This is a working document.

General Attack/Loss Vectors:

“Wrench attacks” involving physical, emotional, or chemical coercion to sign apply to most key types and are discussed in Duress Mode.

Phishing and other social engineering attacks are discussed in Preventing Phishing.

Cases in which Obi is compromised or shut down are discussed in Obi Service Providers.

Finally, many attacks can be mitigated by Security Notifications.

Specific Attack/Loss Vectors

Each key has a different, though sometimes overlapping, set of potential loss and attack scenarios. Some of these can be mitigated. “Security by Diversity” is still the primary security principle, rather than making any particular key type 100% secure, which is not possible.

2-key loss and attack scenarios are more difficult to imagine, but are even more important to mitigate:

The strongest attack, the Unlocked Theft attack, is one which would also compromise users of any other wallet technology, including hardware wallets. However, mitigations can make the attack more difficult and give the user some potential recovery paths, assuming they act quickly enough: