You aren’t fighting the perfect enemy: know your threat model

Published in

Coinmonks

5 min readOct 18, 2021

When you are working on anything that has to do with bitcoin security, it’s easy to focus on the holes and get carried away.

You have a mobile wallet with some bitcoin in it and you are thinking that you should start using a hardware wallet, but you’re worried about connecting it to your computer because what if there’s malware, and you aren’t using a VPN, and before you know it you’re reading about burner phones and trying to achieve complete online anonymity.

Getting carried away often leads to overcomplicating things, and that can be its own kind of threat. Most likely though, getting it perfect becomes overwhelming and you end up not even backing up your seed words.

Your greatest threat probably isn’t a perfect enemy who will attack you at every vulnerability. What kind of threats do you need to worry about?

How to build your threat model in three steps

1. What is likely to take or destroy your private keys?

It might be the case that the only backup of your seed words that you have is on a piece of paper that you keep in a shoebox in your closet. It may be unlikely that someone will steal it (unless you are always talking about bitcoin) but it’s possible that you have a house fire or a flood, or perhaps you are not terribly organized and you lose track of your backups when you have to move.

Perhaps you keep all your bitcoin savings in a wallet on your phone. Malware is a significant threat to you because you run lots of different apps on your phone and use it to visit many different websites in the course of any given day. In general, mobile phones are full of spyware and vulnerabilities, especially if you don’t regularly run updates.

Maybe you have been using a web wallet that’s not open source, and you’ve been learning how such wallets are very risky because they are more likely to have unknown vulnerabilities that are exploited by hackers and because you don’t really know what the wallet’s developers might have put in the code.

2. How can you mitigate these threats?

In the first example, you might decide that you should order a stainless steel backup for your seed words, or perhaps you’ve heard about multi-signature wallets where you can spread out the keys to your wallet so that they aren’t all in the same location.

In the second example, you might decide that you need to move your wallet to a new phone which will only be used for bitcoin activities, or you may have heard of hardware wallets and decide that you need to purchase the type of hardware wallet that keeps your keys offline.

In the third example, you might decide that you should switch to a free open source software wallet, and you’ve learned about using PGP to verify the signatures on the software, or maybe even you’ve heard about building from source.

3. What are you most likely to implement?

Again with the first example: while metal backups are good, and multisig wallets are very secure, you should probably take a few minutes to copy down your seed words on a another piece of paper and put it in a second safe location. This is a very easy way to add a little redundancy into your bitcoin setup, and it immediately addresses your primary threats: fire and flood.

As to the second example: using a dedicated device is a great idea, and keeping your bitcoin on a hardware wallet that is not connected to the internet is very strong way to mitigate the risks posed by malware. You should definitely pursue these security improvements, but, once again, it will only take you a few moments to remove unnecessary apps from your phone and switch to using a browser that has a better pop-up blocker. Neither of these mitigations provides strong protection against your threats, but their ease of implementation makes them most important.

Finally, in the case of the third example: closed-source web wallets are a horrible idea and you should transfer your bitcoin out of that wallet as quickly as possible. Using PGP to verify signatures on the software you download will greatly increase your confidence that you actually have the software you think you have, and building from source is the ultimate test of this, but it is the work of a few minutes to download one of the commonly recommended open source bitcoin wallets and set up a new wallet there. You will give your security a massive boost by switching to open-source software, and it mitigates the threat posed to you by developers and hackers looking for exploits.

Don’t get carried away

There are a lot of great security and privacy tools in the bitcoin world, and more are being developed all the time. But, like all tools, they require some practice to learn how to use them. Sometimes the effort you must expend to learn how to use a new tool or choose the right flavor of tool becomes great enough that you don’t get the job done.

Don’t get bogged down trying to implement some kind of ultimate bitcoin security when there are basic security steps you haven’t taken. You are more likely to gain security by making simple, small changes than by a sudden leap to perfection.

Think about your threats — the most likely scenarios that could lead to you losing control of your bitcoin — and find the ways to mitigate those threats that you are most likely to implement. Just get that easy stuff done.

When you can’t think of any further easy stuff, then go down the security rabbit hole and learn about the ins and outs of secure elements or multi-vendor, multi-jurisdiction multisig wallet setups.

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing