🔢Multikey Attack & Loss Vectors
This is a working document.
General Attack/Loss Vectors:
“Wrench attacks” involving physical, emotional, or chemical coercion to sign apply to most key types and are discussed in Duress Mode.
Phishing and other social engineering attacks are discussed in Preventing Phishing.
Cases in which Obi is compromised or shut down are discussed in Obi Service Providers.
Finally, many attacks can be mitigated by Security Notifications.
Specific Attack/Loss Vectors
Each key has a different, though sometimes overlapping, set of potential loss and attack scenarios. Some of these can be mitigated. “Security by Diversity” is still the primary security principle, rather than making any particular key type 100% secure, which is not possible.
PasskeyCloud KeySMS KeyTelegram KeyWhatsApp KeySocial Recovery KeyEmail Recovery KeyLedger Hardware KeyMap Points KeyNFC Key2-key loss and attack scenarios are more difficult to imagine, but are even more important to mitigate:
Major 2 Key Loss Vectors and MitigationsMajor 2 Key Attack Vectors and MitigationsThe strongest attack, the Unlocked Theft attack, is one which would also compromise users of any other wallet technology, including hardware wallets. However, mitigations can make the attack more difficult and give the user some potential recovery paths, assuming they act quickly enough:
“Unlocked Obi Theft” AttackLast updated