Crypto Applacency: Hidden Security Threats at Industry Meetings

By Nick Percoco, Chief Security Officer of Kraken

Every year, crypto conferences are becoming bigger and more global. There are face-to-face opportunities to interact with peers across the crypto community, from New York to Dubai and Singapore. These gatherings are one indication that Crypto has reached an inflection point in its mainstream adoption.

However, as they grow, there has also been a quiet but troublesome trend. Personal security hygiene at the crypto meeting took the back seat. This trend has emerged before the recent well-known code entitled. Unfortunately, the Crypto community has now become openly displaying and discussing Crypto topics (even wealth and even high value transactions) in a public setting.

At the heart of Crypto is your own bank. And if your personal and operational security (OP-SEC) is not prioritized above all, it is extremely difficult (if not impossible) to achieve your financial freedom promise.

Kraken’s dedicated security team monitors this trend while attending industry meetings. Here’s what they see and what all attendees need to keep in mind:

Basic situational awareness is often ignored

While walking around the networking events and expo areas, our team kept an unmanned laptop owned by the popular Crypto protocol open and identified it as unlocked in the work settings. Similarly, they highlight many instances of mobile phones that are not registered in the table, even if the wallet notifications are ping in real time.

If you’re in crypto, your digital device isn’t just a phone or laptop. It’s a safe to do to you, your cryptographic means, and your wider employer’s operations. When you are not using the device, always keep it close and lock it.

Openly broadcast wealth and valuable transactions

One of the team members left their hotel room one night, a few miles from the meeting venue, met several attendees, discussing the valuable deals while wearing the meeting straps, including their names and companies.

Even if you don’t think everyone is listening, someone might be better. Be modest to protect yourself and those around you.

Public spaces are not safe

You should be even more cautious about cryptographic meetings to avoid blindly trusting WiFi in busy coffee shops. Public networks can easily be spoofed or compromised, and crypto events are full of very technical individuals, including those with hacking skills. To exploit unsecured connections, you only need one bad actor.

Think carefully before scanning a QR code

From giveaways to product demonstrations, it can be found everywhere in Crypto events, but each scan can be exposed to a malicious smart contract designed to drain the wallet. Bad actors use one sticker swap to risk dozens (if not hundreds) of participants in order to replace legitimate QR codes in their marketing material with fake codes.

Although we have not seen any recent reports on this in the wild, the risks remain real. A safer approach is to use burner wallets with limited funding dedicated to meeting activities. That way, if something goes wrong, your main holdings will remain protected.

Beware of who you trust and what you reveal

Not everyone on the meeting t-shirt is who they say. It’s very easy to build a cover story or register under a fake persona during the event. We recommend that you check your identity and always check it out to protect sensitive conversations or as follow-up after in-person events. If that seems too good, it is probably.

But that’s not all. Our team is keenly aware of the low risks associated with participating in the event, but equally serious risks. Always look closely at food and drinks. Tampering is rare, but it is a real threat, especially in high-stakes environments.

Similarly, compromises on devices are easier than most people can achieve. One common tactic is juice jacking, where malicious USB charging stations are used to install malware or data. Our recommendations are simple. Always use your own wall adapter and charging cable. If that means a quick trip to your hotel room, it’s a small price to pay to keep your digital assets safe.

As cryptography continues to grow and mature, our approach to security must remain uncompromising

The more visible and mainstream the industry becomes, the more attractive we are to bad actors and it is easier for self-satisfaction to undermine progress. It’s time to go back to basics. In today’s high-stakes environment, cryptography complacent is not just a personal risk, but a threat to our wider movement.