🔢Multikey Attack & Loss Vectors

This is a working document.

General Attack/Loss Vectors:

“Wrench attacks” involving physical, emotional, or chemical coercion to sign apply to most key types and are discussed in Duress Mode.

Phishing and other social engineering attacks are discussed in Preventing Phishing.

Cases in which Obi is compromised or shut down are discussed in Obi Service Providers.

Finally, many attacks can be mitigated by Security Notifications.

Specific Attack/Loss Vectors

Each key has a different, though sometimes overlapping, set of potential loss and attack scenarios. Some of these can be mitigated. “Security by Diversity” is still the primary security principle, rather than making any particular key type 100% secure, which is not possible.

Passkey Cloud Key SMS Key Telegram Key WhatsApp Key Social Recovery Key Email Recovery Key Ledger Hardware Key Map Points Key NFC Key

2-key loss and attack scenarios are more difficult to imagine, but are even more important to mitigate:

Major 2 Key Loss Vectors and Mitigations Major 2 Key Attack Vectors and Mitigations

The strongest attack, the Unlocked Theft attack, is one which would also compromise users of any other wallet technology, including hardware wallets. However, mitigations can make the attack more difficult and give the user some potential recovery paths, assuming they act quickly enough:

“Unlocked Obi Theft” Attack

PreviousObi's Unique Advantages NextPasskey

Last updated 9 months ago