Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001

Navigating the Perils of Crypto: Breaches, Security, and Safeguarding Your Digital Assets

Craig Petronella

Imagine discovering that the very foundations of your financial security have been compromised by one of the most infamous crypto-heists in history. That's the chilling tale we unravel from the 2016 Bitfinex breach, with a staggering $4.5 billion at stake. We join forces with cybersecurity experts and dive into the cutting-edge blockchain forensics that led to the recent arrests, providing a glimmer of hope in the dark abyss of stolen digital assets. As your guide, I share invaluable strategies for fortifying your cryptocurrency investments—think cold wallets and micro-transactions—not just to protect your wealth, but to ensure its rightful transfer to your heirs.

But the perils lurking in the crypto-verse don't end with exchange hacks. Have you ever had the feeling that something's too good to be true? We dissect the 'pig butchering' scams that prey on investors through sophisticated social engineering, and I'll recount a personal brush with these cunning con artists. The episode becomes a stark warning about the craftiness of digital predators, while also equipping you with the armory of knowledge needed to build a fortress around your digital assets—multi-signature wallets, encrypted physical backups, and all.

As we round off our journey, we scrutinize the influence that glitters from the world of crypto influencers, where not all that shines is gold. We question the hype, dissect the endorsements, and underline the importance of due diligence. I emphasize the unique strengths of Bitcoin and the trustless technologies that underpin it, urging listeners to embrace self-reliance in the wake of rampant cyber threats. So, if you're ready to navigate the complex currents of cryptocurrency and cybersecurity, this episode is your beacon in the storm, illuminating the path to safeguarding your digital treasure.

Support the showCall 877-468-2721 or visit https://petronellatech.com

Please visit YouTube and LinkedIn and be sure to like and subscribe!

Support the show

NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.

Support the Show

Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:

Blake:

Hey everybody, welcome to another episode here of Cybersecurity with Craig Petronella. Obviously, I have my boss and friend, craig Petronella. We're going to try a new format here. I think Me and Craig have been talking a lot about breaches and how things happened. Obviously, here at the Cybersecurity Company, we focus more on a defensive approach. What we think we're going to try doing here in these next follow-up episodes is we are going to be analyzing breaches, things that have happened recently, looking at them under a microscope and seeing how obviously hindsight is 2020. But what could have been implemented to prevent things like that. Hopefully you guys will have some great takeaways from that and hopefully you guys will learn. Today, craig thought it'd be a great idea to talk about the Bitfinex, which is a huge, huge, huge security breach. I think they took at the time it was $71 million in crypto, but now that is worth $4.5 billion because this happened a while ago. Craig, give us a little executive summary of what happened with Bitfinex and why this is important to cover.

Craig:

Sure. So Bitfinex was a popular cryptocurrency exchange where people would buy, sell, trade Bitcoin and other cryptocurrencies. Back in 2016, they suffered a hack of approximately 120,000 Bitcoins stolen. We wanted to bring you up to speed of what happened with that hack because obviously 2016 is a long time ago. We're in 2024 now, so why are we talking about this now?

Craig:

Back last year, around August of 2023, special Agent IRS, as well as a team effort with the FBI because the blockchain and distributed ledger technology is all public record they were able to analyze and trace the crypto that was stolen and they basically traced it down to a couple in New York Heather Morgan and how do you say the name? Eila Lichentine, something like that. So they traced it down to those of the folks that stole it. Like Blake said, it was about $4.5 billion worth roughly on August 3rd of 2023. With Bitcoin's recent rise of about $57K per coin, I'm sure that's a lot more now. The point is that we wanted to kind of take a different perspective on giving you guys more insights from a crypto and cybersecurity forensic lens, opposed to just kind of giving you highlights in news, because we were talking and basically concluded that you guys are probably getting the news already. We like to give our take on the news, but I thought, and Blake thought, it would be interesting to kind of see if we dove a little bit deeper into the depths of how we would view from a forensic lens and from a cybersecurity and, in this case, a crypto lens around. What happened, who suffered, what is our take on it? What could you do as a consumer to protect yourself? All that fun stuff.

