All Good afternoon, everybody. My name is Craig Petronella. Welcome to another cybersecurity podcast. Live with BJ
Hello.
topic did you guys choose for the day?
we went in to take a look at the Coinbase issues that are going on right now and talk about what people can do to protect themselves, because this is. After doing some research into this is pretty bad.
bad. Did you see that one? That was like, um, what was it? $17 million.
Yeah. And in a matter of 10
Yup.
like it was gone, like as soon as the person put their money in it. $11.6 million lost and under 10 minutes. Because they fell for a fake notification scam. But the weird thing was that the, this notification popped up saying that it was from Coinbase. And that something was wrong with their account, is as soon as the person signed up for it and put the money in
Yeah. So that tells me is that they must've been spying on their email or something. To that. Right. You know, cases that I've been, that I've been hired to do, you kind of like the, we talked about this, I think it was yesterday actually with, um, keywords, like wire transfers or some kind of ACH or something like that. And then all of a sudden they would resurface. I think it was a similar. They didn't disclose.
I looked at a bunch of the links for the Coinbase issues and there's numerous issues, but they didn't really explain how, is how it
Yeah, because I think they're unsure at this point. I think what it sounds like to me is that it's either, like you're saying that there's been somebody on their account or it could have been, speculation. But how do we know it? Wasn't an
Well, that's the too. And the other thing that's a little nerve wracking, at least from my perspective with, from the cybersecurity side is it was a little confusing how Coinbase custody, which is separate that's that claim based custody is there, um, secure or secure. than coinbase.com. They're two separate entities. So the Coinbase custody has what's called a SOC two type two report, but the regular one doesn't appear to have anything. pretty alarming.
And then if you look at some of the other exchanges, they have much more security. I know, um, when we were doing. with, I think we talked about this on another podcast as well, with leverage trading and things like that. Um, address on cracking without authenticating like five times or whatever it was. I mean, it wasn't something somebody could have done, user's knowledge, but.
Yeah, it's fairly complicated. What else I've noticed about Coinbase is? Because I use both, I use Coinbase and I use the one. That's like the one that has the lesser securities that you described, not the not the one that has all the SOC two
Well, well, you don't, custody to trade it storage. It's just cold storage. It's their platform.
Yeah, but you know what? I have the Coinbase, maybe I'm confusing two different things. Cause you know, they have Coinbase app and then they have Coinbase wallet or something. They're two different
Coinbase and then they have Coinbase pro. So Coinbase is like, The down version and then Coinbase pro has got some more advanced graphing and things like that for more like day trading.
There's the two, if those are the right two that I'm thinking of, they're not entertainable you have to sign up for them separately and set up wallet for them. But the one that
you actually can use one account, but the wallets are not the same. You have. So, but they are, Like you can switch, like if you're a Coinbase, you can go to Coinbase. Without whole nother ID verified, verified wallet, or I'm sorry, user account, but the wallet addresses are different.
Is different, i, cause I use an apple phone, so I set up facial recognition like to log in, as a second step that has to authorize my face. It keeps dropping off for some reason. So I've set it up multiple times and it'll work for a few days and it'll keep making my, making me do the face verification and then it'll drop off and then it doesn't require it.
And I don't know why it's dropping off because I'm not changing anything in the settings, but something's inconsistent with the technology they're using because it's not staying there. That setting is not staying.
other thing that pretty alarming when I was looking at some of the news articles and doing some research and, you know, there's one um, I don't know article about the attorney that had about, I think it was about a million dollars him and his wife had in crypto and it sounded like he had multifactor enabled. And was driving or something. And then he got a notification that I think it said the notification was by text message. I'd have to go back and look at it.
got it pulled up here.
okay. So, that notification was obviously the bad actor and um, out and it was just a big mess and, and, nobody gave straight answer on how it all happened. an insider job or is it, you know, what's going on? Because, and the lack of a SOC report and it's kind of alarming, you mean, there's some, like, you know, we talk about and different kinds of frameworks around NIST 801 71 and ISO 27,001 and all these different regulatory frame. isn't there a public available download for Coinbase?
Yeah. So what it says here too, which I think is really interesting, just reading I'll link this post this link, but it says that the retired attorney clicked on the message, which said someone had logged into his account. So it was actually accurate, but then he logged on and his and soon he got an email. That is two factor authentication had been changed. So as security settings had been compromised somehow, right?
