems incredibly unlikely. So anyway, then we get up the next morning and the manager and everything, they're they suspect, they think that we misremembered because it doesn't make any sense to them either. And I want you also to understand I'm not really holding any guilt or harboring any like, bad faith toward the hotel. I don't really think, I don't even know how you would prevent something like this. Like, hotel room security is just not good security. And it's not really, it's not super avoidable, you know, like it's just hotel room keys and there's only so much you can do. And there's also just very manual ways in which you could probably get into a hotel room without a ton of trouble. But the thing that's interesting or concerning, I guess maybe is that the. He said that the manager specifically said that the hotel room door lock mechanism, where you scan your key logs and stores every single action locally, like every single thing that happens. So if something had opened that door through the key reader, through the card reader, it should have registered on the door.
[00:33:28] Nothing at all registered from the time that we left, from the last time we scanned our keys or, or I guess shut the door at. Oh no, it'd be the last time that we opened the door at 7 o'clock when we came back to get changed or whatever. And then 9, 10, or whatever it was when we came back. And so this is why they were like, you must have been mistaken. Maybe they came out the one of the doors next to yours and there literally is at the end of the hall, like it's three doors right in line. There's the door right at the end of the hall, then ours just to the right of it in the corner, like it's on the sidewall and then another one just next to that one. Again, like a foot of just wall space between each of them. So if we weren't really paying attention, like that's a believable, that's a believable argument or that that mistake could have been made because again, if we're further away and we aren't paying close attention, he could have come out of any door and then been almost exactly, you know, within a foot of the same place in the hallway after he had walked out. And at this point my brother was talking to him because I was MC on the peer to peer stage, so I was, you know, introducing talkers and was busy pretty much all day. So he was mostly taking care of it. And importantly, he didn't see exactly which door the guy came out of. He was pretty sure from the trajectory and everything. But he did not see our door open. He. I think he said, if I remember correctly, that he looked up when he heard the door close and then saw the guy. And at that point, he was already pretty far away from the door because he was not. He was not moving casually. He was moving pretty fast. Now, my brother, or when we were trying to work out scenarios in our head as to, you know, why did he leave the room? And kind of doing the math on that is, you know, what if he got.
[00:35:25] What if he stayed in the room? Like, what are the chances that. Does he know my voice? You know, does he hear us walking down the hall, hall. And he says, oh, man, that's Guy Swan. And here I am in Guy Swan's room. Does he know where he is? Does he know that this is my room? And does he know that this is me coming down the hall? So in that scenario, is he recognizing that it is me coming out of coming down the hall and he is in our room and he needs to get out of there immediately, or does he simply hear someone coming down the hall and he's trying to do the math on what the chances of him getting caught are and what the risk of staying in the room is? And so if you're doing this math in your head, it really just only makes sense that you leave, that you get out of the room, period.
[00:36:10] If they sound as if they are far enough down the hall that they're going to be coming out of one of those rooms. Because if we were going into the room at the very end of the hall and he comes out of the room right next to it, well, then, okay, there's no. Who cares? He's just coming out of a different room. It's not our room. If he is in our room, from his standpoint, from the person who he hears coming down the hall, well, then he needs to get out with the door closed as soon as possible so that we don't see which room he came out of. And so if he does that, he's in the clear. If there's no indication that he is in the. That he was in the room, well, then we would just assume that he came out of a different one, because obviously he's not supposed to be in our room, which means that the only course of action, his only chance of getting caught, if he can get out of the room as fast as possible, is staying in the room. It's the only way that he does get caught. And, you know, there's like a 33% chance that we bust up in there and he's literally in the room while we are going in. However, if he can get out quick enough, then it doesn't matter which room he was in.
[00:37:15] It's going to just look like he's somebody at the hotel because there are going to be two rooms in which we assume there's some random person. This is again something that kind of leads me to believe that this was not targeted at me, but targeted at bitcoiners specifically, possibly bitcoin people who were speaking at the bitcoin conference. But again, my brother's taking care of this and talking with them and told them, described who the guy was. And they said they were going to check the hotel cameras and see if they could find anybody. And so we get back that afternoon and they said they couldn't find anybody. There was no one by the description that we gave and no indication that anything had happened. Now the cameras were only at the entrance and exits, the gym, like basically the main, like hotel service locations.
[00:38:07] There were none on the stairs, there were none in the hallway. And unfortunately there were no close and direct cameras right at the hotel doors. So we could not get a close up image of his face. Which if I hold any account to the hotel itself, this is the one that a little bit pisses me off.
[00:38:32] What good are your cameras if you cannot identify people on them? All of them were too far away. We got him coming in and leaving.
[00:38:43] But again, they said, they said that they couldn't find anybody. And so I was like, can we look at the footage? And they were a little bit exasperated and a little bit like, why do you want to see the footage? And I think to some degree, like, you know, they're. They're trying to protect the privacy of their customers. They don't want us just looking through. They were very careful about which ones they let us see, that sort of thing. And of course it obviously doesn't look good for them to have someone have a break in, which is also probably, you know, they probably think we were drunk or high. We went out to a party and had fun with a bunch of bitcoiners at a conference. And so we came back and we thought somebody was in our room. And we don't remember properly. We had. Not drinking at all. I didn't drink. That's not true. I did drink one day while I was there. I had a wine, but it was the day after that, it was the night after that. So we had had. I had no. I had been completely sober for the entirety of the trip. Until like a day and a half after all of this happened. But of course he didn't know that. He just thinks we come back late at night, you know, we've been partying and we misremember something or make too many assumptions. So I'm like, please just let us look at the security camera. Can we look at the security footage maybe? Because, you know, my brother's like half just like, describing him, which he probably didn't have a really good description and what the hell? Like, all I could think is that they were like, we spent hours looking through all this thing and we didn't find anything. I was like, what do you. Do you even know what to look for? I don't know. I didn't believe that. Not that, like, I thought they were being dishonest, but I just couldn't imagine how they would be able to identify the guy. I didn't. Neither one of us could give a good description of him. So we were pretty. We were pretty forceful about this. I was like, I want to look at the footage. And he was like, fine, okay, come back. And they sat us down in front of it. They showed us where the different camera feeds were. And again, they were pretty targeted. They were trying to make sure that we didn't have other people on the camera and that we were taking pictures or whatever of someone else in the hotel.
