July 17, 2025
Crypto Security: Building Open Source Education for Blockchain
The player is loading ...
In this episode of The Smart Economy Podcast, host Dylan Grabowski is joined by Josh McIntyre, Chairperson of the CCE Committee at C4, a non-profit organization advancing the understanding and adoption of Bitcoin, cryptocurrency, blockchain technology, and secure private key management. Together, they explore essential blockchain security practices that both newcomers and veterans often overlook.
What you’ll learn:
- How to evaluate your personal security threat model and build appropriate protection strategies
- The three critical security pillars
- Why complacency is the biggest threat to experienced crypto users and how to combat it
- How to implement the urgency-threats-rewards framework to identify social engineering attacks
- Why hardware security keys like YubiKey should be deployed in pairs for redundancy
- How to maintain security hygiene through regular audits and testing of backup systems
And much more!
Josh McIntyre is a software engineer at Microsoft and a tech educator at Chaintuts, a comprehensive educational platform demystifying cryptocurrency security for everyone, from curious newcomers to technical professionals. With a rich background in systems engineering and a deep passion for digital sovereignty, Josh has spent years helping individuals better understand how to safeguard their crypto assets. Whether through his hands-on coding tutorials, video content, or his contributions to the Cryptocurrency Certification Consortium, Josh has become a respected voice in promoting practical, real-world crypto security.
Episode Highlights:
- [26:08] The Three Pillars of Crypto Security Framework
Josh McIntyre outlines three critical components for comprehensive crypto security: social engineering awareness, self-custody practices, and exchange account management. The framework addresses the most common vulnerabilities in cryptocurrency, from phishing attempts to key management, and exchange security. Users must first understand social engineering tactics, as scammers frequently attempt to trick people into revealing keys or sending irreversible transactions. For self-custody, it's essential to properly manage and backup private keys while keeping them inaccessible to attackers. Exchange users need to focus on account hygiene, including strong passwords, two-factor authentication, and ensuring email security matches exchange security levels.
- [29:45] The UTR (Urgency-Threats-Rewards) Pattern for Detecting Scams
McIntyre reveals a powerful three-part pattern for identifying social engineering attacks in crypto: urgency, threats, and rewards. The urgency component involves pressuring targets to act quickly without time to think, while threats often include warnings about account closure or loss of funds. Scammers frequently exploit human psychology by offering too-good-to-be-true rewards, such as promises of massive returns or free crypto. Common examples include phishing emails demanding immediate seed phrase verification and investment scams promising unrealistic daily returns. This pattern recognition approach helps users develop an automatic mental filter for detecting potential scams before falling victim.
- [34:56] Essential Backup Strategies for Crypto Assets
McIntyre emphasizes that losing a seed phrase is fundamentally different from losing a standard password, as it represents complete and irreversible loss of access to crypto assets. He recommends implementing the "three copies, two different mediums, one off-site" rule for backing up critical data. Users should consider using fire-resistant storage, metal backups, and potentially even bank safety deposit boxes for secure storage. The strategy must account for both physical threats (fire, flood, theft) and access planning for heirs or trusted parties. This comprehensive backup approach ensures resilience against various failure scenarios while maintaining practical accessibility.
- [46:07] Avoiding the Complacency Trap in Crypto Security
McIntyre warns that experienced users often fall victim to security breaches due to complacency rather than lack of knowledge. He advises scheduling regular security audits, at least annually, to review and update security practices as threats evolve. The key is treating security as an ongoing practice rather than a one-time setup, including regular testing of backup systems and verification of access methods. Even security professionals can fall victim to sophisticated attacks, making it crucial to maintain vigilance regardless of experience level. Regular security maintenance helps prevent the gradual erosion of good practices that often leads to compromised assets.
Previous guests include: Rusty Matveev, Chief Strategy Officer at Calaxy; Andrew Lawrence, CEO and Co-Founder of Censo; Zac Townsend, CEO and Co-Founder of Meanwhile; Jesper Johansen, CEO and Co-Founder of Northstake; Tama Churchouse, COO of Cumberland Labs; Holly Wood of Boson Protocol; Sid Powell of Maple Finance; Chad Barraford of THORChain; and many others.
Check out our three most downloaded episodes:
- Laying the Groundwork for a Billion-User Blockchain with Rich Rines, Contributor at Core DAO
- Staking the Future: From Blockchain Beginnings to Institutional Innovations with Chen Zhuling of RockX
- The Unstoppable Nature of Blockchain: A Conversation with Bonart Mati of Obligate
Attention all blockchain, crypto, and Web3 professionals! If you're a founder, CEO, or expert doing something innovative in this space, we're interested in speaking to you! Apply to be a guest on our platform and connect with our vibrant community of blockchain professionals: https://fame.so/nnt-guest
The Smart Economy Podcast is handcrafted by our friends over at fame.so
