Wealth Security Protocol
Wealth Security Protocol
Go to Casa Home
Overview
💜Casa vs. Alternatives
Introduction
Option #1: Do-it-yourself
Option #2: Custodial Storage
Option #3: Commercial Systems
🔑System Design Principles
Introduction
Minimal Knowledge
High Security
Usability is Security
Expert Support
Redundancy
Sovereignty
Incentive Alignment
Bitcoin First
🚨Threat Overview
Introduction
Data and Credential Loss
Phishing
SIM Hijacking
Network Attacks
Malware
Supply Chain Attack
Physical Coercion
Child/Pet Attack
Internal Service Provider Attack
Platform / Hosting Provider Attack
Code Dependency Attack
Official Seizure
Inheritance Failure
🔐Chosen Features
Introduction
Hardware Wallet Signing
Multi-signature
Multi-location
Heterogeneous Hardware and Software
Seedless Hardware Wallets
Emergency Recovery Key
PIN or Biometrics for Mobile Key only
PIN for every device
Sovereign Recovery Instructions
Emergency Lockdown Button
Health Check
Identity Verification for Account Recovery
✅Chosen Key Schemes
3-of-5 Key Shield
2-of-3 Basic Multisig
Mobile Key
❌Rejected Key Schemes
Key Sharding (Shamir’s Secret Sharing)
2-of-2
1-of-2
❌Rejected Features
Biometrics General Usage
Seed Phrase Backups
Financial Products and Services Integration
Brain Wallet -- Memory Based Solutions
Web-Based Key Management
Hardened Addresses
🔧Remaining Attack Vectors
Address Spoofing
Malicious Insider Key Theft
Extreme disaster scenarios
Extortion
👨‍🚀Future Improvements
Taproot/MAST
Schnorr Signatures
Powered by GitBook

Phishing

Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.

Phishing is a common practice. Users of desktop wallets like Electrum were attacked with a false upgrade notice, tricking them into downloading a version of the software that steals their Bitcoin.

Mitigation:

  • Watch carefully for HTTPS warnings on cryptocurrency sites.

  • Always check the URL on cryptocurrency sites.

  • Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.

  • Use a sovereign key storage system that avoids single points of failure.

🚨Threat Overview - Previous
Data and Credential Loss
Next - 🚨Threat Overview
SIM Hijacking
Last updated 5 months ago