So he was able to log in and he watched it as they're withdrawing, but he couldn't do anything. And the problem is that Coinbase, they only have email they've since changed it, but there's nobody that you can con they didn't have any phones. To contact anybody there to stop it. So he was just like watching this happen as they took $700,000,
that there would be some kind of additional security safeguards around, you know, logging in, even if they successfully authenticate, you know, if they're coming an adversarial country and the ID verification check was like New York or Florida or whatever. Well, probably going to throw a red flag. Right. So why. Why notify him and say, look, is this you kind of like a credit card?
when you get up, you're out of town on vacation and you don't really don't go to that place to use the gas station or whatever to fill up your car, um, sometimes alert. So why isn't there kind of technology like that? There.
Do you know that this is, again a situation like you pointed out the difference in security levels between the exchanges, because Coinbase seems to be like you have a lot of entry-level crypto. On Coinbase. And I use it too, because it's very convenient, right?
That's the C word, very convenient, because you can really transfer money very quickly because of the, they don't have all the extra measures because when you use crack in, for example, if you use a new device, not even being outside of the country or anything, but any new device it's going to make you verify it by email. Cause I use a know, I use a. VPN. And so it makes me do it every single time. And so that's just another layer there and then they have that global settings lock.
So yeah, this is a trade-off right with the convenience, but you pointed out a good thing to talk about Erin too, with the possibility, not saying that there was insider threat because it very well may not have been, but it's a good topic to bring up. As Craig always mentioned training is so important and we see a lot of organizations that don't do trainings right. With their employees.
And so they don't know what to look for, but it happens like there was just an article yesterday and this happened years ago, but I guess there was an interview done with that singer Grimes. Who's like Elon Musk's off and on significant other. And she had admitted in the interview and now might be facing legal ramifications. But in the interview, she admitted that years ago, someone had taken a photo of her that she didn't want posted, and they posted it on their blog.
And she had a friend who worked at a gaming company and that friend. Tap into the network somehow and did a dos on them to get that picture down. And they blackmailed them had told them they had to take the picture down or they wouldn't get it back up. So basically she essentially admitted to hacking this company over a picture. So those things, that's just a perfect example right there. That's Elon Musk girlfriend, right? So these things happen and it's unfortunate, but it's true.
And so training is very important to, to, to know what to look for.
I mean, I've always had on both sides, you know, for the company and, or the exchange as well as the individual training is so essential nowadays. Um, the training, the attestation, their certificates of compliance, all of that. It's all necessary now. Um,
If not for you training us on what to look for with phishing emails, I can probably think of 50 examples of things I would have clicked on in the last six months alone. Had I not been
kind It's right before we fired off the, the podcast on this, I got a phishing email and it was about, But it's it's of a phishing email. It says in big blue, um, base coin, hyphen base. And then it says, dear, dear we found unusual and suspicious the activities in your Coinbase account. We decided to ban your account to protect you from any.
Please call support team now for ID verification and to continue your use of your account note failure to do this will result in a permanent ban on your account. Thanks and regards team Coinbase. And then it has a 1 5 4 0 9 0 7 number. I won't say the rest of it, but, and then it comes from a Gmail user.
Oh, my gosh.
And these things they're sold layered to just like how you always preach about cybersecurity. It needs to be layered, as you can see from this phishing email example. This is a layered approach to a social engineering campaign. Because number one, they hijacked off of a news story. There's things going on with Coinbase. Then they're preying on your fears about something happening to your account. Then they're preying on your, whatever you want to call it.
Fears mixed with dignity and whatever, because now they're saying that you might be banned. So now that hits a different chord in your mind. And then not only from a psychological perspective, are they using a layered approach there? I would venture to say that every link in that email and the phone number itself, it's probably dated with something ugly. And so the possibilities of you doing something that will negatively impact you are probably layered as well in that email.
So they're using a layered approach to everything they do as well.
Yeah. if you think about it, the times that we've done our own, fishing set up our own fishing campaign. Thank you. It is very layered, you have to think about everything. You have to think about what it's going to look like. is the email going to go to spam?
And to be clear, we did phishing campaigns as part of a pin test. because we
even in our own, even in our own practice, remember we made the decision to use a system with dashboard technology. Right. So we would, know, because of emails, we wanted to make sure that our ecosystem and our clients were. Messages from us and they wouldn't be fished emails. Right. So we to use the portal system. So just like with your bank, I mean, your bank is not supposed to be sending you emails.