Craig:

So, basically, these guys got caught because, like I said, all the crypto trading is on blockchain, which you can't fudge or fake. It's all immutable and anybody that uses cryptocurrency for cybercrime basically, your days are numbered, because they will find out where the breadcrumbs lead to. And oftentimes, like with Bitfinex, they actually didn't require what's called KYC or know your customer. So, at the beginning of when the cryptocurrency exchange was very active, they didn't really know a lot about the people using the exchange, which, for obvious regulatory and compliance reasons, is a big red flag, because if the exchange was being used for illicit activities, if you don't know who your customers are, that's a problem, right? So how could you prove that there wasn't funding of terrorist organizations or sanctioned countries or all sorts of bad stuff, right? So, circling back to this particular topic here, everything was traced back to this couple. They're put in prison, I believe, and the government seized most of the Bitcoin that was stolen and the people that were on this exchange that suffered the hack and left crypto on the exchange. They suffered losses. So they're trying to much like what happened with the FTX exchange. The regulatory authorities are trying to work together to basically make the people whole again.

Craig:

Well, giving our take on this, first of all, the cardinal rule is you shouldn't really store your crypto on an exchange. If you're trading crypto on an exchange, you should avoid storing your crypto there, wherever or whenever possible. And again, none of this is any kind of financial advice. We're just giving you our cybersecurity perspective on best practices and security. But any questions, blake? So far, I mean.

Blake:

Something that I think is really important is, obviously, we know what happened, but we don't know why it happened, and so, for some of you out there, bitfinex failed to distribute their security tokens, so they had put two security tokens out of a total of three on the same device, so only took that hacker or this couple gaining access to one device which, in lead, compromising millions and millions of dollars. I think it's pretty important that maybe we should hammer home on how you can properly store your security keys I mean, we talked about cold wallets before in the past Maybe any other steps that you might take to distribute the security tokens or the past phrases, the security keys for said wallets.

Craig:

Sure.

Craig:

So obviously, what Blake's talking about is called a cold wallet, basically a cryptocurrency wallet that is not connected to the internet. There are different manufacturers makes models, etc. We're not going to endorse any specific company or, you know, we're not making commissions or any kind of thing like that. By recommendation, you know, providing a recommendation to you, I'll kind of give you my perspective and my take on it and you can kind of take it for what it's worth. So the majority of crypto users that trade crypto, they're probably not the most technically savvy and if that is the listener, my best advice would probably be to use something like what's called a tangent wallet. I don't know if Blake, if you've ever seen them. They look like kind of like a metal credit card. I don't even know if they're metal, they might be plastic, but they kind of look that way. They're kind of the 1.0 version was black with white graphics on it, and I think the 2.0 version has all black. Anyway, it's an NFC, near frequency type of card that you tap, like to the back of your phone to authenticate transactions.

Craig:

Okay, now there has been speculation and some concern about this particular tangent wallet and company. Because here's the deal, folks when you are putting your money on, or crypto on, a cold wallet, you do have to have some kind of trust with that vendor. Right? And I don't know about you, blake, but you may have heard about the recent stories with ledger ledgers another you know make a manufacturer of a crypto wallet. The problem with ledger recently has been with their communication around. They were trying to I think they were trying to do something good by giving users that use ledger devices a way to recover their seed phrase if they were to use it. So they they launched this like recovery service, but it spooked a lot of people because of the way they went about communicating the launch and basically they lost a lot of trust in the community because people thought that, hey, if they can recover wallets for people for a fee, they must have access to my private key, and that spooked a lot of people, including myself. So again, going back to tandem, tangums are super easy, super inexpensive solution. I think you can get like a three pack of them for less than a hundred bucks, which is cheap in the crypto world.

