Skip to content

Latest commit

 

History

History
29 lines (23 loc) · 3.02 KB

risks.md

File metadata and controls

29 lines (23 loc) · 3.02 KB
Raw

Risks

Accidents

  • Death / Incapacitation. Methods that require a secret kept only in a person's memory are not resilient to death, incapacitation, or memory loss. For example, if you forget the passphrase necessary to access your wallet, you will not be able to recover funds. If you die, your heirs will not be able to recover funds.
  • Memory Loss. See Death / Incapacitation.
  • Disaster. An unexpected event that can destroy stored data or prevent access to it. For example, fire, flood, tornado, riots, war, etc.
  • Data rot. Corruption of critical stored data from wear or decay over time.
  • Software rot. Most protocols depend on the availability and compatibility of software with your seeds and other information created and kept for a wallet. But if your funds are stored for a long time, software may become difficult to find, or your keys may even no longer work within the system. The second is hopefully unlikely for a coin that has a policy of maintaining backwards compatibility.
  • User Error. Typos, weak passwords, incorrectly performed steps, etc.
  • Process Fatigue. When complexity of the process causes steps to be skipped or done incorrectly.
  • Unknown security threats. Any protocol may contain weaknesses which are currently undiscovered – perhaps related to attacks which are not part of the current security landscape.

Attacks

  • Remote Theft. Theft of data via malicious software where the attacker did not have physical access to any hardware.
  • Transaction Alteration. When transaction information, like the address or amount, is altered by malicious software before the transaction is presented for signing.
  • Social Engineering.
  • Opportunistic Physical Theft. Unsophisticated thefts of convenience.
  • Targeted Physical Theft. Sophisticated attacks that attempt gain physical access to your devices or stored data. For example, key-loggers, lock picking, and breaking-and-entering.
  • Supply-chain Attack. If the hardware that has been compromised by a malicious actor in the supply-chain, like the manufacturer , distributor, transporter, or even the designers themselves of a device or even a specific component (like a CPU), this could lea to theft. Compromise of critical pieces of software can also have this effect, for example an operating system or firmware.
  • $5 Wrench Attack. The threat or act of immediate violence in order to coerce someone into telling secret information or send money to the attacker's wallet.
  • Hostage Attack. Taking someone's loved one hostage in order to coerce that someone to send money to the attackers.
  • Betrayal. Someone you trusted with keys or other privileged access who uses their access to steals your funds.
  • Denial of Access. When a bank, government, or other entity intentionally prevents you from accessing the data you need to use your wallet or keep it safe.

See also