[00:40:41] But sure enough, in no time at all, I found myself and my brother coming in at, like I said, 9:07 at night. And two and a half minutes later, he was running down same way we came up, running down, running like a little bitch. Just like, just running out of there with his bag, with his shirt. I could, like, everything was just immediately like, no, that's the guy, that's the guy. So we kept looking for other angles in which we could see him. I got a picture. I got a.
[00:41:15] Probably the best view of his face, which was still bad, but the best view of his face. We got a screenshot of the reception camera, which the.
[00:41:26] The elevator was just out in front of the reception area. And it was a glass elevator, so you could see through the wall and everything. And up at the top of that area was a mirror, like around the top. So it all just kind of looked glass and see through, even though there was like a mirror up at the top. But because of that mirror, you could actually see into the main lobby area where the piano and a bunch of sitting area and the stairs were just a little bit in the reflection. And you can see him come in. And I Had to walk it out because the, you know, you're doing a reverse angle in a reflection back out towards a different room that the camera's not even looking at. Trying to figure out which way he was walking and what he was doing. And it appears that what he did when I, when I tried to walk it back out is he came in the door and then kind of turned left like he was headed towards the reception. And then just appeared to look back and forth, I think just to see if people were around or anybody was out. And then turned back around and walked back in towards the lobby. And there was no indication that he went anywhere else, though there were a couple of. Like he could have walked towards the restaurant direction or there was like a little bar and another room in there. He could have gone into there. But I suspect. And what it kind of looked like was that he just headed towards the stairs at that point. So we got him coming in, coming up from down the sidewalk, same way or the walk path.
[00:42:54] Really gorgeous brick walk out in the front of this place, coming up and smoking, actually when he was doing that, which is funny because I don't know where there was.
[00:43:07] I don't know when and how he got rid of his cigarette. Now that I think about it. I don't remember a. I don't remember an ashtray or anything on top. I guess there's.
[00:43:17] I guess I could have just missed it. I'll look back at the. I had to record. I didn't get to.
[00:43:23] The guys at the hotel were not the most tech savvy people in the world. And so I could only record the video of the computer screen of the video rather than actually get to go to the file itself. And I think they didn't, they certainly didn't want a guest just perusing their computer. I had a couple of minutes alone and I thought about doing it, but I could not figure out a way to export the video. And then of course it wasn't in English, so that just made it a lot harder. But he casually comes up at 8:54 and goes into the building. Then we see him on the mirror in the reception.
[00:44:02] Appear to look into the reception area from around the corner and just check to make sure that nobody is there and then go up and look toward the stairs and go upstairs. So we found all of the times in which at least as many as we could find. It's possible some other camera caught him from some other direction, but it didn't seem like anything else was relevant. And unfortunately we had to leave Because I had the fireside chat with the Hole Punch guys, which was so much fun by the way. I got to sit down with Mafentosh and Andrew and David from the Hole Punch team and we had an absolute blast. Got to see Sasha and Ignacio. I mean just, just an awesome, awesome time with all those guys. Hopefully that will be. We can publish that in the feed soon and on the YouTube channel. I know they're editing and putting all the, putting all the footage together, but seriously, that one is going to be awesome. So stay tuned for that episode. But yeah, so we were actually late for that. So we had to get as much as we could and then get out and go meet all of them. We took a bunch of screenshots. And the manager, it's funny too, as soon as we saw the guy running out and identified him, the manager changed his tune completely. So I think he was. Again, I think he had suspected that we had just misremembered, but as soon as I was like, no, that's the guy, he was very, very helpful. And all of them were very helpful after that. So again, I don't really have, I don't really have anything bad to say about the hotel. Like I don't know what I would have done differently in their situation. And with zero logs on the door at all, it's hard to say. Like I would probably be like, eh, you know, it doesn't seem like anybody got in the room. You could have just remembered incorrectly. But I also noticed that or noticed the next day when I was at the conference, it just so happened that there were a couple of guys talking about DEFCON and like serious security things and stuff in the bathroom. To the point I can't remember exactly what they were talking about, but I remember there were a number of things that they said that I knew to be true. Like I knew the level of knowledge. They seemed to have enough so that I probably thought their opinion would be valuable. And so I actually stopped them coming out of the bathroom and I said, let me give you a scenario. And I broke the whole thing down and I said, what would you be able to get? How would you think about it? Like how would you think about him being able to get into the room, etc. Etc.
