Casa Blog - Bitcoin Security Made Easy

Recent proposed legislation in the EU has deep implications for private messages, and a crypto exchange encountered a surprising bug. Let's explore more in this week's briefing.

Security researchers withdrew $3 million from Kraken in bug bounty, funds returned


Should security researchers keep their tentacles to themselves? Crypto exchange Kraken shared a bug bounty report Wednesday, in which researchers withdraw $3 million in assets much to the exchange's chagrin.

Kraken Chief Security Officer Nick Percoco took the news to X with a security update in which he said the researchers had refused to return funds and requested a meeting.

"Instead, they demanded a call with their business development team (i.e. their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it." Percoco wrote. "This is not white-hat hacking, it is extortion!"

Security audit firm CertiK identified itself as the researchers in question. It posted a timeline of events and claimed Kraken "threatened a CertiK individual employee and requested to return a mismatched amount of assets in 6 hours without providing repayment addresses."

"We urge @krakenfx to cease any threats against whitehat hackers," the company stated on X.

The funds were returned by Thursday with a small amount lost to fees, according to Blockworks.

🔑 Key Insight: Bug bounties allow security researchers to test an organization's systems and report exploits in good faith, often for a reward. But when there's a disconnect, it can get messy quickly.

European Union floats encryption back-door legislation, postpones vote after backlash


The European Union raised eyebrows this week with proposed Chat Control legislation that would require widespread scanning of electronic messages, even encrypted ones.

The legislation was to introduce an "upload moderation" system. In essence, there would be a mandated tool that slid in between you and all outgoing communications. Your messages would be scanned before encryption took place, in other words, defeating the entire purpose of encryption.

Privacy advocates and security professionals alike pushed back against the legislation, which was proposed with the intention of stopping child sexual abuse. Meredith Whittaker, the president of the Signal Foundation, said the encrypted messaging app would rather leave the EU altogether than take part. 

"Let there be no doubt: we will leave the EU market rather than undermine our privacy guarantees, Whittaker posted on Mastodon. "This proposal--if passed and enforced against us--would require us to make this choice. It's surveillance wine in safety bottles."

As of Thursday, the vote was postponed to a date to be determined.

🔑 Key Insight: For decades, there's been an ongoing struggle between governments and encryption. It's akin to when an unstoppable force meets an immovable object. Something's gotta give eventually. Pay close attention to this encryption debate wherever you are — it has major implications for your freedom tech.

Faraday bags: The next line of defense for hardware wallets

There are some edge cases and security threats to consider once your assets are in cold storage, and electromagnetism is one of them. Unexpected charges and power surges can brick an otherwise working device.

Faraday bags work by redistributing electric charges around the bag's exterior, canceling the electric field's effect on the interior of the bag. This can block signals from electromagnetic radiation — cellular, GPS, Bluetooth, WiFi, RFID, NFC radio waves and more.

Our Casa Faraday Bags are included in a Premium welcome package, along with everything else you need to create a 5-key vault.

Faraday bags: The next line of defense for hardware wallets
Electromagnetism is all around us but imperceptible to humans. This makes it prudent to protect devices containing private keys from electromagnetic pulses.

Security tip: If you're ever in the market for a house, consider getting a garage. This allows you to park a vehicle out of sight of burglars and makes it harder to tell when you're not home.

Don't miss out on future updates

Staying ahead is key to staying secure. Our weekly Security Briefing can help you stay in the know on security, bitcoin, and other digital assets. Sign up for free and get future editions delivered straight to your inbox.