Craig:

If you want something very technical and high end or extreme, they have a product, a different brand, called engrave. There's an engrave and a graphene model which a graphene is is a metal plate that you store and punch your seed phrase onto. God forbid if you had a fire or something that destroyed your, your crypto seed phrase. If you don't have that somewhere else as a backup, then you're dead. You're, you know you're going to lose your money. So there's different. You don't have to buy an engrave just to get that technology. You can certainly go on Amazon. They sell plates that you can buy to store your seed phrase. So obviously you never want to store your seed phrase and you don't ever want to take a picture of it. You never want to store it online anywhere. Don't put it anywhere digital and whenever you're writing the seed phrase down, make sure you do it in a very private area with no cameras and nothing that's near you to you know, to prevent any kind of compromise.

Craig:

So tandem is probably the you know the the best recommendation for your everyday average user. Right, I can say at this moment, ledger I have concerns about uh. Treasure is a another popular one. There's some limitations. If I had to kind of give my take on it, I would probably choose a treasure based on the climate, um over a ledger at this very moment. Um, that's just my opinion. I have a treasure. I have multiple wallets. Part of what I do is I vet and test all different security products and tools. Um, I had some issues with the treasure model T with the touch screen. It was kind of finicky to me, in my opinion. Um, the tandem I've used. I like it. I did have valid concerns with tandem because, um, the first version of tandem, you don't know your seed phrase.

Craig:

They generate it. They claim to generate it encrypted when you open the box, like when you do it, but you're still trusting the company with this right, so you're trusting that the app developers. There's nothing happening behind the scenes. You know you're trusting. You have this trust in not only the software but the vendor, and you're just taking risks with pretty much every company that you choose. So you just have to kind of choose carefully.

Craig:

So, in my opinion, opposed to just choosing one vendor, I choose all of them. I choose many different ones and kind of spread things around this way. If one of them were like, let's say, ledger gets, you know, hacked or something and maybe somebody exploited their recovery service and then all of a sudden, everybody loses their crypto that has a ledger wallet. Well, at least I don't have all my eggs in one basket. So that's my best advice for you guys listening, you know, don't choose one making model, kind of distribute your your, and I recommend the same with banks too. I mean with with normal money. You shouldn't have all your money with one bank. You should have multiple bank accounts for FDIC insurance and all that fun stuff. But the end grave is probably the most secure that I've heard. It is an air guy wallet that has a built in camera, that that uses the QR, qr code functionality, so that one. But again, it is cool, it has a nice screen, it's a hardened, embedded device. But again, you're still trusting end grave. Like you, like the average person's not going to know the code that's happening behind the scenes, right? So you're still trusting the vendor and all these scenarios. So anyway, the summary here is story or crypto on some type of cold wallet, maybe one of the ones that I mentioned.

Craig:

I do not recommend a software or a hot wallet that like what was the? You remember the one that the popular one that people would download, electrum. I don't know if you guys heard, but Electrum is a software wallet and I've done investigations where I actually found a bug in the software that caused unspendable tokens. So what that means is, when you open or set up a brand new wallet, the first thing, as a best practice, you're always supposed to do, is send a microtransaction out and in to make sure the functionality of the wallet works Well. A lot of newbies and new users, and sometimes seasoned users, they skip that step. They don't do that. They just buy crypto and then they store it. Well, in this case, with this particular software, there is a bug and it caused what's called an unspendable wallet. So all the coins that people were storing they're unspendable. You can't move them out of the wallet, so they're locked up forever. So that is a really bad eye-opening experience.

Blake:

So obviously we know a lot of people out there have crypto, but not a lot of people know how to protect it. So if you could give obviously we talked about cold wallets and storing the past phrases If you could give top five, maybe takeaways, to our listeners, here's things you need to make sure you've put in layers we always talk about cybersecurity and layers like the onion If you could give them five different things that they could use to take away. Obviously we know about using a secure platform. Stay away from shady crypto exchanges. Take your crypto off the exchange, bring it into the cold wallet. Obviously, don't use one, two, three, four, five as your password, of course, enabling 2FA, but beyond that, what else would you recommend?