[00:46:42] First thing that the guy said was hotel rooms are not secure. That in fact, in fact he said something along the lines, if I heard him correctly, that he basically had a device with him that could do it and he does it to show people or whatever, or maybe he takes one to DEFCON or Whatever, as like a thing, just because, you know, that's what the security geeks, you know, think is cool. And that's fun. You know, you want to show somebody. It's like, look, your security, your hotel door is very, very easy to break into. I of course, never really had any delusions about what kind of security that is. And in fact, even from the context of a device that can just like easily brute force or get through a hotel door, that's not even like there are very, very mechanical things, ways to get into a door. Like, it's a door, it's a door with a simple latch. Not. It's not rocket science as to how somebody could have gotten in. And if there is nothing at all logged in the door, it's. It may just be. It may have been a very mechanical thing. And that's another thing that we tested actually when we were trying to figure out the story to this whole thing and piece all the. Piece everything together is that does the door recognize whether or not the latch goes fully closed or if the latch is still open? And it did not seem to register at all. So if like. So basically in that sense, you know, somebody could have just stuck a piece of wood in the door latch hole or put tape over the door latch or something. And if we didn't notice it, then the door isn't going to be concerned and it's not going to. It should, it should log. No matter what happens, it should log whether or not the latch opens. So if somebody manually pushes the latch open or if the latch opens when somebody goes into the room and then never closes, that. That gets logged as an anomaly. It should know whether or not the latch is fully open or fully closed and how much. But if you just hold it, if you hold that latch in and open the door where you use your key, your key card to open the door and unlock it, it will just act as if nothing has happened. It will just release the pressure and then put the pressure back on. But there's no red light indicator, there's no oddity. It doesn't behave as if there's any knowledge at all that this has occurred. For a hotel that nice, that seems like something you put on your doors, honestly, because had it not been for our insistence to see the camera so that we could identify the guy, this would have completely happened as this would have been completely passed off as if this wasn't a concern and that it basically didn't happen because there was no other evidence of it. So anyway, we get the footage, we Lay out the timeline.
[00:49:41] He's got, like I said, 10 minutes, 11 minutes maybe realistically inside the room. And that's if he went straight to us and knows exactly what he's doing. I'm talking to the DEFCON guy and his immediate, immediate reaction is, you know, and a really important piece of this puzzle is that it is asleep and locked. So without my fingerprint or my password, you can't take it out of sleep. Right. But this is a very naive lock as well. This is like basic macOS lock. This is not really encrypted drive lock. I should have cut the computer off entirely, honestly. But the fear then is could he have dumped everything out of ram? Key sessions, browser sessions that are logged into things like, you know, a lot of, a lot of information could have been pulled from the computer. And the DEFCON guys was like, easy to get into a room and I would treat everything on that computer as compromised and I would immediately cycle all of my keys and file a police report, which we literally have not. We didn't even find the police report. We didn't have time to go find the police station. We didn't have time to go mail a thing before we were literally everything that we were obligated to do and then just rush to get to the train station. So I think as long as I can, I'm going to file a police report probably over the phone today. Or I guess it's probably. It's midnight there, so I'll just do it first thing in the morning probably. But I literally still have not filed a police report for this. But then cycle all of your keys and that's what I'll be doing now and have started to do.
[00:51:28] But holy crap, I don't even think I'd completely finished from the LastPass password hack like 6 months ago or something. I had rolled over all of my important keys.
[00:51:38] But it's such a daunting task and everything is a manual. Confirm your email, do this, blah, blah, like it's a massive undertaking and I'm going to have to do it again. But I don't know what else to do. I think that's the smart thing to do. And I think he's right. You know, they could have gotten something. But here's the other thing. So the reason I haven't like rushed with the utmost fear of changing every password under the sun and I have watched a number of different accounts that I am would be concerned about to make sure that people haven't been logging in or there's no weird activity on them. But the thing that got me is that there seemed, no, it seemed extremely unlikely that someone got something off my computer without leaving a single trace.
[00:52:34] And there didn't seem to be a trace. So not only did it not seem like somebody had touched the computer, which obviously somebody could have taken pictures and then put it back exactly the same way, etc. You know, especially if we hadn't interrupted him. You know, like, that's what I would do if I was attacking someone in that way. I would probably do some sort of man in the middle thing. I would. I would try to do anything that I could that would not leave a trace. And if I ever touched anything, obviously I would put it back exactly the same way that I saw it. But how could you, if you didn't have root access, you could pull something from the computer. But my question is, how could you prevent any sort of system logs from occurring, or more importantly, remove or change those system logs in some way? So I started doing some tests, just looking at kernel logging in my MacBook. And while we were on the train, about two and a half hours, headed back to Zurich, I was like, all right, we're just going to run a ton of different tests.
[00:53:33] First thing I did was put it to sleep for five minutes, Just like let it stay closed and sitting there for five minutes, and then ran the logs, the system logs for like three minutes right in the middle.
[00:53:50] Nothing, not a zero, not a single log, just completely blank. Then I did it again and plugged in a USB extension device, you know, with a bunch of different plugs and stuff that has its own little power light and all this stuff. I plugged in a USB thumb drive and I plugged in an HDMI adapter thing, plugged in like three or four different devices, then checked the logs, and there were like 83,000 entries. A bunch of IO port, you know, activation, a bunch of this stuff. And I'm just scrolling through and trying to see if I can make sense of any of it. Tons and tons of different stuff from just plugging those things in in a matter of like over like 10 seconds. Like there's literally like a thousand sec. I mean, 1,000 logs every single second. And again, this is while it was. While it was asleep and locked. And so I did it again and I ran like five or six different tests to just change the scenario and see what the logs responded with, like what actually happened. And then I just plugged in a dead cable, just like cable with nothing plugged into it.
