Obi Public Docs
  • FOR USERS
    • Quickstart: Using Obi
  • FOR BUILDERS
    • Obi: Cross-Chain Account and User Management
    • Dev Quickstart: Connecting Your App
    • Dev Quickstart: Building Multi-Chain Apps
    • ๐Ÿ”ตThe Obi Smart Account Suite
      • ๐Ÿ”’Multikey
        • ๐ŸŽฃPreventing Phishing
        • ๐Ÿ“ฒSMS and Other Web2 Providers
        • ๐Ÿ’•Final Recovery
      • ๐Ÿ”Signet
        • Draft Signet Whitepaper
      • ๐Ÿ’•Extra Life
      • ๐Ÿค–Automatons
      • โณSessions
        • Threshold Escalation
      • ๐Ÿง™โ€โ™‚๏ธParty Members
        • Allowances: Hot Wallets, Budgets, and Subscriptions
        • Allow/Block/Delay Lists
      • ๐ŸงฉObi Stack Overview
      • โ›ฝGasless UX
      • ๐Ÿ”General Obi Features
      • ๐Ÿ“œSmart Account Design Philosophy
      • ๐Ÿ—๏ธSmart Contract Architecture & Flow
    • ๐Ÿ›ฃ๏ธRoadmap: Upcoming Features
      • ๐Ÿ”งDuress Mode
      • ๐Ÿ“ณSecurity Notifications and Lockdowns
      • โœ‹Global Transaction Limit (Sanity Limit)
      • ๐ŸŒObi Service Providers
        • Incentivizing Service Providers
    • ๐Ÿฅ‡Obi's Unique Advantages
    • ๐Ÿ”ขMultikey Attack & Loss Vectors
      • Passkey
      • Cloud Key
      • SMS Key
      • Telegram Key
      • WhatsApp Key
      • Social Recovery Key
      • Email Recovery Key
      • Ledger Hardware Key
      • Map Points Key
      • NFC Key
      • Major 2 Key Loss Vectors and Mitigations
      • Major 2 Key Attack Vectors and Mitigations
      • โ€œUnlocked Obi Theftโ€ Attack
  • Glossary
Powered by GitBook
On this page
  • General Attack/Loss Vectors:
  • Specific Attack/Loss Vectors
  1. FOR BUILDERS

Multikey Attack & Loss Vectors

PreviousObi's Unique AdvantagesNextPasskey

Last updated 1 year ago

This is a working document.

General Attack/Loss Vectors:

โ€œWrench attacksโ€ involving physical, emotional, or chemical coercion to sign apply to most key types and are discussed in .

Phishing and other social engineering attacks are discussed in .

Cases in which Obi is compromised or shut down are discussed in .

Finally, many attacks can be mitigated by .

Specific Attack/Loss Vectors

Each key has a different, though sometimes overlapping, set of potential loss and attack scenarios. Some of these can be mitigated. โ€œSecurity by Diversityโ€ is still the primary security principle, rather than making any particular key type 100% secure, which is not possible.

2-key loss and attack scenarios are more difficult to imagine, but are even more important to mitigate:

The strongest attack, the Unlocked Theft attack, is one which would also compromise users of any other wallet technology, including hardware wallets. However, mitigations can make the attack more difficult and give the user some potential recovery paths, assuming they act quickly enough:

๐Ÿ”ข
Duress Mode
Preventing Phishing
Obi Service Providers
Security Notifications
Passkey
Cloud Key
SMS Key
Telegram Key
WhatsApp Key
Social Recovery Key
Email Recovery Key
Ledger Hardware Key
Map Points Key
NFC Key
Major 2 Key Loss Vectors and Mitigations
Major 2 Key Attack Vectors and Mitigations
โ€œUnlocked Obi Theftโ€ Attack