Craig:

Well, at first you have to check your rules and regulations of your country right. So in certain countries, like in our country in America, you have to use a KYC enabled exchange and you have to go through that process of proving your identity and working with the exchange. And when you move your currency from your bank to your account, like Blake said, you definitely want to have best practices with security, so try to use a very long, complex password that is unique to that platform. Don't reuse that password anywhere else. Ideally, use a password manager that's encrypted. Use multi-factor authentication, but do not use SMS for the tokens. Use like Google Authenticator or Microsoft Authenticator. Those apps are much, much more secure.

Craig:

When buying the cryptocurrency of your choice on the exchange, they typically have a waiting period. I forget what it is. I think it depends on the level of KYC that you do, but I think it also depends on how much money might be in your account. There's some restrictions there and there's a waiting period before, like you can't just go buy Bitcoin and then move it immediately off. They make you wait a period of time, and I can't remember exactly if it's two weeks or something, maybe a little longer. It may depend on your KYC details, but once the time period is done I know a popular exchange like Coinbase, for example they have what's called a vault function.

Craig:

I have tested and used the vault. In my opinion, I don't like the vault. I think it's a good and it may be a good step for some people, but basically, what it does is it locks up your crypto in a secure area called a vault, where you have to do not just multi-factor, like to your Google authenticator, but then you have to have a second factor to your email, and then you have to have another email address that's not your main email. You have to do another token there, and then you have to wait 24 or 48 hours before and you have to re-authenticate all that stuff again, and then you can get your crypto out. So I mean, in my opinion, a cold wallet is much better. It gives you more control. I could see certain instances where maybe somebody might like the vault function, but that's just my opinion on that. So, anyway, after you go through all those steps, you move your crypto to a cold wallet, like one of the ones that we recommended, and then, when you do that, though, you have to really study the process around how to properly transfer that, because if you make a mistake when you're moving it from Coinbase, for example, to Tangem, if you type something wrong or you've got malware on your device and they kind of middle man attack and intercept, you're subject to losing that transfer and there's nobody that can help you. So you have to be really careful about your privacy and where you do this and triple check everything and always do micro transactions first. I mean, it's not going to hurt to do like a.001 or small, like $20 or $30 of a transfer and then make sure the wallet works and then transfer more. There's a cool function that I know Coinbase has that it'll actually remember. So if you have a cold wallet, it'll say, oh, you sent this wallet before. So there's some kind of checks there that are handy, I think.

Craig:

I think also it's good to have multiple exchange accounts so that if there was an issue I know that in the past, in 2021, when things got crazy, there were some issues with exchanges getting overloaded and things like that. So you never want to be stuck in a position where you just can't either sell or get out if you want to sell or transfer and you're stuck. So you always want to have multiple options. So again, like I said before, multiple exchanges are good, making sure you leverage, like Blake said, the layers.

Craig:

You want to have good antivirus software. You want to have good what's called EDR or more modern antivirus that has heuristical and AI based scanning tools. We have some different layers in our stack that we recommend. You want to have XDR, ideally on your network to make sure that there's nothing you basically have to do like a lot of prerequisite layered cybersecurity to kind of get yourself up to security standard before you should attempt any of this stuff, because if you skip all that it's kind of like flying blind and then if you're in trouble then you've got a big problem. So it's better to have a lot of these layers in place as foundational.

Blake:

Something that I don't hear a lot of people talk about. What I think definitely should be talked about more is, obviously, I mean, there are computer cafes. People still do rely on computer cafes for accessing the internet sometimes. You know, obviously you're not gonna, you know I wouldn't access your bank account or any, you know, secure financial information from said cafes. You know, obviously, public Wi-Fi also is the same. So if you bring your laptop to a library, you know obviously Avoid accessing your bank account and your, you know, your cryptocurrency or your, your crypto exchange through that.

Blake:

And something that I don't really hear a lot of people talk about is, obviously we a lot of think about. You know, obviously, people who are considering, who are keeping crypto or preserving crypto for the long period of time, like we're, we're, we're bullish and we're holding right most of us, um, but you know something that we I've never really heard you I talk about is you know, let's just say, for example, something happens to you. You know, um, you know, obviously, handing. You know making sure that wealth gets transferred, you know, to your children or your family, yeah, so those are good.