[00:55:05] The kind of like Dumbest charge cable that I had. I mean, all of these things have little computers in them now, every cable, but that's also a thing is I don't really have any generic cables. I, I have very specific cables for every single one of the devices that I have, and I use the same ones. So I know that none of the cables were replaced. And it would be very difficult for someone to know exactly or replace it with exactly the cable that they would need. I know I'm using the exact same cables that I always use, but I plugged in just a dummy USB C cable with nothing in it. For literally a second. I was like, click, click. Like just pull it in, put it in, pull out, pull it out. While it was asleep, like 1200 logs, like that computer was running literally like a thousand things to deal with the fact that something got plugged into that USB port at all. And I checked that without root access, you cannot delete or change the logs. I check the logs for the entire time between seeing him on the camera and seeing him leave that 17 minutes or so from 8:54 to. Or 16 minutes from 8:54 to 9:10. Nothing. Not a single entry, which is exactly what I saw. With the device completely untouched, asleep and sitting still. If I did anything at all to it, the second I open it, like if I just open the computer screen enough to give it a gap where it triggers the light to start turning on the screen or whatever logs like crazy. Again, just a dummy cable. Like the. Anything that touches any of those ports logs like crazy requires touch ID or a password, a manual password in order to delete or edit any of them. Now, there may be a way around that. I'm not saying that this is in any way foolproof, but I think you would need a level of sophistication in the attack that a post to a bunch of cypherpunks on Nostr and on Twitter. Nobody really had a clear answer. Like, obviously it's still vulnerable. Obviously there's still a risk. I'm sure Pegasus or some sort of like crazy state level thing. In fact, I probably should go back through Vault 7. I haven't read it in a really long time. I have no doubt that somebody probably somewhere could get into this, cause some sort of a problem in cause a very big problem for me and not leave any clear indication that anything had occurred or had gone wrong. However, I suspect for the people who could do that, there might not be a huge reason to have physical access to the device. Probably my phone number and my Apple ID is good enough and they would need to be extremely targeted. And they would have to have a very good reason to do it because there's just a lot of other people to attack. Like I'm again, I'm not Julian Assange. Like I'm not that important. I read about Bitcoin. This seems like an opportunistic thief more than it seems like someone who is trying to make an extremely targeted and extremely sophisticated attack. And if it was a very sophisticated attack, well then why was nobody else helping him? We were in the building for like two and a half minutes or so walking upstairs, and it wasn't until we were at the end of the hall that he left the room. Which means that he doesn't have anybody keeping a lookout in the lobby or I mean, we walked up the same path he did. It would have been really obvious if he'd had anybody on the phone or in his earpiece or something saying, oh, here comes guy and his brother. Like just like we said, you know, Occam's Razor. Like he's wearing plain clothes. He was in our room. It's 9:15 at night. That guy is not with maintenance. Like what are the chips? That just doesn't add up. Well, in the same, in the reverse, Occam's Razor, sophisticated, like state level attack here. I don't know. That seems like a straight. No system logs, no indication that anything had even moved.
[00:59:31] Everything seems to suggest that he was entirely by himself and he was just, you know, potentially just going in and out of rooms here. And he did not have a lookout or anybody who was helping him. Maybe he's hired by somebody more sophisticated, but I don't know. That seems like a risk too if you hire a dummy who's likely to get caught. I don't know. Seems a lot more like somebody who's just found an opportunity and thinks that they're going to get critical information or get into somebody's device or find a hardware wallet or some cash. Now, going back to my Bitcoin situation and why I do have some mobile keys with some Bitcoin exposed in a sense like that are on mobile devices with just a single mobile key and where they are encrypted, but they are on, in a digital environment, they are on keepassx or something like that. And this is specifically because I am okay to take a higher risk for a mobile wallet with a mobile key that's, you know, a hot wallet anyway. And I just treat it. I should just treat it with the amount or treat it with the care based on the amount of Bitcoin that I put on it. But I would rather have a backup than worry about whether somebody attacks me by, you know, getting into my keepassx, decrypting that, and then getting the seed phrase. I do not and never, ever, ever keep seed phrases for critical hardware wallets on a Internet device, on a MacBook or a phone or anything like that, encrypted or. No, that is a deep, terrible, stupid no, no, because that entirely defeats the purpose of the hardware wallet to begin with. You might as well just not have gotten a hardware wallet and just made a mobile wallet, because that's what you've done to yourself.
