Whenever he explained the importance of using Coin Control, he used the same hypothetical example: imagine that you have a 1 million dollar bill, another 5 dollar bill, and you want to buy a 1 dollar piece of candy. Which of the two bills do you use? What information are you sharing with your counterpart? If you pay with the 1 million dollar one?
Deciding which ticket to use can be the hinge between continuing with your day peacefully or having the worst day of your life, depending on who your counterpart is. With Bitcoin, however, many people are not even aware of which note (UTXO) they are choosing, nor what information they are sharing, not only with their counterparty, but with the rest of the public network.
For me, this had always been an imaginary case with practical implications too important to ignore. But when I heard Rocelo Lopes talk about the kidnapping case of his wife in Brazil, I confirmed that is It is essential that all people who use bitcoin also use Coin Control.
I learned about the story of the kidnapping during the talk by Alena Vranova, founder of Glok.Me, about the increase in physical attacks on bitcoiners in recent years, presented at the Plan B Forum in Lugano. Vranova invited Lopes on stage to tell the story himself.
Lopes currently serves as CEO of SmartPay and Truther, but was one of the first cryptocurrency popularizers in Brazil, promoting the technology since 2013. The kidnapping occurred in February 2017 in Florianópolis, when Lopes led the CoinBr exchange. His wife, Renata, was taken by the kidnappers to Sao Paulo and She was held for three days.
At first, Lopes thought it was a prank call and even hung up on the call. Then they put his wife on the phone and she confirmed it was true.
Obviously, being a public evangelist about Bitcoin made him a target, but there was another detail that confirmed that he would be a good business. The kidnappers demanded 150 million reais from Lopes, approximately USD 30 million. When he told them that he did not have that money, the kidnapper replied that he knew he had it, because had traded with it and an exchange transaction for that amount had been generated.
In the end, with the help of the Sao Paulo police, they managed to rescue Renata without paying a cent to the kidnappers. But the detail of the exchange transaction remained echoing in my head. Would the kidnapping have happened if Lopes had used Coin Control?
Coin Control can save you from kidnapping
Coin Control is nothing too sophisticated. As we said at the beginning of the article, it is simply a matter of give each user the power to choose which UTXO to spend.
Every time someone sends bitcoin to another address, they are using funds from one or more previous transactions (inputs) and creating new funds records or UTXOs (unspent transaction outputs). These outputs become the inputs for future transactions. When you want to make a transaction, you are essentially spending one or more UTXO.
The problem is that this is not transparent in most beginner wallets. It is the wallet software that decides which UTXO to spend. It may well be the one with the closest amount to the expense, or the oldest UTXO, or some other criterion. But The fact that the choice is arbitrary can cause situations like that of Rocelo’s wife.
Let’s look at the following transaction taken from a random block of the Bitcoin ledger. There we see that an entry of 1.1615 BTC was taken for a payment of 0.00082859, obtaining a change of 1.1606 BTC.
There are variables that help us identify what the expense is and what the change is. In this example it is obvious: the input and output addresses are the same. The user reused the address for the change, which is in itself a bad privacy practice. But if this is not the case, patterns can be identified such as the transaction format of one of the outputs is the same as that of the input (bc1q, i.e. P2WPKH); while the other output is of a different format (1H or P2PKH).
There are more advanced software such as Chainalysis or Elliptic that allow you to automate the identification of patterns to have more details about a transaction, software that more sophisticated hijackers could have access to.
This risk of revealing too much information occurs especially in self-custodied P2P transactions, that is, when you pay directly from wallet to wallet. When you send BTC from an exchange that holds your coins, it’s actually the exchange that interacts with the network, not you, and they typically do batch transactions where your transaction is just one of multiple entries.
This is one of the disadvantages of using the Bitcoin base layer. To achieve decentralization, Satoshi sacrificed privacy by making all transactions public and visible to anyone.
Thank goodness, there is the option to make transactions off-chain through the Lightning network where transactions are not announced to the entire network, adding a layer of privacy. But if it is essential for you to make an expense on-chain, try to select your UTXO using Coin Control. Here is a list of wallets that support this technology:
The supply of wallets that offer Coin Control is growing among Hardware Wallets, as we can see:
The kidnapping of Rocelo Lopes’ wife is an unfortunate case in a growing trend of physical attacks against bitcoiners. Using Coin Control is just one of the digital hygiene measures you should have when using bitcoin. Take care of yourselves and don’t take for granted the importance of your privacy.
Disclaimer: The views and opinions expressed in this article belong to its author and do not necessarily reflect those of CriptoNoticias. The author’s opinion is for informational purposes and under no circumstances constitutes an investment recommendation or financial advice.