Craig:

So touch on both of those real quick before you you go on more depth. So the first one the reason why you don't want to do crypto trading or bank bank account work in a cafe or an airport or a busy area is because hackers have been known to Transmit fake cell towers and fake Wi-Fi networks that mimic what you think is real. So, like, let's say, you're at Starbucks and Starbucks has a Starbucks guest network, hackers are known to Put their like, set up their own network that broadcast the same name and Get you to join their network Instead of the real Starbucks network, and the reason why that's bad is, once you join their network, they can then run penetration tools and hacker sniffing tools to then sniff out your Transmissions and your communications. So this is why you want to use encryption, like keystroke encryption and VPNs, and ideally not connect to One of those networks. You want to connect to a private network, like your cell phone provider or a business VPN or something that you know you can control, because in the event that a hacker is still on the network, that makes it much harder for them to penetrate through those layers. Right, so that that's why you don't want to do those things unless you have those additional safeguards and layers in place, and then it's still risky, but you're. But the more layers you have on, then the less likely you are to get hacked and the more the hacker has to work harder to get to you. So you know, your mileage may vary, but the point is the more layers you have in place, the better protection that you have. And then, moving on to the other point around Crypto and your family and your spouse, is absolutely valid points.

Craig:

The nice thing about tandem and other cold wallet solutions is I don't know if you know this, but let's say you have a ledger device, a cold wallet, and you you can actually take a different brand Cold wallet and clone that ledger device. Did you know that? I didn't? So you can take a ledger that, let's say, has a 12 or 24 word seed phrase, which is a bit 39 standard seed phrase. Right, you can take that, wall, those 12 words and I can buy the new tangent 2.0 does support seed phrases. I can restore a wallet to Tangent so I can have a ledger on my left side and a tandem on my right side, and there are the exact same wallet, but just you're using two different manufacturers to communicate with that wallet. Does that make sense? Yeah, yeah. So in that context you can then clone like two or three of them and then give them the family members and then give them the Pin or whatever. So then in the event that you get hit by a bus God forbid something happens they can control your funds. Obviously, you have to trust them because you don't want something to happen that While you're live, you know. But my point is that that's a layer of redundancy that you can choose.

Craig:

With tangium you can buy the three packs. You could have three different backups and you can distribute those in different places, so like family member, another part of the country, whatever, and you can do that. They have what's called multi-sig wallets where with a multi-sig wallet, you actually it's kind of like two keys to open the lock, so both sides have to have to submit. There's a. Have you ever heard of Shamir? I haven't. No, shamir is a is a type of multi-sig. So if you, if you look that up, it's, I forget it's a. It's longer than your typical. It's longer than your typical C phrase.

Blake:

Okay, here it is yeah.

Craig:

Here we go. So Trezor has a model that supports the Shamir. So basically you need to have how many. It's called two of three and, okay, 20 words. That's what I was looking for. So Shamir backup uses 20 word shares with 128 bits in strength, and then you could also do a 33-word share.

Craig:

So basically, in this context, you have multiple seed phrases and you have to put them together to be able to control the said wallet. So that's another option for family members, or you could do like a two of three. So this way, like two people would have to be able to be controlled, in control to be able to make a transfer. So that's an option, obviously, at its bare-bone minimum, you could put that seed phrase in your will or somewhere safe and secure. Again, you have to really protect that thing, because you don't want to even put that with like a law firm, because if the law firm gets hacked, then your wallet's going to get drained. So just be real careful. The graphing plates that we talked about they have some encryption options as well, where you can get multiple plates that have to be stacked together to get to your seed phrase. So if you give one plate like if I give one plate to Blake and I have a two. I have the second plate. He can't do anything with that first plate without my plate, right?

Blake:

So that's another option. I like that. That's a great option.

Craig:

Yeah, so that's my favorite, my opinion. But yeah, those are all ways that you know. There's another thing that's going on which gives a good segue into this topic. Have you ever heard of pig butchering?

Blake:

Well, I think we talked about it briefly, but you probably need to refresh my mind because you know I'm running at 110% right now.