[01:01:27] But this is the ultimate proof of why you should have multisig. If they had gotten into my Proton mail or gotten into my email or some account, or physically gotten one of my hardware devices and had the PIN number, or stolen my laptop and could have gotten into it, I am not worried about the overwhelming majority of my stash being vulnerable to that type of attack because I have offline multisig. I have multiple devices that are offline, geographically distributed, and if any one of them is apparently compromised, it does not compromise the coins themselves. That, honestly, has been the biggest comfort through all of this, is just knowing that the overwhelming majority of my Bitcoin are not susceptible to. Are not really vulnerable to any attack that he could have pulled off. I mean, they're not perfectly safe either. Just because I could. Something else could have been made vulnerable by something he made vulnerable. The bigger, honestly, the biggest threat and the biggest problem that he could have potentially done with just plugging in a device, which may have even been what he was trying to do, was install cryptolocker on my computer. He may have been there to find a critical device and encrypt it. And then, you know, like the thing that they do with phishing emails or whatever, and they try to get somebody's computer encrypted so that they have to pay a ransom to get it decrypted, that seems like the most likely outcome and that we just managed to have interrupt him in being able to do that, because, again, nothing else was missing. I even found in my jeans, pants, pocket, like $200 that I had with me in cash. And that wasn't missing either. Granted, it was in the bag that was on the other side of the bed, kind of in the corner that my laptop bag was leaned up against. So you'd had to really, really go through stuff in order to find it. It wasn't like sitting out somewhere but going forward. Another thing that I'm definitely going to be doing. So not only multisig, not only lock and shut down any device, in fact just don't just take your devices with you for the rest of the trip. I had my back, my laptop bag on my back like a backpack. I did not, it did not leave my sight the whole time. Honestly, that's probably what you should do. Or you should just not bring a laptop and you should bring a travel phone. Like I said, I'll probably have a travel laptop and, or a travel phone. Like I usually have my backup Android and it stays entirely in a Faraday bag, my Android phone, because it's my oh shit phone in case something goes wrong. But I clearly was not paranoid enough about my situation and this I think is the, it's at least my wake up call that I should have been more paranoid, I should have been more prepared and I should be very, very vigilant about the fact that we are vulnerable, that we are very, very likely to be targeted. And that is not going to be less true as Bitcoin becomes more and more prevalent. It is going to be more and more true.
[01:04:44] Take measures to defend yourself. Did you know that you can drop your chances of having a home invasion by like 90% or something like that just by having a camera? Just by having a basic security system? Because one of the biggest things that you need is exposure. Like them getting caught or information getting out of where they are and who they are and time between you and getting your bitcoin distributed multisig and a security system that will identify the police and dogs. Another big one, loud dogs preferably. And anybody who's listening to the show for any length of time knows that I have loud dogs. These are massive deterrents. And it also doesn't help if you have a concealed carry and you are known to have weapons in your house. They are not going to. They want to shoot fish in a barrel. These people are cowards. They do not want a hard task. They do not want something difficult. They want to be able to get in and get low hanging fruit for weak people who do not have any modes of defending themselves and have not protected themselves in any way. They want high, high reward, low cost. And they are explicitly by design of what they are doing and how they are going about it. They are explicitly shitty people who do not want. They are taking the easy way out in every form and fashion and they are letting someone else pay the price of. They're so cowardly. And stupid and wanting the easy way out that they will happily let someone else pay for it. Take the easy steps.
[01:06:28] Take the first three, four easy steps of protecting what you have. Protecting your home, protecting your family. And that's what gets me to the thing that may have happened that I didn't realize until today and has me a bit freaked out. My keys are gone. Not bitcoin keys. My keys to my house, to my car. And I know I had them with me. I know I had them with me because I had to lock the door when I left and my wife, and my wife and son had gone to their in laws. So nobody was in the house. And it was, it stayed locked the entire time. And specifically nobody's been by here. I mean, we've gotten tons and tons of packages. But you know, I have my security system and the camera. I can log in and look at it and see all of the times in which the motion detector went off and saw anyone. And of course whoever stole or wherever my keys are, they are in Switzerland, but I have no idea. I don't, I really don't know where they are. He could have taken the keys and maybe all he was trying to get was access to somebody's house and their address and their personal information and trying to sell it on the Dark Web. As we've covered with a number of pieces by Jameson Lopp, there are literal mafias that break into people's homes that they suspect have bitcoin and hold them hostage, hold their families hostage to give them. It's the five dollar wrench attack. And if you've got somebody's keys, like house keys and car keys, that's a really, that's a disturbing, that's really disturbing.
[01:08:22] And I have been trying to do what I can to make sure that that has not been a risk. I recently got my concealed carry.
[01:08:31] Of course I can't take a weapon with me on the plane to Switzerland, but I hate the idea that somebody might be selling my home address and, you know, keys to get in.
[01:08:48] Or maybe they have enough personal information to look up any past addresses that I have. I just, I don't even know. But you know, I also could have just misplaced my keys. It just seems it would be a very frustrating coincidence if the one time that I misplaced my keys at a conference, I take them every single time because I always have to get back into the house like my wife and doesn't want to stay alone with Rad with my son in the house while I'm gone. So she almost always will travel and we'll have someone house sit or just check on the house every day or something, but she just doesn't want to be there by herself and I don't want her there by herself. So I always just have my keys and I just put them in my bag and then when I get home, I have to dig them out of my bag. I have looked everywhere. I have looked in everything that was inside my. All my pockets, all my hoodies that I had, every pocket there.
[01:09:52] I've looked in every. Everything I can possibly think of. I have looked everything that I'm pretty sure every last thing I've emptied, every last thing that I took with me. I've looked in my sister's car, who. She took me there and she looked underneath the seats, in the cracks, and, you know, it could have just fallen out of my pocket on the train. I called the hotel again and got them to check the room. No indication of anything left.
[01:10:23] I have no idea. I have no idea where the keys are. I do not ever remember having them when I got home.
[01:10:31] And it would be a really big coincidence. I've certainly thought that I had lost them before and then found them. So maybe I will still find them.
[01:10:38] But it also just. I hate it. I hate it. I hate it. That I don't know. And that's one of the things I'm going to do from now on. I'm going to get a motion detecting camera and I'm going to sit it in my hotel room. Regardless of whether I'm leaving in there anything in there, I want to know what's going on in the hotel room with my stuff when I am not there. And you know, I don't. I think it was Giacomo, actually, that we were talking to about this Giacomo Amir, but. Or was it.