And if you have a notification you're supposed to log into your dashboard account and things like that, but never ever log in with the link on the email,
Right. go the normal way. You didn't get that email, do it. How you normally do it without responding directly to that piece
I never called the phone number in the email. Always go direct to the manufacturer, the website, and call on the contact page.
Yeah, but people we should mention that people don't realize that phone numbers can have spyware linked to them. And so a phone number and I don't mean to be over alarming cause people have enough to worry about, but it's just true. Don't dial numbers that are linked to this, these types of messages you get because the numbers themselves can be linked to spyware and
I mean, they could have highly trained social engineering people on the other ends that are persuading them to divulge more information, like, you whatever, personal identifiable information and, you know, oh,
mention how metrics angle of your voice being recorded. And we know there's technology out there that can duplicate a human voice
Yeah, that's a good point. So you have to be careful, you know, they might ask that you'll have to say, you know, um, whatever, you know, so they your voice saying that, um, that,
It's just a time and this, this seems like total chaos. They're out there right now. We can have hope that maybe this will all start to get better, but. Proper site, proper cyber hygiene is obviously the right routes, for this to get better. And that's a good time to mention for an example, like you can't underestimate any threats out there. You can't just, you can't assume let's talk about the fact that Microsoft and the.
Huge big tech companies, huge big tech companies, possibly what we know they got breached, but it's looking like possibly they were breached by a group that's led by a teenager. And that's the fact of the state of things that we're in. You cannot underestimate any threats out there onsite in cyberspace. You have to take the proper precautions. If Microsoft and in video were reached by the
bringing up. Yeah. back to this, um, you know, second. So, you know, unique identifier. Typically a, um, a network called a Mac address. Like if I'm going to sign up Coinbase from my phone or from my desktop, there's going to be a unique Mac address ID on my phone, and there's going to be unique Mac address idea on my desktop. Why couldn't a white listing technology be enabled such that when I sign up, that's kind of like your IP right?
It goes a step further because this is a hardware Mac address. Why not have these things on. part of my profile and persona of who I am. Right. a bad actor tries to exploit that and the check doesn't match, meaning the Mac addresses that match and the IP, you know, you have all these red right? It's like, it should red flag to support saying, Hey, look, they're not really who they say they are,
it could be, if those proper steps
but that's my though. I mean,
The proper steps were taken.
But my point though, is that the business, you know, needs taking security seriously and, and be taking it more seriously than the average consumer. So these are like basic things that should be done for any business, like a bank. You know, anything, if if you are, you know, there reason you're on vacation, whatever, but that's. There should like a, uh, either a support or somebody stepping in to say, Hey, look, you know, this is a red flag. this real, you know, let's reach out person.
Right.
Yeah, absolutely.
In the defense of Coinbase, this problem is very widespread. They're making mistakes with their security and so is pretty much everyone else, right? Because you remember, we had a situation with a financial institution and we found evidence during our pen test of multiple brute force attempt attacks. Specific employees and, it didn't seem to be too alarming to staff and, we, and our partners with the AI driven software found it to be very alarming.
It's just a common and very widespread problem, right? That, that the proper, like Craig, you're very meticulous about cybersecurity and cyber layers. And you have a very pristine, like you set up a very pristine environment, in your cyberspace and that's not common.
I think the, link here is that since crypto specifically is still regulations are still being hashed out and decided upon, I think the big differentiator though, of a bank, for example, like if any consumer goes and opens a bank account, they immediately get what's called FDI. Insurance on that bank account. I can't remember if it's like a hundred thousand or 250,000 or something like that. Where if you're, if something were to happen, um, right?
Where I don't, I'm not aware of any kind of insurance like that, that exists on the crypto side yet.
Yeah.
You there is, but I've never seen it.
no cyberspace. And then crypto definitely falls under that umbrella is the wild west, right? We get calls all the time from people that are frantic about hacks, that they think have happened on their home network or small business network. And they, there's a common misconception that there's like a Ghostbuster line to call for cyber, events that have happened. People don't realize there's really not anyone to call. Like you could call it a private business like us, and enlist our services.
But as far as like public assistance, like a nine 11 type situation, like there's not anyone to call
it's, it's, just like out of scope complicated, right? I mean, you know,
it's cutting edge. And even the government, as we know, has been behind on their cyber hygiene, So
exchanges. It's banks, it's it's everyday businesses. It's the supply chain. I mean, these issues everywhere, but I think if we can, and I've said this before, if we can simmer down these regulations, CMMC that's the most modern framework, make everybody, you know, make every business of all shapes and forms adhere to that standard. Simplify it. Do the third-party audits. Do the assessments, do the third-party pen tests, all that stuff. Do the checks and balances keeping cyber and it separate.
That's the way that's the way forward. I mean, that's the way to.
And even as a more basic starting point, just that list, that was linked to the Biden announcement that was, MFA. The newest and most modern, effective cyber tools and enlist help of a professional, don't try to go at it alone and we're The
going back to the MFA though, wasn't there something at Coinbase that there was an issue with their MFA.
And you've been hearing a lot about
So, so how do you know? Uh, and I, you know, I, I, don't just going to say it anyway. How do you know that all these, you know, there's not just one or people in there, like thousands of people that this is. Yeah. So over 6,000 or 6,000 people, this is affected. That's not a small number now, now, now it possible? And again, I'm speculating when I say this, but is it possible that all of them kind of fell victim
Yeah, that's a good question.
I, you know, a full and forensic would have to be done, but my point is that it's kind of interesting so many people are affected then that then this flaw happens. And then I, you know, then people are like left without the money. Right. They're, they're basically life savings were drained and they have no recourse. You know what I mean? Like it's just doesn't seem right.
Yeah, actually, it's speaking on that too. There's something that I highlighted in here. know, The guy that, the lawyer that retired lawyer, they got $700,000 stolen from him.
him and his wife or something. It was a lot. Anyway, go ahead.
Yeah. There's yeah, it equals like 700 there's two different ones. There's one that was like 11.6 million. But theirs was the one that was only $700,000. But it says here, they eventually did set up a call center so that you can speak to somebody live, but they have very strict regulations about who can actually call. And then, so after they finally set that up, he liked talked to somebody and after a couple months they gave him $500 in Bitcoin after he, so he's.
He says it, it felt like they kicked sand in my face. Is there even anybody senior at Coinbase looking at this, somebody make a calculation and said, okay, this is what happened to this guy. He lost 21 Bitcoin. Let's give him
But, you know, the other here's thing. So that guy was a lawyer that this happened to, right. So know, lawyers sophisticated. Right. You know, why would they, and again, I'm speculating. I don't know enough about the situation. It's just see this whole thing is, is quite puzzling from, for me from a cyber perspective. Why give him $500 in Bitcoin or for that matter? If their stance stances, they didn't do anything wrong.
I guess they could, they labeled it like a courtesy credit of some sort, which is more of an interest in the credit.
Thank
This is a whole new, this
0.1% or something like that.
Pretty low, but the crypto is a different animal because a lot of people that are crypto enthusiasts and believers are putting their life savings into crypto. And so this is a real dangerous situation for the common folk, because people are, a lot of people are putting their hopes in money into crypto, like all of it. And
Well, I've, I I've, said times the rule for that is stored on a cold wallet, you know, and have said, well, what if the fails it? You know, just that the funds don't actually live on that hardware. wallet, which is the 24 word passphrase. So you get the hardware.
long as you
Yeah. So now, like, if you are concerned, obviously hardware is going to fail. Right. But everyone listening, never, ever disclose that 24 weeks. that is your, that is everything for you that you, you have to protect that like a golden bar, you know, I mean, you anybody. Don't type it on anything on your computer. Don't digitize it, it needs to be physically secured in a safe or wherever.
I would not copy it, you know, because if gets that word, those 24 words, they can recreate that wallet and liquid. They don't have the hardware. A lot of people think, oh, what's really in this hair. I'll show you one. this, um, this ledger, where all my crypto goes and it's cold because it's not connected to anything. Yeah.
never seen one. That's
Bluetooth nano X. So, oh, my crypto's here. No, the crypto. Yeah, when you get this thing and by the way, don't ever buy one of these, unless you buy it direct from the manufacturer, never buy from a reseller, never ever buy it from eBay. My point is when you set that thing up, the first thing that you do is it says, okay, we need to create your wallet. We're going to give you 24 words and it shows you all these different words. And then you write them down.
You physically write them in pen, on a card it comes with. Okay. That is the creation with Krypton tography of your wallet. Okay. So I want to buy five of these, like physical,
Then what's the point of having the heart? What's the point of that thing in your hand then if the 24 words are the wallet, why do you need that machine
because this gives you the ability to, um, it and it to your computer to authorize transactions. Okay. So that's the function of the hardware, but you.