Craig:

Yeah, so it's a weird name. Pig butchering is a nasty scam that's going around where you get a text message.

Craig:

typically it starts with and it says something like hey, and then you write back and you're like I remember or whatever you know, and so the person tries to social engineer you and trick you into roping you into this conversation and relationship, and then the hacker persuades you to move off a text to something like telegram or signal and then get to know you more there and then introduce you to a oftentimes a cryptocurrency investment opportunity of a lifetime, where they paint this story around getting you access to insider information, where you can get access to coins that the public doesn't know about and you can make all this money. Well, long story short, after they rope you in, then they show you and invite you, they get you to buy crypto on a popular exchange and then move your crypto into the system, and then they get you to what you think is put on an app on your phone, but it's actually not an app. It's actually a malicious website that looks just like an app. And then they fund it and then in a couple of days, you see all these returns.

Craig:

You think you see all these returns and how much money you made, and they persuade you into thinking that you're making all this money. And then you try to cash out and then they're like oh no, you can't cash out, you have to pay 10% of whatever your balance shows. So let's say you put in like $10,000 and fictitiously, you know, grows to a million dollars and you want to cash out. Then they say, well, you need to pay 10% of a million dollars to get you money, and so they keep bleeding you dry of all this money and then the whole thing is a scam and it's all called pig butchering. It's all over the news. Some people have lost tens of thousands, some people have lost hundreds and some people have lost millions of dollars to these scams and it's really sad how a lot of people get tricked into this stuff, but it's a nasty thing going around.

Blake:

I wanted to touch on that because this you refresh my mind and I told you about my experiences with this, and so there's certain ways that at least it happened to me I didn't never get butchered, right, I knew what I was doing, but I essentially was stringing them along to see this scam unravel and a lot of people. What they'll do is they'll go on Facebook and they'll create a copy of your friend, right, and it'll be like you know, craig Petronella, my Facebook friend, and then he'll do the same picture and the same bio and then he'll go in and add the same friends and then they'll be like oh, you know, how have you been? All of a sudden, they're striking out this conversation with you. Oh, how have you been? Like, I've been doing this really well, you know. Then they'll lead you into the crypto investment opportunity, or the other one, in my case, was somebody just randomly added me I've never seen them before and it so happened to be just, you know, just a random username or the random picture.

Blake:

And, yeah, you know, they wanted me to go into cash app by Bitcoin, which I did. And then they're like oh, register for this exchange and this exchange was. It was like based off some type of Singapore exchange or something or some type of crypto. I'd never heard of them. But yeah, I mean, you logged in, you had the opportunity, you can go there and click fund your account.

Blake:

Whenever you fund your account, you have to reach out to support. Support will generate a wallet for you and then, of course, you fund that wallet and then, and then, yeah, you know, obviously, like Craig said, I never got into the part where I'm not, I'm not going to fund this wallet. Of course, I just wanted to see the wallet address. That was where it ended for me. But, yeah, you fund the wallet. You know, like Craig said, they show prompt, they fake returns. You know, oh, your $1,000 is now 10,000, 20,000. Oh, let me take out 5,000 or, even worse, add more. Oh man, oh, my God, I made $10,000. Like, let me add another 5,000. Yeah, so that's what they do.

Craig:

First they get you to add more, to double down, double down, keep in growing it, so they milk you dry on adding more. And then when you're ready to cash out, they're like, yeah, yeah, go ahead and cash out. Then you get hit with the oh, you got to pay 10% of the balance to get you at the end. And then that's usually where it stops. And that's usually at that point where people are like, oh, I think I've been scammed, but they've already lost all the money that they put it in the front end. And then here's the thing like if you hire a company like ours, we can trace it to where the journey goes, okay, but then you have to open you know a case with law enforcement and open a police and that's fine. You should do that if you've been subject to a scam like this.