[01:11:11] I don't know, it was some. Somebody that we were talking to was just talking about, you know, like the early days is that like, this is kind of a sign of complacency, right? Is that it's been really easy. We hadn't really thought about, like, we just kind of got used to this, going to a bickering conference, no big deal. Everything went great and we came home, no problems whatever. But, you know, back in the old days, everybody was freaking certain that the government was out to get them. Like, we were true paranoid crypto anarchists. And the first couple of conferences and stuff, like, everybody was on like, lockdown. Everybody was super serious about it. You know, more. Way more people were wearing masks. Nobody brought their naive Devices. Everyone was certain that the WiFi was vulnerable, like all of this stuff. And now we just kind of become like, oh, we're just going to a conference and we're hanging out, everything's cool, let's not think about it. And like, we're more vulnerable than we have ever been. And it very much seems that we are in the then they fight you stage. So if anything, if you learn anything from this, I mean, I hope that there is no great consequence. And I obviously, like, nobody is hurt here and I didn't seem to lose anything, but I am going to cycle through every key that I have. I think I'm going to change the locks on the house. I may literally trade in my car and get a different car because it's like, It'll be like $2,000 to change the locks on the car. And I mean, the car isn't like a super. Like somebody steals the car. It's like, ugh, like, okay, I'll just deal with that crap. But if it's like $2,000 to change the locks and the ignition chip and everything for the keys because I don't trust it and somebody else is going to get it, like, that's not worth it. That's not. I'm just going to get a different car. Literally, I'm just going to get. Trade off that one, get rid of the debt and get something better. I didn't even super want this car anyway. This was just convenient at the time. It was good enough and it wasn't horribly expensive and it solved our we have a car so crappy that I'm scared for my family's safety when we were driving around in it problem. And I feel like I'm going to have to cycle every single key in my life very carefully and very deliberately. So I have got a hell of a job ahead of me and already some of it behind me, but a lot, way, way more of it ahead of me. But. And I might get the locksmith out tomorrow. And it sucks. I've got like keys for storage locks, storage container locks and stuff that we're on that keychain. If I don't, if I don't find it, if it has literally been taken by that guy or I just lost it in Switzerland, I can't get into it and I'm gonna have to go, like, prove my id, like who I am. And that's my storage room. And to break into it and get a new lock, I just.
[01:14:09] So much crap. Just frustrating.
[01:14:12] But I mean, honestly, if. If this was Targeted. If they were after my computer, if they were after me, then I may have just gotten luckier than anybody could have been to literally interrupt him while he was in the middle of whatever he was trying to do to the point that it seems like he wasn't able to do it. So if you take anything from this, learn the lesson that I may have fingers freaking crossed, knock on wood, learned without having to pay a terrible cost, but don't let it happen to you. Like, he may have been in two other rooms. Maybe they were just the rooms at the end of the hall. Maybe we were the first one, maybe we were the second one. And the one at the very end of the hall. I have no idea who was in the room. Wasn't anybody that, in fact, I don't think I ever saw anybody come out of it. So I have no idea. I have no clue. And he probably was planning to be in there for a whole hour for probably at least the speaker dinner time slot, which means there's no telling how many people he could have targeted and how much damage he could have done if we had not decided to be lazy party poopers and I had been a dad and just wanted to go home and go to sleep at a reasonable hour. Because that's what you do when you're a dad, apparently. But learn the lesson.
[01:15:35] Please protect yourself. Get your stuff on multisig. Don't carry around vulnerable mobile keys.
[01:15:42] Protect your stuff. Treat. Treat a hotel room like it is your enemy. Treat when you travel. Treat your bitcoins.
[01:15:52] Treat your bitcoins with the care and the concern and the security that they need, that they demand. This is very valuable. It is going to become more valuable. And it is literally cash.
[01:16:04] It is genuine digital money. And people are going to be after us.
[01:16:11] Be careful. Know where your devices are. Have a dummy travel device. Have a. There's actually a really great. I think it was Snowden actually made this software. I think it's called Haven, if I'm not mistaken. And I want to, like, look into that again. But it's something where if someone picks up your phone or your device and tries to get into it, it immediately starts recording. It's his argument or case for this software that they designed was that, okay, your phone is going to be a spying device for government and giant corporations because it's got a microphone, it's got like two, three cameras on the damn thing and proximity sensor and, you know, all of this different stuff. Well, why can't you use it? It's yours. You can use this as a security device for your room. You can set it up and have it motion detect people in the room with the proximity sensor or something. And then start recording in the background and record anybody who tried to get into it and get their face get recording. And logs like, you know, extremely hard to delete logs of everything that they tried to do. You can upload it somewhere. Like there's software and things for these types of vulnerabilities that we can use in our defense. And I think we should all use them. I know I have not.
