Skip to content

Cryptocurrencies

Crypto is still in the early stages, though when used right, is a solid way to make transactions. I'll clear up a common misconception due to much negative public coverage. Some media and politicians overs the years have acted as though crypto is only used by criminals and that law abiding citizens shouldn't use it; that all of it is a scam; you will only lose whatever money you convert; and that because it's somewhat unregulated, it's a bad idea to use it because you could lose everything.

There are half truths with some of these statements. The problem with crypto right now is it isn't inviting to new people in the community unless they already have technical capability. I'll explain this in more detail later. Until it can be made as simple as going and getting a bank card and start making purchases, crypto isn't going to get mainstream adoption. I read a fair amount of crypto related content and while crypto bros make good points about the advantages of adding it as a way to do business, it still has a lot of work to be done.

What's important to know is that crypto in and of itself isn't private. Whenever you make a purchase with Bitcoin, transfer from one wallet to another, make trades, etc, it's all recorded on the blockchain for all time and for everyone to see. When you see crypto scams getting exposed on YouTube videos, the reason those are possible is because there's a trail of where all the funds go to. That system has pros and cons, but if you want to use crypto for a store of value (similar to real estate) or use it to make purchases, you have to have your OPSEC practices dialed in or your real identity will be tied to your wallets, which could cause real dangers to you.

A search of YouTube's travel section for people who've been scammed and robbed will show you people who had their entire wallets emptied of money. The smart crypto bros have caught on to not talk about their millions of Bitcoins, but the greenhorns think it's a good idea to show off, which will get them in trouble fast. Some people never make it out of these encounters alive. If you're going to be traveling, read Travel OPSEC to see more about the cautions needed when doing so. Crypto also has another concern which is governments. If you're in a country with restrictions around this, you could get yourself in trouble if you get caught using it. There's also new legislation coming up around the world on a consistent basis to crack down on usage.

==None of what I cover here is investing advice.==

Let's cover the OPSEC factors and general insights for using crypto in a somewhat private way (reminder: 100% privacy and security doesn't exist):

Basics: Keep your OS up-to-date and secure, security patches applied, malware free, use on a VPN or Tor, don't allow other people to use your devices, etc.

Public ledgers: The vast majority of cryptos (including Bitcoin and Ethereum) use public ledgers, meaning anyone can search for any transaction ever made with on the network at any time. You can have pseudo-anonymity, where you have some privacy with where you spend money but if your real identity is ever attached to the wallet, all your future and past transactions are viewable by anyone.

Ledgers with a privacy focus: This applies to Monero and some other cryptos (e.g. Zcash). I'll cover Monero more later and it's the only one I personally recommend. Monero uses features such as RingCT, ring signatures, and stealth addresses to help in keeping transactions private. In you're in a country where making private transactions gets government scrutiny, be aware of the dangers of having this activity discovered.

Acquisition/Exchanges: When getting crypto, it can be done by going through a centralized or decentralized exchange, a P2P exchange, or a crypto ATM.

Crypto ATM: These are a massive concern for privacy and physical security and should never be used if you don't want your identity tied to your wallet.

Centralized exchange (e.g. Coinbase): This is how most users will purchase crypto with fiat. There are several major concerns with centralized exchanged. First; not your keys, not your crypto. Many people have been locked out of their accounts for one reason or another - sometimes permanently, and they can lose all money they had on the exchange. It's always a bad idea to have money stored on a crypto exchange that you couldn't afford to lose. If you're someone who wants to day trade crypto, there's a higher chance of an account lockout. If you're going to do that, Richard Heart (founder of Hex and PulseChain) had it right when he said it's like picking up pennies in front of freight trains. Many people have lost their savings trying to day trade because they saw some goofy YT video showing how to "get rich day trading 10 alt coins."

The second issue with centralized exchanges is the global prevalence of know your customer (KYC) laws/anti money laundering (AML) laws. Governments require these exchanges to collect personal details of all customers before they can use these platforms (KYC also applies to many other sectors). For most people in Western countries, there shouldn't be much of an issue with doing this, but keep in mind one piece of passed legislation later on could present you with some complications from tax officials. If you decide you want to send money to a self custody wallet, remember that your identity of that wallet address will be known. You'll have to convert to Monero before sending those funds off to have privacy. This can be a complicated process and requires a high level of detail and attention on your part to not break the OPSEC chain.

Decentralized exchange (e.g. SushiSwap): If you're not needing to convert with fiat, a dex can work well, since it tends to have better privacy. In some cases, KYC may still be mandatory before a dex can be used. Similar to a centralized exchange, you can easily swap between different crypto coins.

Peer-to-Peer (P2P, e.g. Bisq): a P2P exchange operates off of you doing trades with other people, rather than doing trades with a business like Coinbase. This comes with privacy benefits since you don't need to do KYC and you hold the keys to your wallet (non custodial). If you're going to doing anything serious with crypto, understanding the innerworkings of a platform like Bisq would be a good time investment. Like anything else, it has risks and they need to be understood well before putting money into the process.

If you want to buy crypto with fiat and don't want to go through a KYC exchange, some platforms will allow you to send cash. On the surface, this seems like a good idea, but understand the risk of doing it. Physical mail is tracked in most places around the world and there will be a paper trail that can lead back to you. Let's say you are a US citizen and want to buy crypto with cash using Bisq. When you send the cash, it's likely to trigger an automated alert to be reviewed manually. Governments are aware of these platforms and are going to scrutinize anytime someone sends an envelope to one of them. Most agents will make an assumption you're taking part in illegal activity even if you aren't. Whether you want to go with cash or a KYC exchange, you have to assume some level of risk with tracking. This is a problem with fiat in general and why I recommend you learn about the inner workings of Monero.

Wallet types: You can select three choices with a crypto wallet. Hardware (e.g. Trezor), software (e.g. Wasabi), and paper (an actual sheet of paper).

Hardware: These have the highest level of security and are what I recommend if you're going to purchase a significant amount of crypto. There's plenty of great options available, with the feature set dependent on how much you want to spend, such as getting a touchscreen instead of using physical buttons. Some of the choices include Trezor, Ledger, Coldcard, and Blockstream. Two important factors with these; one - never buy one of these used and always buy directly from the manufacturer. There's been issues with third party marketplaces for years of selling counterfeit items and this is something that you don't want to risk getting a knockoff. Two - learn the ins and outs of whatever device you choose (as each will work slightly different) and know the risks of losing seed phrases and know how to restore a backup if needed. If you're going to get into a serious level of crypto investing, you could lose everything from one mistake. It's happened plenty of times before (case in point - one guy lost $800M from throwing away a hard drive with Bitcoin on it).

Software: If you're going to use crypto to make regular transactions and want to store smaller amounts, a software wallet might suit your needs. Keep in mind this option is a hazard to your money if you get malware on the device. There's plenty of great options to choose from - some of those being Electrum, Wasabi, Cake, MetaMask, and so on. You'll have separate wallets for each coin and can also create multiple wallets for the same coin (e.g. 5 Bitcoin wallets). You'll get a seed phrase during setup to allow you recovery in case you need to recover the wallet. Never share this with anyone. If you do, it's like handing over the money directly since they could then empty your funds. Know how to securely and safely store multiple seed phrase backups. Remember the old saying, "Two is one, one is none."

Paper: As the name implies, this is literally a piece of paper with a public/private key and QR codes to scan. This method is more risk than I personally would recommend but some people like it and are okay with storing money this way.

IP address: Before you open the wallet, it should connect through a trustworthy VPN or through Tor to mask your real IP. This is a critical piece of OPSEC that needs to be followed every time, unless you're okay with having a "public" wallet or you're using a KYC exchange. There are some wallets such as Wasabi that already route all connections through Tor, but you shouldn't assume the wallet you're using does this by default.

Other Crypto Tips

The difficulty in maintaining OPSEC with crypto is why I don't recommend this to new people until they've built a foundation in other areas of privacy and have a solid understanding of how networking and data collection works. One simple mistake could blow your entire strategy if it wasn't set up well from the start and followed to the letter. In most cases, it's not going to cause any issues, but for some people, it could mean prosecution, jail, or unwanted attention from tax authorities who think your a criminal for wanting to use crypto.

Let's cover a brief example of what a crypto strategy might look like for holding some and spending some.

Purchase Bitcoin with fiat (KYC, IRL ID known) -> send to software wallet (IRL ID known) -> send to Monero wallet for obfuscation (IRL ID unknown) -> make purchase with Monero (IRL ID unknown)

This is a simplified version that would do more than most people would want, but you can see how a misstep reveals who you are. Because of the tech behind Monero, it has a special level of privacy that others can't give, but you still need to practice this carefully. If you don't want people to know you use Monero, you wouldn't want to buy anything that ties to your IRL ID (the wallet conversion as the exception). This is similar to using Tor, as the benefits aren't there if you're going to use it to login to Gmail or Facebook.

Some crypto bros will use coin mixers to try to add to privacy for coins like Bitcoin, but these solutions are never as good as Monero itself. You can't take a tech and make it do something it fundamentally is unable to do. Crypto projects can undergo changes to fix these problems, but it's not something to hope and dream about when there's already a proper solution. Monero didn't start about being as good as it is now (RingCT wasn't added until 2017), but the team had a focus and they worked on it over time. If you want to learn more about Monero and have a better understanding of it at a fundamental level, check out the book, Mastering Monero.

One great trait to develop if you're going to use this tech is to learn rigid structure and have a process you follow every time. When a plane is getting ready for takeoff, the pilots always go through a checklist, even if they've flown for decades. The process of using crypto should be no different. Always know the address your transferring coins from, know the address you're sending to and triple check it, know how to spot phishing attempts, know what causes an irreversible transaction, follow an OPSEC process every time, etc.

When you use crypto, you also have to accept this is a completely different way of transacting. In the traditional world, if someone put a fake charge on your card, you could call and do a fraud complaint and get it reversed. There's also insurance against banks going under to prevent a person from losing all their money (at least in the US). None of this applies to crypto; it's like going from a highly structured city to the wild west. One bad move will result in you being locked out of your wallet or losing all your money due to a wrong transfer or a hack. There's a lot of risk in this. I've seen my share of threads and YT videos of people talking about how they lost all their investment money because something went wrong, and when they explain what happened, many times it's because they didn't have a solid understanding of crypto itself and of technology in general.