“Man says his wife used a security camera to steal his password and $176 million in Bitcoin‘

Here is an interesting use of a security camera.

Ouch.

BTW, some workarounds if you are connected to someone you can’t trust like this…it said he was using a Trezor Wallet, so, he could’ve reduced his risk…instead of typing the words into a computer keyboard (which she was watching), he could’ve just used the on-device entry. Trezor hardware (at least some of them) allow you to enter the PIN and seed words directly on the wallet’s touchscreen including a scrambled grid where everything changes positions every time, so someone recording the position of your finger won’t know what you actually typed. There are others that provide temporary input options.

Another solution is to use something like Shamir Backup (distributed security) where the typed entry is only 1 part of at least 2 keys needed to access or authenticate anything. the other can be using certain password managers with multifactor authentication including various forms of biometric approval (which can’t be recorded by a camera) in order to auto-fill masked data that is not stored in memory or accessible and definitely never seen visually. This is highly recommended anyway. Never have a single point of failure. Create 3+ keys and require 2 of them to authenticate. One you can type out, and the other gets input or accessed in another way. Store a 3rd in a secure place. If any one of them gets compromised, it’s still useless, and the person can just go redo the 3 keys to get rid of the compromised one. Don’t use a single string/source. Dude should not be storing that much money in a cold wallet if he doesn’t know anything about Shamir backup or alternative protections. If I had $176M in Bitcoin, this wouldn’t have happened to me even if there were cameras watching my every keystroke.

It will be interesting how this plays out if the court rules in the husband’s favor but the wife still refuses to cooperate and give up the keys (assuming they weren’t able to find and confiscate them during her arrest).

Good points, especially about avoiding a single point of failure. Entering sensitive data directly on the device and splitting access with multiple keys would’ve made a situation like this much harder to exploit.