[01:17:32] Like I'm happy that I did a couple of things that have likely protected me in this scenario, but I haven't done enough. I certainly haven't done enough, especially for the amount of risk that I guess I didn't accept or rightfully weigh that I am in, in my position and the fact that people know where I am and what I'm doing. And also Bitcoiners, we got to look out for each other. You know, when something like this happens, tell other people, try to be prepared so that you don't do incredibly stupid things like me. And go back into the room and just check to make sure nobody took your stuff. And then sit around and think about the scenario for 30 minutes before even doing anything about it. Like, like be mentally ready for the situation as much as you can and have a built in response and prepare it. Not only prepare it, like, do it like your key ritual. Like I've told this to so many different people and I love this. And I think this is the most important thing that you can do. Every single time that you make a wallet, you make a hardware wallet, you make a mobile wallet. It doesn't matter what it is. If you're trying out something, if you're just screwing around, it does not matter. Write down do. Do a key ritual. Write down your backup, write down where it is, store it away in a safe place. And every single time you do anything in or around it, make sure that it is there. And then go through that process every little while. You know, a month or two. Check, double check in your mind. This is something that I send everybody that I have onboarded. I will send a text randomly. I say, are your keys safe? Do you know where they are? Make sure it is fresh in your mind. Think about this all the time. Refresh it and do your ritual. Pretend that you are a super secret agent spy and you're OCD and you know you're the freaking. You're Ben Affleck in the accountant and you know Just role play, doesn't matter, make it fun, but do it every single time and never don't do it. Always, always do this ritual. Well in that same way, do the same thing when you're traveling. Have a system, be prepared for catching somebody or expecting someone to try to get into your device or try to man in the middle you with wi fi or something like that and have something that you know you do have something that you have prepared with to record something on your device. Treat it like an adversarial scenario. Because the real world is increasingly an adversarial scenario. And importantly, you might not just save yourself from damage or risk or some sort of trouble. You might save somebody else like us. Just coming back at 9:07 at night May have literally prevented him from going into 10 other rooms. We have no idea.
[01:20:31] Plan on being attacked and be ready for it.
[01:20:36] People are going to want your bitcoins and some people are shitty enough to be willing to hurt you very badly in order to get them. And I will be totally changing my setup, my process, my ritual for a lot of this stuff. And I'll keep you informed on how to work with it, what I end up doing and how it works.
[01:21:00] And this also might be a perfect case for something like the PEAR stack and creating like single purpose apps and that sort of thing because something that can automatically upload and that you can be connected to without any middleman and encrypted is probably a really, really useful tool to get video of somebody that can't be deleted because there's not even access to it on the devices that they get. You know, how could you use Haven in a remote sense from as a Haven or something like it? And that's another thing is I don't know exactly where like what kind of software there is out there for this. It's. It's a rabbit hole. I haven't really gone down and I also haven't totally investigated what all you can do if you have access to somebody's MacBook.
[01:21:51] And this is also a great reason. Oh man, I wish I had my start 9 router like super, super bad right now because the UX like the. He showed me, Matt Hill showed me how a lot of this stuff, a lot of how their router software worked and how much control you had over your local network and itemized access and control over devices and how easy it was to set policies. Man, that oh my God, I have wanted that for so long to be able to just tell like the Mac address of this computer be like, you're not allowed to talk to anything on this WiFi or on this LAN.
[01:22:26] You know, if I'm concerned about it or I want to be able to bring a device to do something like, God, just having that level of control and security in your home network is just a big deal. So anyway, this is just a call to a PSA to be more vigilant about your security, be more explicit and prepared about what you will do in those scenarios, when or if they arise, and to have a prepared action to know what you're going to do and to practice it, to think about it when you may or may not end up in those scenarios. Because if I had just pulled out my phone, if I had just recorded him in that hallway, this entire situation would be very, very different right now. And we might be able to find the guy and figure out what the hell he was up to and how much he got. Like, I. It could be that the. He has still completely screwed over the person who is right in the room next to me and there's nothing I can do to help that person. They don't even know that he broke into the room.
[01:23:37] And trying to find video of this guy has just made me realize how unbelievably critical that is. To the point that I almost want to just have a. Some sort of a camera running on me at all times that just does a.
[01:23:50] A cycle of like the last 30 seconds or, or the last hours worth of footage. And it just overwrites the oldest block every single time until you say save it or you hit an emergency button or whatever. And then it permanently keeps that last hour, you know, to the point like, I have know people who literally just say that they record all conversations and that sort of stuff for their AI or whatnot, or they've started to do that in more situations or whatnot. Like, I wouldn't do that without somebody knowing. But, man, it's got me. It's got me thinking about stuff like that because if I had just had.
[01:24:35] If I had just had something on me or I had responded differently, we'd have so much more information about what he was up to and could potentially catch him and charge the guy and maybe find out was he hired by somebody else to crypto lock a bunch of bitcoin computers? Bitcoiners computers? Was he trying to dump keys from the RAM of a bunch of devices? Was he trying to get a man in the middle on wifi? I mean, who knows? I have no idea what he was doing. Did he steal my Keys. Did he take my keys? Did I leave them? Did he fall out of my pocket on the train to Zurich? No clue. But if I had set this up like an adversarial situation and I had made not even very serious preparations, just simple things under the assumption that I was putting myself at greater risk when traveling and that I should think about it not as just, oh, I, here's my day to day stuff that I do with my computer and my phone and I'll just do that same thing and have that exact same setup when I am literally traveling halfway across the world in a completely different country, in a hotel that I know nothing about, people that I know I do not. Excuse me. People that I do not know and do not and cannot trust and who have access to keys. And it just the maid, you know, this is the maid attack. Maybe someone was working there at the hotel and saying, well, this is this person's room. This is Guy Swan's room. This is Adam Back's room. So, you know, why don't you just go down the list? Who knows? I have no clue because I did not have preparations under the assumption that something like that might happen.