Oh, okay. So you don't have to type the 24 words. You're
Correct. Yeah. Everything. The 24 words are, remember we talked about hashing and salting. They're hashed in this. So the only thing that you have to remember as a human is the pin number, the said, but, but
so you're predicting the 24 words by using that device there because the 24 words are really where your
words are where your money is. So like, if I want.
And that from a cryptography standpoint, excuse me, that's more secure than a 24 digit password. You have
No, they're 24 separate words, much more secure,
yeah. that's an increase
you can take this thing. You could literally buy two of them or three of them, or five of them or 10 of them. You could set them all up with that same 24 K a word passphrase, and then they're all clones of one another. They're all exactly the same.
You
hand them out to family or trusted members. And then when you want to authorize a transaction, you can do that. There's other things called multisig and more advanced things that are even more far more secure than that. But if, if most people would just use cold wallets, then a lot of this stuff would be so much more secure.
Oh, wow. Cause then you still need it. Even if someone gets your cold wallet, let's just say someone's fuels it
Yeah. Somebody stole this from my house. the pin number.
Yeah. So you just never write that down. You Never keep it. Yeah. That's, I didn't realize that the 24 words was actually the money. So that's like the knowledge is the power and you're protecting the knowledge by using like backing it to that device and linking it through a code. That's real. So that makes a lot of sense. So that, that definitely sounds like the right way to store Crick.
I got a question too, about that. Can you use like an authenticator or a onetime? Was it, oh, tap one time authentication password
you, um, like that that I showed you, so ledger has software called ledger life that you can connect. And when you connect with ledger live, it asks you to physically connect it or use Bluetooth and then use your pin number to authenticate, and then you have to accept or allow the transit. so you have to go through those hoops. So let's say, I want to send you Bitcoin. I would have to have, what's called the Bitcoin app on the ledger device.
I'd have to open the ledger and the way to open it is to enter my pin number. Once I enter my pin number and it successfully authenticates, then I have, I can open any of the apps on there. If I'm going to transfer Bitcoin or buy Bitcoin, I'm going to open the Bitcoin app and then I'm going to communicate it. Leger live of what am I doing? My selling it, or my buying it, transferring it, whatever. And then it'll say, okay, do you authorize this transaction?
You have to approve or deny it within a certain period of time. all, authentication layers.
Definitely. That's definitely enhanced security. And we know that a comment people may not realize, but one of our, we actually have where Petronella technology group in petrol, a cybersecurity, but also blockchain security is us. And this is a good time to mention that there's a very common misconception amongst the whole web three blockchain crypto crowd. That blockchain is just inherently secure. And let me be clear.
The blockchain itself, the chain is considered an immutable record because each block has a a portion of the previous block and it's, held by so many different people or nodes. That part may be true, but the infrastructure that you're using. Access that chain, your network, your IOT, connected devices, all these things that we're hearing, know, all these possible ways that something can be breached, back's all still vulnerable.
And so just because you are using crypto, it doesn't mean you're not susceptible to a breach or a hack. That's not true at all. And the chain itself is considered secure. But nothing else other than the chain is considered secure, like everything connected to the chain is still a vulnerability that
Yeah, look look at, what Look at what happened with Ethereum. I don't know if you remember, but when a theorem, um, there was a flaw with one of the smart contracts and millions of dollars where, um, the Ethereum developers, I think, I can't remember if. Took or something happened. I can't remember. I'd have to research it, but my point is that it was the, the exploited, the flaw, and the developer actually said I didn't steal the money.
I was just, it was a flaw in the system, but I mean, obviously ethics involved in that. But my point is that the, the, the for the, the Ethereum had to do, what's called a hard fork and fork, the whole network, the whole blockchain. coding error.
So my point is that even though the blockchain may be secure the technology because it's of the cryptography and then the mining and consensus and all the things that have to happen to add blocks to the chain that the other things like the code of the software in this case, the smart contract code, if the code has a bug. smart contracts are, you know, reduce zero trust, no humans making decisions.
They're all like if the, if this happens, then this happens and then money is moved and exchanged and sent or whatever, all on autopilot. So if that code is wrong and there's a wrong wallet address in there or whatever.
It often is wrong. There's auditors that do this. And I interviewed one of them previously for a book you were writing. And literally he showed me a list because it's public knowledge of all of these different blockchains that had, that were founded. Like their code was falled. I think audits. And so again, that word layers comes to mind because what you're describing is a layer situation. So you have the blocks themselves that can't be changed.
