What is OPSEC?
OPSEC, shorthand for Operation Security, is crucial in crypto. Basic OPSEC is necessary for the safety of you and those you care about. One of the largest breaches of OPSEC I see in crypto is "The Brag". Never expose what you're holding. It's like painting a bullseye on yourself. This post will focus on why "The Brag" is an issue.
Risk Implications
Look at the image of the bullseye. You are dead center. Each ring outwards is distance from yourself geographically/cost to reach you. As adoption grows, so does the number of people with the knowledge necessary to identify you as a target in each color.
The Yellow Zone
Anyone who can gain easy remote access to your devices, network, or information is right there in the yellow with you. This can be as simple as someone having you click a link. That's a rather simple maneuver already used on concentrations of the target population, not just individuals. Securing your networks and devices reduces this risk. They say the internet makes the whole world smaller, and that's certainly the case when it comes to malicious actors. Check out my writeup on security basics. Nearly everyone is targeted at the yellow zone/general level just by being in crypto groups, surfing crypto sites, signing up for crypto related emails.
The yellow also contains your neighbors, and anyone who can get to your house without significant investment. If you live in a metro area, that could easily be millions of people. The cost to payoff ratio for these people is minimal, no matter the size of your portfolio. You could be a target with just a few hundred dollars worth of crypto for those in the yellow.
The Red Zone
This zone is full of those who can reach you for a few hundred dollars. Those in your state for sure, but depending on the size of that area, potentially your neighboring states too. Go look at where you can fly for under $500 round trip. If you have a $5k portfolio, you could be a target to that area.
The Red Zone is a combination of the Blue and Yellow Zones when discussing remote targeting. Most remote targeting in the Red Zone will be generalized to crypto people, but you will occasionally attract those that will individually target you for brief time periods. This Zone is secured against with the same methods as the yellow, along with learning storage strategies that separate your crypto access from all else.
The Blue Zone
These are people who live in your region/country. It's basically those who could get to you for under $1000 USD. What payoff makes $1000 investment and a crime worth it? Even at 10:1, that's a $10k portfolio. The same portfolio that was worth just $500 in January 2017, .5 Bitcoin, was worth that by the end of 2017. Had you disclosed yourself as having .5 BTC prior to the bull run, you'd have made yourself a target to the blue zone.
The Blue Zone also includes those who are willing to invest some time in building a rapport prior to sending you a link. Unlike in the Yellow Zone, this is almost always individually targeted and not just a general net for anyone in the industry. To secure against the Blue Zone, you need to consider more advanced security measures like those covered in MyCrypto's Security Guide for Dummies and Smart People Too.
The Black Zone
This zone is populated by those who can reach you for under $5000 USD. What payoff makes $5k worth it? The same 10:1 ratio we used in the Blue Zone would say $50,000 USD. That was 2.5 Bitcoin at December 2017 prices. Disclosing $2500 in January 2017 would mean being at risk to the Black Zone by December 2017. You can be reached for under $5000 by nearly anyone in the world.
From a remote perspective, what sort of time investment would someone be willing to make for $50,000? How long would they be willing to talk and build a friendship? How many messages would you have to exchange for you to be willing to click that link? 100 messages? A month chatting? The Black Zone represents a certain level of paranoia in the minds of many.
The White Zone
This zone is the risk zone for those with a following. While the other zones are about what you have, this zone is about who you are. People associate a following with a certain level of wealth. Pretty much any influencer that you can name in the crypto space is at risk in the white zone, particularly if traveling into adversarial environments like conferences.
This zone can also hit you at home, not just with "rubberhose cryptoanalysis", but with things like swatting. This is where methods like covered in Jameson Lopp's Modest Privacy Proposal are critical. There's a video version also. Obscuring who you are and where you live is a form of safety for the white zone.
I hope this has helped you understand the risks of disclosing your holdings and how the risk grows with the price of the assets you hold. Security is cumulative and crucial and OPSEC is one small portion of an overall security plan. Keep in mind, in crypto you are your own bank and if you ever heard your bank saying "that's overkill" about a security measure, you'd likely switch banks.
Whilst I agree that some opsec is necessary, I also think there is a lot of fearmongering going on. How is mentioning some of your holdings any more likely to make you a target of criminals, than posting pictures of yourself on IG? Assuming you are just a regular wealthy person. Are you saying anyone with money should get off social media and start pretending they aren't richer than other people?
In 2011, if someone said they had 5 Bitcoin, they had 40 cents.
In 2017, that was worth about $100k.
6 years difference and a whole different perception of value. Where will be in 6 years? Do you know?
Disclosing what you hold today may not be a big deal, "a regular wealthy person" as you say. But a year from now, 3 years from now, your comments still exist in a crypto forum and you're publicly worth at least $5m in a currency that is largely stored with access available in your home.
OPSEC isn't just about today, it's about many tomorrows.
A regular wealthy person holds their wealth in investments not easily liquid.
A $10 million net worth is likely a $1m home, a few million dollars in stocks, a few million in other investments, and maybe a few hundred thousand accessible max, even with a gun to your head.
A $10 million net worth in crypto is likely mostly liquid enough to all be accessed with a gun to your head.
It's a far different ball game when you're your own bank. As risk increases there are steps you can take. Not disclosing what the bank holds and not disclosing where the bank is are two of the most basic methods to not end up with a gun against your head.
https://cointelegraph.com/news/uk-cryptocurrency-trader-robbed-at-gunpoint-amount-stolen-unknown