Bitcoin security tips to help you while traveling
Cryptocurrency events are a great opportunity to learn more about bitcoin and make industry connections. If you own bitcoin, however, it’s important to be mindful of your surroundings and take proactive steps to protect yourself and your wealth.
As we often say, there are no vacations in security. Bitcoin travel requires a little extra precaution. Conference season is heating up again, and so are criminals, attackers, and malicious actors. Here is a helpful travel security guide for attending cryptocurrency-related events.
Getting to the destination safely is the part of your trip where some quick preparation can help you avoid bitcoin security issues.
Power down your electronic devices fully before going through the security checkpoint. Once a device is outside of your control, anyone can do anything with it. It is much harder to unlock and decrypt a computing device when it is in a powered-off state versus a powered-on state where the device was previously unlocked (PIN code, biometrics). It is generally safer to turn on devices once passengers have boarded the plane and the plane doors have been locked. The risk of device seizure is much lower once a plane is boarded and moving.
Never take the majority of your Casa keyset with you. Your keyset is designed for geographical distribution and security. If you need to transact in bitcoin at the conference, it is better to use the mobile single key wallet with a limited amount of funds. Having a majority of keys in your possession makes YOU the single point of failure and puts your funds at risk. Learn more about how to keep your bitcoin wallet safe in the below article.
Don’t advertise the goods. The first layer of security is privacy, and privacy is about flying under the radar. Every time I am in a travel hub, I take note of who is wearing a cryptocurrency shirt or who has a bitcoin sticker on the lid of their laptop. Criminals and thieves take note of this as well. Don’t broadcast to everyone you’re traveling with bitcoin.
Always use a VPN when on a shared network, including hotels, airports, and individual rental locations. Public networks are often unencrypted, which can put your transmitted data at risk.
Only use your own device chargers and cables. Attackers have been known to set up impromptu “charging stations” in travel hubs in the hopes that someone with an unpatched device will connect to it for charging purposes. Your device may charge, but it will also now be infected by a process known as juice jacking.
Lodging and accommodations
Hotel safes are not to be trusted for keeping bitcoin and high-value items safe. These safes are easily accessible to hotel staff and cleaning services using bypass codes. These safes are even more easily accessible to attacks using things such as a room key, screwdriver, or ball-point pen cap. When in doubt, don’t bring high-value items with you.
Some hotels and suites have a double door connecting rooms or bathrooms directly. If your room has a double access door, ensure it is locked from your side. You can move or brace a piece of furniture against the door to stop an inquiring neighbor.
Consider using a portable, non-intrusive door brace or deadbolt strap for your hotel door. These devices can vary in effectiveness, ease of use, and known flaws, but they can help prevent an unwanted visitor from gaining entry while you are in your room.
Lodging through vacation rental websites can be great for cost but not as much for security. These accommodations are offered by individual owners rather than a company, and they may not have the same level of physical and network security controls as a hotel. Your personal property may not be protected or covered by insurance in the instance of a break-in or robbery.
At times, it can be dangerous to use your real name everywhere, especially if you’re well-known. We live in an age where bad actors can search your name online and instantly find out who you are. When ordering delivery, food, or car rental services, use only a first or fake name if possible. If you decide to do this, make sure the hotel and clerk know as well, otherwise your pizza delivery for “Satoshi Nakamoto” may go to the wrong person.
If you are using rideshare transportation, ensure the driver is who they say they are and work for the company they are representing. This does not need to be a full-blown interrogation but more of a verification ("Are you Kevin with Uber? Oh, your name is Pete. My mistake, my app does show that.") Simple checks like this can work well as a false pretext verification.
Before the event
Consider using the buddy system. Physical attackers are more likely to target individuals traveling alone to conferences and satellite events. Traveling with a trusted companion is a smart practice for venturing into unfamiliar and potentially unsafe areas, and it has the bonus of allowing you to split transportation costs.
Ensure you have an emergency contact (or notify your Casa Emergency Contact) who knows you will be traveling to a remote location. This person does not need to know all of your whereabouts but should be aware of your general plans and location.
Update any computers, tablets, or mobile devices you may be bringing with you prior to the event. This ensures the latest security updates are applied and minimizes the risk of known attacks against the device.
At the event
Once you’ve checked into your event, the coast isn’t necessarily clear. Malicious actors are often present at large crypto gatherings, so don’t let your guard down completely.
Turn off all unneeded network communications including Bluetooth, WiFi (in certain areas), and the MacOSX/iOS Airdrop file sharing utility. This stops random connections and scanners from picking up your devices for further analysis and potential attack. Learn how to disable your AirDrop in this Wiki article.
Just like when you’re traveling, make sure to use your own power chargers for your mobile and computing devices. A portable battery is a great and cheap option to charge while you’re on the move.
Avoid giving out your phone number to strangers. If attackers have your number, they can target you in a SIM swap, port your number to their phone, and drain financial accounts that rely on that number for two-factor authentication. If you would like to keep in touch with someone, consider using encrypted messaging apps or a “sock puppet” social media account.
Do not share any pictures of a location on social media while you are still in that location. It's better to post pictures after you have left the location, or sometime thereafter. This stops a bad actor from finding your physical location in real time. One should also be aware of what is in the background of the photograph, who is in it, and if they are okay with the picture being posted online.
Be conscious of what you disclose about yourself at crypto events. As we like to say at Casa, feel free to talk about bitcoin, but don’t talk about your bitcoin. Try not to self-identify as someone who owns a lot of bitcoin. The more data points you reveal, the more of a target you become. There are some subjects that are best left untouched, such as how much bitcoin you have, when you started buying, and the exchanges you use.
Be aware of those in attendance at afterparties, bars, and shared party locations. These patrons may not be attending the conference, but they are now extremely interested in your “bitcoin citadel retirement plan” they overheard you discussing. Limiting alcohol intake will also help to keep one’s senses sharp (but make sure to still have some fun).
It's an effort to get back into the traveling security mindset, but hopefully some of these tips are things you can incorporate into your personal security plan. While most attendees should feel safe and not be targeted, “An ounce of prevention is worth a pound of cure.” Have fun at the conference and beyond!
Need peace of mind for your bitcoin?
Casa makes self-custody easy for everyone. Our multi-key vaults protect your bitcoin from accidents, hackers, and more. Learn about our plans here.
Stay safe out there
Casa's CTO Jameson Lopp regularly reports on the bitcoin security and privacy landscape. Sign up for our weekly security newsletter to stay in the know.
The Services are a platform for managing cryptographic keys and nodes. The Services are not an exchange for buying, selling, or trading digital or virtual currency or assets (an “Exchange”), and Casa is not a bank or other financial institution. The Services do not and cannot sell, hold, invest, send or receive money or cause or effect any digital or virtual currency or asset transactions. BY USING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE AND AGREE THAT (A) CASA IS NOT IN THE BUSINESS OF PROVIDING FINANCIAL, LEGAL, TAX, ACCOUNTING, OR INVESTMENT ADVICE OR SERVICES, (B) NONE OF THE SERVICES ARE INTENDED TO PROVIDE OR CONTAIN ANY SUCH ADVICE OR SERVICES, AND (C) ANY AND ALL SERVICES ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. Casa urges you to consult a qualified professional for any such advice or service.