They're immutable, unless there was like a majority attack, which is uncommon or rare. But other than that, there's all these different layers. The code itself could have flaws in it. And it does often, as we know, from the auditors that we'd spoken to, and then you have all the people's personal computers and their network and their IOT devices and their smart fridge that can affect everyone else on the net. So again, a layered problem. It's a layered situation. It's not just what people think.
Oh crypto, every blockchain, it's all secure. It's all immutable. Nope. The chain, the blocks are
Well, and to stolen funds, whatever exchange you're on. You know, it The point is that if, if funds without your authorization, even if you made a mistake, all of that's on a public blockchain. So eventually it's kinda like, um, have you TV shows where they find a mass murderer from 30 years ago, whatever, then they convict them with DNA or something. It's the same thing. Like all these people like that lawyer that lost all that money, all this stuff is on the public. Right.
enforcement catches up and forensics catch up and they chase the, you know, the, rabbit eventually they're going to find where it is and now it might lead to an adversarial country, or it might lead to, you know, different But look at what happened with the colonial pipeline. You know, the to successfully recover. What was it? 600 million or it was a lot of money. It wasn't all of it.
That's a good, these are just like, that's a good point when that argument is just falls apart when you really study it. The argument that crypto is, for criminals and caches is not, it falls apart when you study it because cashflow, you'll never be able to find out what happened with the cash transaction last week, but you're right. That all this stuff
all. It's all public record and.
yeah, just because the mystery is not solved today, it doesn't mean it can't be looked at a later
Yeah, that's, that's my point. You know, eventually catch up to you. So, I like I said, it might lead look at what happened with colonial pipeline. You know, the mistake was. They use an exchange to flip the crypto that they were collecting from the ransom fees paid. They then transferred that to Fiat, wherever they were and whatever country. And then that's how they got busted because the FBI was watching that exchange. They saw the transaction and that's how they got nailed.
So my point is that all these we'll call them unsolved, crypto mysteries, all these unsolved crypto mystery. Your days numbered if you're a criminal, because it's all on there. Now you may use, you know, Bitcoin ATM, you know, there's all things to kind of anonymize criminals can.
But you can't large, huge transactions like they're doing at a Bitcoin ATM,
But my point is that maybe not all of it can be recovered, is all public record.
No you're right. That is all there. And data lie here. Right? Cause it, you even have like there's algorithms, right? That let's just take all the people in the FBI, out of the mix there's algorithms that literally are the framework, the fine of all of these chains. And they know they have. No where this stuff happened at, and that data is not going to go away. You're right.
So when you look at it from that point of view, it, the argument that caches is the up and up way to do way to transfer money. And crypto is is somehow dark. It makes no logical sense at all, because it's quite actually the opposite, I would say, because this is a system recorded.
is that not only is it recorded, but, um, you know, there's something called KYC or know your customer and, and ID verification checks and things like that. So let's say with the colonial pipeline or whatever, somewhere in the world as crypto becomes more there is more security and regulation You know, eventually people are going to have to disclose, upon a hundred Bitcoins?
I mean, you know, and then obviously IRS and wherever else in the world, they're going to want tax money you know, because that's that's property or whatever, they decide but my point though is. record, you know, days feel like my opinion is. Eventually it could be, you know, a solved crypto case from wherever.
Yeah. Now it's like it's got the framework to be a far more secure system than cash could ever be. Simply because cash does happen. Anonymous factor in crypto does
transaction is recorded on that ledger. Even if you buy, like if you buy of those ledgers or you buy a Trezor or you, you other service or whatever, if you have Bitcoin or you have crypto, you're going to move it. You have to pay the transaction fees to move it. And that's the same for anybody. Even if you own the wallets, you still, if you're going to move it from wallet to wallet, you got to pay the fees. And then the reason why.
You need to the world in the blockchain that your stuff doesn't live on this wallet anymore. It lives on this wallet and all of those transaction, all those blocks are recorded on the public ledger.
Yeah, you're right. It may be obscure and hard to read data right now, or hard to track data right now for where we are at technologically. But that doesn't mean it's going to stay that way and that data's not going anywhere stored, permanently.
All right. wrap up All right.
Yeah. Have a great weekend, everybody.
Yep.
You too. All right. Take care.
Okay. Bye. Bye.