Casa Blog - Bitcoin Security Made Easy

We’ve seen a notable uptick in personal attacks against bitcoiners so far this year, which makes physical security a critical focus for anyone holding bitcoin.

One tactic we’re often asked about is duress wallets. Is it possible to thwart an attacker by giving up a smaller stash of bitcoin than the rest of your holdings? While it may seem tempting to try and lay a trap in advance, duress wallets are a questionable practice for a multitude of reasons.

What is a decoy/duress wallet?

Duress wallets (also known as decoy wallets) are a strategy often recommended to travelers and tourists who are more susceptible to mugging when they’re in unknown lands. The idea is to maintain a bitcoin wallet that is either phony or securing a smaller amount of assets than the rest of your stash.

In this scenario, if an attacker breaks in and holds you or your loved ones captive, you could theoretically give up a throwaway device with a relatively small portion of your total bitcoin holdings to entice them to let you go.

But would it really work? Debatable.

The effectiveness of a decoy wallet is questionable at best. There is no way to know how a criminal will respond.

Part of the problem analyzing the effectiveness of this strategy begins with asymmetric information. When you’re targeted by someone you don’t know, it could be random like a chance encounter on the street. It can also be the result of an extended period of surveillance. But if you end up ensnared, an attacker is unlikely to tell you how they found you. This is especially true for organized crime, which has recently proven capable of dragnet physical and digital surveillance on crypto investors.

A bitcoiner’s guide to organized crime
Organized crime rings are targeting crypto holders. How can you protect yourself from becoming a target?

Attackers count on the element of surprise. If an attacker is targeting you, it’s best to assume they know far more about you than you know about them. You don’t know their profile, what they know, their motivations, or what they expect. 

Given these unknowns, it’s impossible to tell if offering them a token payoff will appease them or anger them, much less anticipate it in advance.

Duress wallets are a double-edged sword

We don’t have much historical evidence that duress wallets help or hurt — they are a completely speculative defense mechanism. We do have one data point:

There's also a data point from this crime wave where a victim refused to give up a password and told attackers to just shoot her. The attackers took other physical items and left.

Inside a Violent Gang’s Ruthless Crypto-Stealing Home Invasion Spree
More than a dozen men threatened, assaulted, tortured, or kidnapped 11 victims in likely the worst-ever crypto-focused serial extortion case of its kind in the US.

People who operate outside of the law tend to also operate outside of our understanding. There is a major difference between plotting potential negotiations on paper and carrying them out when your or someone else’s life is on the line and you’re dealing with a counterparty of unknown mental state. 

For all you know, giving up a duress wallet can lead to an assailant concluding that they hit paydirt and they could potentially squeeze you for more. I have heard stories of bitcoiners who were extorted into paying off an attacker who threatened violence, only to have them come back later asking for more.

On a personal note, I myself was extorted in 2017 by someone who swatted me. They demanded $50,000 in bitcoin or else they’d “do something even worse.” I chose to spend that money in a different manner, and instead publicly offered a $100,000 bounty for the attacker’s identity. My strategy paid off and the attacker was eventually caught!

Operating a duress wallet

There are also several questions about maintenance and how far you go to make the duress wallet look believable. What amount of assets is reasonable? If you use a “duress PIN” on your hardware device, like what the Coldcard supports, but you almost never actually use it, who’s to say that you will even remember the special duress PIN when you’re in a life-threatening situation?

There’s also the possibility that your attacker knows bitcoin through and through. If you set up a duress wallet now but don’t get attacked for many years, will the attacker get suspicious if they check the transaction history and see the wallet hasn’t sent or received funds in a really long time?

The answers to the above questions are hard to qualify and make decoy wallets a shot in the dark for deterring an attacker.

Misleading an attacker with a duress wallet could lead to legal complications in a few ways. Naturally this will vary from jurisdiction to jurisdiction.

  1. Escalation of Violence: If an attacker suspects they were misled, it might escalate the situation, potentially leading to violence or more severe threats. Authorities could argue that your actions increased the risk of harm, which might affect the outcome of any legal proceedings.
  2. Potential Liability: In some jurisdictions, if your actions are seen as contributing to a dangerous situation, you might face legal scrutiny. Although you are the victim, authorities might assess whether your actions unnecessarily provoked or escalated the criminal act.

It's important to note that the primary legal concern in such situations should always be personal safety. Legal outcomes can vary widely based on jurisdiction and specific circumstances, so consulting with a legal professional regarding such matters is advisable.

In conclusion

It’s not that easy to put yourself in the mind of a criminal, let alone bet on it. Duress wallets are an unreliable defense that guarantees the loss of some funds.

The best defense against being physically attacked is strong privacy and operational security — don’t become a target in the first place!

The best defense for your bitcoin is to secure it with multiple keys distributed across multiple locations. Casa’s vaults can help you do just that with multisig protection, leading-edge tech, and best-in-class support. Learn more here.


Don't miss out on future updates

Our weekly Security Briefing can help you stay smart with your protection. Sign up for free and get future editions delivered straight to your inbox.