Crypto users fail ‘basic situational awareness’ at events, says Kraken

Crypto conference attendees fail at “basic situational awareness” and security measures, opening themselves up to exploitation by bad actors hiding in the crowd at events, says crypto exchange Kraken.

Kraken’s security team noted a “troubling trend” of laptops and phones owned by popular crypto protocols left unlocked and unguarded on tables at events — as “wallet notifications ping in real time,” Kraken’s security chief Nick Percoco said in a June 5 blog post.

“If you’re in crypto, your digital device is not just a phone or a laptop. It’s a vault to you, your crypto assets and your broader employer’s operation,” he said. “Always keep your devices in close proximity and locked when you are not using them.”

Percoco said basic security measures are particularly important for conferencegoers as scammers also attend crypto events, and it’s easy for them to build a cover story, register under fake personas and appear like they belong.

“Crypto, at its core, is about being your own bank. And it is incredibly difficult to achieve the promise of financial freedom if your personal security and operational security aren’t prioritized above all else,” Percoco added.

One tactic scammers use while at a conference is “juice jacking,” where malicious USB charging stations are used to install malware, steal data, or exploit a public network, according to Percoco.

He added that scammers can also easily spoof or compromise WiFi networks. 

“Crypto events are full of highly technical individuals, including those with hacking skills. It only takes one bad actor to exploit an unprotected connection,” he said. 

QR codes can also be dubious, and while Percoco said he has not seen any reports of it happening in the wild, but a sticker swap by a bad actor replacing a legitimate QR code on marketing material with a fake one could result in compromised wallets. 

“A safer approach is to use a burner wallet with limited funds specifically for conference activities. That way, if something goes wrong, your primary holdings remain protected,” he said. 

In-person crypto theft on the rise 

Another issue Kraken’s security team noted is that some attendees have openly discussed their crypto gains and were careless about exposing their personal information.

“One of our team members walked out of their hotel room one evening, several miles from a conference venue, and encountered several attendees discussing high-value trades while wearing lanyards from the conference that included their name and company,” Percoco wrote.

“Even if you don’t think anyone’s listening, someone very well might be. Be discreet to protect yourself and those around you,” he said. 

Related: Ledger co-founder released after days in captivity in France: Report

There has been a growing number of kidnapping and extortion attempts against members of the crypto community and their families this year. 

Jameson Lopp, a cypherpunk and co-founder of self-custodial firm Casa, has created a list on GitHub recording dozens of offline crypto robberies all over the world, with 29 incidents of in-person crypto-related theft so far this year.

Chainalysis CEO Jonathan Levin said last month that the perception that crypto is an untraceable asset could be spurring criminals to try their luck at brazen kidnappings and theft. 

Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why