What could a 6102 attack on bitcoin look like?

LevelDescription
1Capture bitcoin on/off ramps
2Restrict access to bitcoin
3Clawback bitcoin already held by bitcoiners

1. Capture bitcoin on/off ramps

Increasing regulatory requirements

Increase barriers to entry to force bitcoiners through controlled choke points

Status: Ongoing globally.

Increasing KYC / Verification

Develop comprehensive lists of holders & amounts held for use in later stages

Status: Ongoing globally.

Increasing use of chain surveillance

Better map blockchain data to meatspace to maintain more accurate picture of holders balances

Status: Ongoing globally.

Increasing ISP surveillance

Identify bitcoiners based on internet usage.

Status: Likely ongoing globally given widespread internet surveillance. Can be partially mitigated by using tor, though full protection would require decoupling block download timing & download size.

Undercover P2P Exchange Surveillance

Buying/Selling on P2P markets to identify bank accounts, and therefore market participants.

Status: Possibly ongoing, although likely not widespread at this time in most countries. More likely for large transactions.

Mining Regulation

Mandatory KYC / licenses / whitelists / surety bond requirements for mining operators & pools.

Status: Hypothetical in most countries. Mandatory national mining pool in Venezuela, fines and sanctions for mining with an alternate pool. Source

2. Restrict access to bitcoin

Decreasing withdrawal limits

Dramatically increase time taken to withdraw from exchange

Status: Withdrawal limits for non KYC accounts are being reduced across the globe.

Closing accounts

Boot users who are suspected of using bitcoin for products / services that are not mainstream

Status: Frequently occurs, see flagging.

No withdraw option

Don’t even offer an option to withdraw.

Status: Growing industry, examples include Revolut, Robinhood & Paypal

User ‘confirmed’ addresses

Require users to confirm withdrawals are to their own addresses.

Status: Very common in the terms and conditions of most KYC exchanges.

User ‘verified’ addresses

Require users to “Prove” withdrawal address by screenshot or signed message.

Status: Not widespread YET. Bitcoin address “verification” is required in The Netherlands & Switzerland via sending a specific amount of bitcoin, signing a message or, unbelievably, a screenshot.

Ban on self custody

Make holding your own keys illegal, forcing compliant users to use custodial wallets.

3. Clawback bitcoin already held by bitcoiners

  • These could be automatically taken from custodial wallets.
  • Users of self custody would be told to disclose all xpubs and manually send the coins each year.
  • Possible rewards for anonymous tip-off’s which lead to recovery of bitcoin from non-compliant individuals.

Yearly Bitcoin tax

A yearly % tax on bitcoin holdings.

Status: Hypothetical

Unrealised capital gains

A % tax on unrealised fiat profit due to price appreciation of bitcoin.

Status: Hypothetical

Bitcoin Wealth Tax

A “one off” % or fixed tax for holders with > X BTC. Such wealth taxes have occurred in the past e.g. Argentina

Status: Hypothetical, has historical precedence in Argentina

‘Full’ 6102 attack

Gov. decrees that you have to surrender some % or all of your bitcoin

Status: Hypothetical, has historical precedence with gold’s executive order 6102

Conclusions

Get your coins off the exchange

It is critical that you control your coins (on a non custodial wallet, where you have the private key). If you have your coins on an exchange you have no control. I recommend using bitcoin core + Specter Desktop with a ColdCard (windows tutorial).

NoKYC helps defend against many of these attacks

If you use tools like BISQ or HodlHodl your ID will not necessarily be collected, giving you more control.

Use privacy improving tools

Tools such as Whirlpool (and CoinJoin in general) help provide forward privacy, though be warned that they don’t eliminate the possibility that you could face future tax liabilities.

Tor is also useful for concealing the fact that you are using bitcoin from your ISP (and therefore, the State).

The noKYC premium may prove to be well worth paying

For most people it be worth paying a premium for noKYC bitcoin if it reduces their future obligations to rogue / corrupt states.

Tools keep improving

Tools may eventually exist to make it possible for anyone to easily protect their bitcoin from state seizure. Such tools could include multi-jurisdictional multi-sig, possibly with strong social networks for recovery/signing. If widely used it may be possible to avoid a 6102 attack without too many casualties.

If you have 1 key of 3, and the other 2 are held by other people in a different jurisdictions, it’s not possible for you alone to be compelled. It’s plausible that you have agreed to only sign when all three of you are physically present in a safe haven county.

Coercion is a powerful thing

Widespread Coercion Unless the vast majority of users are in a position where they can weather a long attack from a state level adversary it is likely that a full 6102 attack would be effective enough to warrant it’s use. This is because the state can apply extreme pressure to a small number of individuals to coerce the masses into cooperation.

Individual Coercion It is very hard to ensure that you cannot be coerced into giving up your bitcoin if you are targeted by a sophisticated adversary. For example even if you have multi-jurisdictional multi-sig, a bad actor could allow you to go to sign and hold someone to ransom until you send them your bitcoin.

Responses

The state couldn’t impose taxes effectively because they don’t know how much bitcoin people have.

  1. Through the mechanisms listed above in level 1 & 2 the state has some understanding of the bitcoin holdings of many individuals. This is especially true where users have;
  • Completed KYC
  • Confirmed or ‘proven’ that they are withdrawing to their own addresses
  • Not used forward privacy enhancing tools (CoinJoin) to obfuscate the destination of their bitcoin
  1. If a user bought X BTC through KYC ramps, lives in a country where capital gains have to be reported and and did not declare capital gains (from selling or spending) the state may presume that they still have holdings. The onus may be on the user to prove that they spend or otherwise disposed of the bitcoin.

Bitcoin is hard to seize and would require raiding homes, thus a full 6102 attack is impractical to enforce and therefore will not happen.

  1. Whilst it is true that a government would not have to have the manpower to raid every holders house, they would just make an example out of a small number. This is how government enforcement of legislation typically works.

  2. The same could have been said about gold (How can the government find and seize my shiny rocks?), and yet executive order 6102 happened, a small number of people had their gold seized and the majority of the population complied.

Bitcoin is harder to seize than other things (fiat in bank accounts, stocks etc.).

  1. Often government seizure is achieved through coercion via localized hyper aggression. Potential seizure resistance is very high with multi-jurisdictional multi-sig combined with neutral or positive legislation (not US / Europe / China …) & keeping quiet about your bitcoin.

  2. Why seize fiat when you can just print more? The most likely scenario for a full 6102 attack is if the price of bitcoin rises very significantly and risks collapse of the state unless it can acquire bitcoin.

  3. Stealing from “lucky” bitcoiners with significant holdings (a very small number of people) is far more politically tolerable than taking fiat from banks or stocks, and better achieves the aim of acquiring bitcoin.

I had a “boating accident” and lost my coins. Checkmate State Attacker.

  1. It may be that such a defence is found insufficient unless you declared the loss / theft at the time.
  2. The movement of the utxo’s may undermine this defence, especially if you make a transaction with the “lost” bitcoin which is linked to your identity after the supposed accident.

I got phished and my btc was stolen

  1. There are widespread phishing attacks - It is plausible that you were affected, especially if you had your email leaked.
  2. This would also explain why utxos keep moving after the theft (as opposed to loss where movement would suggest you are lying).
  3. It may be necessary to report the loss depending on the jurisdiction.

Resources

Please send me links to other resources on this topic

Podcasts

  • Me (6102bitcoin) on SLP link

Articles

Videos

Regulation

Counter Regulation Statements