[01:26:17] So I hope, hope you learned something from my situation. I hope you get multisig if you haven't had it yet. It's so easy. Like literally with use a service if you're, you know, unsure about it. Like the vault at Unchained with CASA has a really easy multisig. I've had a CASA Gold. I don't even really need a CASA Gold, but I've had the CASA Gold program or subscription, whatever the heck you want to call it for, I don't know, like four years or something, five years, I don't know. And I don't have that much on it, but it is. It's kind of like one of my backup things of just like, okay, well, I have this with explicitly with a service. If there's kind of like any really weird scenario or I can't get into my nunchuck for some reason. I just naturally like to have backups on top of backups. And I also like to be able to get to reasonably quickly, not super easily, but reasonably quickly, get to enough funds that I could buy a car, a used car, and get the F out of Dodge, wherever I am, if I was completely cut off from my normal phone, my bank account, you know, basically. So I do have like some mild preparation, but I honestly wasn't prepared for the simple thing. Somebody just broke into my room looking to get access to my device, steal a hardware wallet, something like that. So I hope you learned from it. I hope this helps people to just explain. And I mean this is real, you know, like I caught a guy in my room, he came out and God bless, I hope. I am so worried that I mean he could just have stolen my keys and my address, like personal information, Just gotten anything that he could to sell on the dark web for someone to come and attack us. I don't know.
[01:28:19] I don't know.
[01:28:21] That scares the shit out of me. But all I can do is bunker down. I'm getting every lock in this house replaced. I'm going through physical bitcoin password like every key that I have, I am, oh God, it's gonna suck so bad. But every single key I am replacing, it's all getting swapped out. So I have a couple of days to clean house.
[01:28:55] Actually, you know what, just in case, be very careful about ask for double confirmation if you hear from me on Telegram, especially if I'm asking about any sort of bitcoin or anything even slightly sensitive.
[01:29:09] Make me confirm, make me do a. Oh no, no, make me do a video call like a live video call with you. Be a little bit wary for the next few days at least. Today is Wednesday, October 30th, so I would say until about November 3rd where I can be sure that all of my main communication accounts be wary of messages from me because I do not know if you got anything. Like I said, there's no indication but I don't trust it and I am being very careful about some things and I am going to cycle through passwords on everything just in case.
[01:29:48] So just be wary. Know that there may be some sort of vulnerability and maybe they got to me not because they wanted to get to me but because they wanted to get to somebody that I am in contact with. I know a lot of people in the bitcoin space. So stay vigilant, use multisig, keep your keys off of mobile and Internet connected devices.
[01:30:11] Get a hardware wallet, cold card, bitbox, jade, tap, signer, Keystone. I mean I don't care, just get a good ass hardware wallet and go red team on yourself. Think about your situation as if you are the attacker.
[01:30:28] See what you can go, I mean see what you can get off of your own devices.
[01:30:33] See how you could, how you are vulnerable by attacking yourself. Like I said, stay subscribed, subscribe to YouTube, rumble to this show and I will stay up on how my setup works to help, help explain you know the low hanging fruit on like Protecting yourself and protecting your keys and protecting your family, obviously, again, I'll reiterate. Get a backup ritual.
[01:31:02] Keep your keys off of your devices.
[01:31:05] Get a security system. Security systems are cheap, guys. It is super cheap. It's just not that much. I know you pay $20 a month for some stupid streaming service or whatever that you don't really need. Delete that and get a security system.
[01:31:20] Get a dog if you don't have one.
[01:31:23] Learn how to use a gun and how to keep it safe. These, in my opinion, are the non negotiables and they're also 95% of the problem.
[01:31:40] There's a lot of very simple things you can do that solve the overwhelming majority of attacks and then you can start thinking about the next level attacks and the real serious geographic distribution of your keys and that sort of thing. But do the easy stuff first, do the simple stuff first and stay safe.
[01:32:01] We are, if we're not in it already, we're very close to the then they fight you stage. And that'll be everybody, not just the government.
[01:32:10] So with that, I hope you guys enjoyed this episode. Don't forget to check out. I have tons of affiliates. We have no sponsors right now. This show is basically running entirely on the guys who zap me and who boost on fountain and stream sats and my patreon and those sorts of things. Thank you so much to the audio knots and everybody who supports this show. And if you get a cold card through my link, if you get the like some of the bitcoin board games like BIP 39 and hold up like this is super, super fun by the way, guys. But there's a discount code right in the show notes I literally put together. There's Tom Woods Liberty Classroom, which is like a fantastic homeschooling program with so much like great economics and it is even like a logic class and stuff. I took a bunch of or I listened to a bunch of it like audio books for a long time. But I have a ton of affiliate links. I mean a ton. I like 8 or so affiliate links or something that I put in the show notes that are all great ways that you can support the show. And they're all things that I use, I have used for a really long time or run by people that I really, really trust. Onramp is another good one for multisig and it's a very different model. It's for a custodial multisig which is more kind of geared toward super high net worth or jurisdictional arbitrage or corporate and kind of a business environment for people who are really like, if, you know, doing your own. Holding your own keys is just really scary, that doesn't mean that you shouldn't use multisig. So hopefully those links and tools and places to buy bitcoin, just swan and River. I got my affiliate up there. Those are the ones that I use. And I should get an affiliate for Strike, too. I think I got Strike in there. I love Strike as well.
[01:33:56] They're just the places that I use, the things that I go, the things that I trust, products that I go to, and the things that I trust and the people that I trust. So I hope that that's a decent resource for you guys, and it's also a great way to just kind of help out the show a little bit. And thank you all so much for everybody who does, who shares it out, who leaves a review, it really means the world. This show has only ever traveled through word of mouth. So thank you. Thank you for sticking with me. Thank you for this being on this crazy, crazy journey with me. And I will catch you on the next episode of Bitcoin. Audible. Until then, everybody, take it easy, guys.
[01:34:48] One need not destroy one's enemy. One need only destroy his willingness to engage.
[01:34:58] Sun Tzu.