[TacticalCoder]

> There is no crypto scheme, no algorithm, no possible arrangement of private keys and Merkle trees that can escape the reality of men with guns.

On the contrary. It's the only case where maths can defend vs men with guns.

Multi sig schemes spread over different people over several continents make the "men with guns" thing very difficult. Or multisig but m-out-of-n, with a dead beat: if after x weeks you don't hear of person A, person B and C move the coins to a new sig where person A isn't involved anymore.

There are also a shitloads of things you can do with smart contracts. For example you can have a smart contract where if person A's private key doesn't sign anything for more than x weeks ("blocks"), the funds are destroyed.

There also the whole plausible deniability thing: where it's impossible to know where a hardware unlocked with a hardware wallet is the real thing or not.

$5 wrench attack, here's my real password: take the 50 millions. Oops. Decoy. On the other password there's $2bn.

[LiquidSky]

"We have a seizure warrant for your cryptocurrency."

"Ho ho! Good luck, gentlemen! For, you see, I've implemented a multi-signature scheme spread over different people across several continents which requires-"

"Understood. Off to jail with you, then."

[mod]

Sure, but you've made that choice ahead of time. And it doesn't move the coins.

[LiquidSky]

And you can chortle over that in your jail cell to your heart's content.

[mod]

Oh no, not me buddy. See my other comments. I would give away every penny to avoid jail. No wrenches, either, thank you very much.

[justinator]

>On the contrary. It's the only case where maths can defend vs men with guns.

Didn't work in this case.

[zoklet-enjoyer]

They didn't have a system set up to protect against that. Their private keys were on a shared email account

[sillysaurusx]

(Lol. Sorry for the empty comment, but this FTX situation is just a comedy gift that keeps on giving. I imagine in 5 years we’ll still be discovering new things to find funny about it.)

[throweroni]

Holy wow. That's wild.

Ten years ago when my crypto was worth barely anything I had an airgapped, full disk encrypted, RasPi which required a Shamir's Secret Sharing key arrangement to unlock as my cold storage... just because it was something fun to setup.

Here a multi-billion dollar enterprise has less sophisticated OpSec. Just... wow.

[causi]

It was run by a dude who plays League of Legends on conference calls and openly encourages his employees to take amphetamines to increase their job performance.

[DuskStar]

> dude who plays League of Legends

A dude who plays LoL badly. Embarrassingly badly for his number of games.

[thaumasiotes]

That is weird. If you're going to make League of Legends such a big part of your public image, you'd think you'd put at least a little bit of effort into it.

[justinator]

That's on the level of this story,

https://news.ycombinator.com/item?id=33536676

[alexeldeib]

Pragmatically I agree with you.

But in GPs defense, I don’t believe these were multisig wallets with geographically distributed individuals in control. It was 1/1.

Nonetheless, a metal pipe is a good counter to crypto.

[justinator]

I fear if Bad Guys want money and you tell them something like, "you can't get it, it's on multisig wallets with geographically distributed individuals in control", that's still a You problem and you've only bought yourself a little time before they come back to collect, and/or break your legs if they can't collect.

I may have to file this one under, "everyone wants to be a gangster until it's time to do gangster things"

[Semaphor]

At that point you are at "People want money you don't have and are willing to break your legs".

No relation to crypto or even who you are anymore.

[justinator]

Unfortunately, if you owe bad guys money, they'll want it, no matter the excuse you give them.

>No relation to crypto or even who you are anymore.

The relation with crypto is that crypto doesn't solve this problem either.

[Semaphor]

It solves the problem, that the money is protected (in the same way that I assume something like "manual multisig", which I assume exists, solves the problem in traditional banking).

Nothing can solve the problem of protecting you from "bad men" who want to hurt you and don’t care about anything else.

[lbwtaylor]

> $5 wrench attack, here's my real password: take the 50 millions. Oops. Decoy.

I don't understand how this defeats the wrench attack.

Presumably you aren't released until the actual tokens are in hand, so decoys just make the attacker angrier.

[luckylion]

"You can beat me all day, but it's impossible for me to fulfill your demands, you'd also need to beat these other four people, and they're located all over the globe."

Someone might be quite happy to engage squads in lots of countries to kidnap and beat everyone if the payout is billions of dollars, but it's a very different problem and e.g. the Bahamas government or some local thug won't be able to do it. I have no idea how large a cartel would need to be to have reliable operatives on the ground in lots of countries, and I'd assume if you're part of a group holding the keys to those amounts of cash, you're going into lockdown when two of your associates suddenly vanish.

[Vespasian]

Sounds like an operational Challenge but with billions on the line people will consider it.

Perhaps one or two if the multisig holders are already on board and will "reassure" the others that everything is fine.

Or one government (like the US) coordinates with others to get it done.

[luckylion]

Sure, but that's a tall order. The US cooperating with e.g. China, Russia and the EU to get everyone? Or the US running covert ops in China, Russia and the EU to take the money themselves? Both are a very different situation than the US simply sending a cop to some address and asking the person living there to please come with them to the station.

For criminals, it'll also be a huge operation, and it'll come with insane publicity which criminals typically don't like. Who's powerful enough and willing to potentially burn their existence in entire countries for such a payout, when they make billions a year?

[Vespasian]

There might be a sweet spot where the payoff is large but the notority is low (think about one criminal organization going after the other).

Unless there are street fights, people will not care that much.

Or perhaps political opponents in unstable countries.

On the government side the USs reach is far and criminals are not always willing (or able) to go beyond it. Maybe coordinating with China won't happen, but let's say Japan, mexico and 2 EU countries is not out of the ordinary.

There are busts happening almost every year on that scale

[philwelch]

Sometimes the men with guns are also distributed across multiple continents, and the only way to protect yourself from them entails making a deal with other men with guns.

If you’re part of a multi signature scheme and you’re hiding from US authorities in, I dunno, China or Russia or Pakistan or Afghanistan or Iran, there’s (a) not much stopping Uncle Sam’s boys from sneaking up on you anyway if they’re sufficiently motivated and (b) some local men with guns whom you might need to deal with as well.

In reality it’s probably not worth it for the US to track you down to the ends of the earth and/or get the CIA involved if you’re just trying to sneak some ill-gotten money out of the country, and it’s a lot easier for one of your multi-signature holders not to get caught than for the authorities to simultaneously catch up with a quorum. And maybe your group includes some people who really don’t mind living the rest of their lives in these types of places.

But for those of you who live within the greater American empire, the price you pay for keeping that money out of Uncle Sam’s hands is going to include keeping it out of your hands and also you go to prison if you ever get caught. Which is probably a bad deal unless you’re a drug cartel or some other group that’s already sort of priced in that outcome.

[usrbinbash]

> $5 wrench attack, here's my real password: take the 50 millions. Oops. Decoy. On the other password there's $2bn.

Somehow I don't see state actors falling for that, especially when they have a rough idea of the actual numbers involved, based on the shitton of angry people, some of which are very rich and very well connected, clamouring about it.

[causi]

"Hey trick your friends into helping you give us the funds or we throw you under the jail."

[Herbstluft]

XKCD 538 comes to mind: https://xkcd.com/538/