Craig:

But sadly law enforcement is so overwhelmed that, unless it's like a huge amount of money, oftentimes the cases will go cold and they won't. You know they'll get stuck and it's expensive and a lot of work to do the tracing part, but not only that, but to actually get law enforcement to take these guys. So the reason why these ransomware groups and cyber crime gangs and the. You know, when the money gets so high, where it's like millions or billions of dollars, that's when IRS, special agents, fbi, because they want to take them down, because the money is so much, that's where they put so much effort towards it and they take them down. So it's not that it's oftentimes, especially with blockchain technology and how it's all on the ledger, it's not that it can't be traced, it's that it's so much work for those little. It's sad to say, but the little amount, like the $10,000 scam, it's just so much work. It often is just, you know, too much for law enforcement.

Blake:

Yeah, I hate to be the bearer of bad news here on this, but If it's too good to be true, then it is. I mean, that's just rule number one. If you're a family member, if you're a grandma who's 67 years old, somehow becomes a crypto trading specialist. Oh, I made $20 million trading. You know what I mean. Like, come on, guys, like I, hope.

Craig:

Here's the other thing that I thought of, too, when I was talking about wallets. You definitely want to use multiple wallets If you're going to mess with crypto and either hold it or whatever, and you never want to connect like your wallet that you have like a lot of savings in to like a Web3 website. Like if you get involved with what's called distributed DApps and decentralized finance and these Web3.0 websites, you can certainly go down those rabbit holes and that's up to you to kind of investigate but get something like a Tangem or a Trezor or one of these wallets that we talked about and put just a really small amount of crypto to mess with that stuff. Like never connect like your life savings wallet to that. Because there was an issue I can't remember Was it. Did you see the one where they connected to a Web3, they connected their main wallet to a Web3 website. Oh, it was a Drainer script. Did you see that? That was like a few months ago now. There was a Drainer script.

Craig:

I want to say it was with Ledger. Let me confirm that before we say that, live here.

Blake:

Yeah, I have a Ledger and yeah, I don't keep a lot of crypto. Yeah, it was Ledger, sorry. And yeah, I mean it's all up to you, right, like everything, investment is risk-based. There's never a guarantee like money making, money printing, investment. So for me, right now, there's just a lot of validity and crypto and this is just my stance, so I don't have the means to be following it regularly, of course. I mean, I'm here in cybersecurity so I follow breaches and attacks and clients and things like that. So for me, right now, I have very little crypto assets and I have it in my nano. I think I have some NFTs which are probably worthless now. Back in the day, this thing used to be hot, but yeah, so that's just my perspective.

Blake:

And you said something that really struck and resonated with me was having some of my life savings in crypto. That, to me, just made me cringe a little bit, because I personally don't think and again, this is not investment or financial advice I don't think you should put your life savings into anything, distribute it, and even from an investment perspective, I am one of those guys that use a lot of ETFs just because, again, I don't have time to manage it. So essentially, you are paying that small nominal fee for somebody who's way more talented and way more skilled than me to manage that, and I mean it doesn't have as much validity. And you've seen cryptos go 50% overnight or 100% or 200% or 1,000% overnight, going from these little altcoins to these behemoths right, and that's not realistic. That happens in a really small percentage of crypto coins. And something I've noticed a lot is especially when you start to get the influencer perspective, like a lot of influencers when they're talking about crypto, like those are cryptocurrencies you probably need to stay away from you know?

Craig:

Yeah, so I think what you're talking about is a lot of the like.

Blake:

back in the day, it was ICOs and it was new coins and get your airdrop and One coin or the more popular one now that a lot of people is Monero, which a lot of people are talking about, a lot of influencers, and I mean look at Ethereum, max, right, you know that's another one that Kim Kardashian was promoting.

Blake:

Jake Paul, they used it for these boxing matches, these YouTube boxing matches, to buy tickets or whatever, and that thing went down. I mean anything that an influencer is talking about, like, obviously, put your magnifying lenses on, you know your high prescription glasses and do your own homework. You know, just don't buy it because somebody else says it's a great token or an altcoin or they're making money doing it. You know, you need to be very, very, very cautious of that, because the last thing that somebody would do is, if they're making a shit ton of money doing it is, you know, promote it, right. That doesn't seem to be the smart thing to do, like, hey, if I've got a money printer here, the last thing I'm gonna do is, you know, in my garage, I'm gonna leave my garage door open with my money printer, so everybody knows I'm printing money. You know what I mean.

Craig:

So Well, I think, I mean, I think that's good advice and again, not financial advice or any direction or these are strictly our opinions but I think that, at least from my opinion, in my perspective, I think Bitcoin, specifically with the fixed supply of 21 million and with all the people that have been hacked or you heard about the guy that was diving through the trash and dumpsters that lost his. Oh yeah, there was a guy that lost thousands of bitcoins. He had them on his computer hard drive.

Blake:

Oh yeah the dump. Yeah, yeah the dump. He recycled his computer, yeah, yeah.

Craig:

Anyway, there's tons and tons of people. That's just the people that have come forward. There's tons of people like that. The point is that Bitcoin is the only cryptocurrency that has that fixed finite supply. It's truly decentralized. There's no person, nation state or any central authority control, and that's what makes Bitcoin so unique and different.

Craig:

And in the world we live in we talked about in cyber and compliance, about trustless technologies and how you can't really rely on one vendor to do something. Or I mean, look at the solar winds hack, Look at Microsoft was hacked a few days ago Microsoft Azure. It was like the worst hack in Microsoft's history. We trust these vendors that we all are in our ecosystem. We have to rely on these companies in some way, shape or form. But, as a listener, assume that they've been hacked and try to put layers on your own stuff and try to embrace trustless technology to protect yourself and monitor on your own, Because if they haven't been hacked already, they probably will be in the future and you wanna mitigate your damages as much as possible.

Craig:

But, specifically, going back to Bitcoin, Bitcoin's the one that has that truly unique finite supply and with the ETFs that all came out, were launched the ETFs with the big companies like BlackRock and Fidelity, the people. These companies have billions or trillions of dollars, as people like Blake mentioned. He likes ETFs. That gives the average person an easy on ramp to buying Bitcoin. It's not the same as holding your own Bitcoin in a cold wallet. However, it does give you exposure to it and it's traditional exposure, like you might have a 401K or you might have stocks or a brokerage account, and you can easily buy and invest just like you would any other stock. So that's a huge, huge thing that we've never had before and that's why I think Bitcoin specifically is the one that's so unique and different and that's why it's got all the headlines.

Blake:

Yeah, yeah. I think we're kind of wrapping it up here. I think we have a lot of great takeaways on this episode. Of course, in the future we're gonna do similar. We're gonna try and do more of a frequency here, up our frequency and provide as much value as we possibly can.

Craig:

Obviously, we're also gonna have some more guest speakers too. Yeah, we're gonna introduce some more guests that are pioneers in their area of expertise. Just one last thing I will say on the Bitcoin stuff. Just again, do not use your phone number for SMS text pins. We talked about this on episodes and in our trainings around SIM swap attacks. A lot of people have lost tens of thousands, hundreds of thousands of dollars from SIM swap attacks because they had their tokens going to SMS. So then the hackers take over their phone, they social engineer the carrier and then they get your tokens and then they drain the wallet. So the takeaway here is, if you're gonna dabble and mess with crypto, make sure you do your own research, get your own education around that and make your own strategies and use a cold wallet. And I'll let Blake take it from here.

Blake:

Yeah, yeah, I mean, those are all great takeaways. Hopefully you had your notepad to you while you were listening, guys, or you might be driving. Yeah, we're gonna save some more great, great information for our next podcast. Obviously, I'm Blake Gray. This is Craig Petronella. We both work, obviously, at Petronella Cybersecurity and Digital Forensics. You can reach us online PetronellaTechcom. I'm here, craig's here. We're both here to help anything that you guys need with. You know, obviously, don't be scared to reach out. I happily talked to a lot of customers. I know Craig does as well. We are here for you. We don't feel like you're doing this by yourself. If there's anything at all you need, don't be ashamed to reach out. And until next time, we'll see you on the next one.

Craig:

Thanks guys.

People on this episode