Take a minute and ask yourself two simple questions: who or what are you trying to protect your Bitcoin from? How far are you willing to go to protect it?
These two questions are the root of a concept called “threat modeling”, and should be the basis for deciding what steps you take to secure your Bitcoin. Answering these two questions properly requires an understanding of what threats are out there to your Bitcoin and how they can be prevented.
In today’s blog post we’re going to walk through the most common threats to a Bitcoiner’s sats and break down how Passport helps to keep your savings safe.
Loss of funds
The threat: While this isn’t an intentional attack by a bad actor, it’s by far the most common way that people lose their Bitcoin. If proper backups aren’t kept, frequently tested, and broadly distributed, loss of funds is an ever present risk.
Losing your Bitcoin can certainly happen due to unforeseen events like house fires and floods, but it most often comes as a result of over-complicated setups and unplanned inheritance. It’s easy to want to always be on the cutting edge of security and wallet setups in the Bitcoin space, but it often pays to follow the old “KISS” (”keep it simple, stupid!”) adage when it comes to storing your Bitcoin!
Be sure that you thoroughly test the recovery process of whatever setup you do decide, and ensure that those you want to pass your Bitcoin on to can follow the recovery process without any additional help or input from you. It pays (in sats!) to be thorough and diligent when it comes to storing your Bitcoin.
An example: Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes | NY Times
How Passport protects you: Passport takes two major approaches to helping you preserve access to your Bitcoin: (1) providing users the necessary tools to write down their seed phrase and/or backup PIN code safely, and (2) providing encrypted microSD backups as the default option. Our goal with Passport backups is to prevent losing Passport from being a life altering event, instead equipping you to easily and safely restore funds anytime.
Encrypted backups in particular provide a uniquely powerful backup method, as you can easily distribute encrypted backup files broadly, be it your favorite cloud service, your password manager, or many different microSD cards or USB flash drives. As the backup file itself is encrypted, even if an attacker stumbles upon it they won’t be able to tell what it is, much less access the seed phrase within it without the associated backup PIN code. Then simply make multiple, geographically distributed copies of your backup PIN code (never together with your encrypted backup file!) and you’ll always have the ability to recover funds.
For the more traditional Bitcoiner, you can choose any number of backup methods for the seed phrase itself, including steel backups to ensure that fire and weather can’t harm your backups.
Learn more: Why we love encrypted microSD backups
Social engineering
The attack: The idea of social engineering is as old as time, but has become even more rampant in the digital age. When it comes to Bitcoin, often the largest risk to a user’s funds is someone online tricking them to install malicious firmware or enter their seed phrase directly into malicious software.
How Passport protects you: Passport prevents the installation of any firmware that is not signed by Foundation’s developer keys, ensuring that even if you get a malicious firmware file from an impostor site or fake support agent, there is no way for you to install the firmware onto your Passport.
When it comes to scams centered on tricking users to enter their seed phrase, while there is no technical way to prevent this (a user always needs to be able to access their seed phrase for backup purposes), Passport forces a user to go through several prompts warning them not to share or reveal their seed phrase to anyone else.
Malware on your computer or phone
The attack: Malicious software wallets are a constant, ongoing battle in the Bitcoin space and have claimed many sats from good Bitcoiners over the years. The common attack is to use advertisements on Google Search or use similar names on platforms like the Google Play Store to trick users into installing malicious versions of popular wallets.
An example: Electrum Bitcoin wallets under siege | Malwarebytes
How Passport protects you: One of the biggest benefits to a hardware wallet that utilizes an air-gapped design like Passport is that it is practically impossible for malware to steal funds in any way if the user is observant. Passport’s air-gapped design means that no matter what software wallet you’re using, you always have to scan in the transaction and verify the transaction details on Passport’s large, color screen before signing.
Even if the wallet attempts to provide Passport with a fake change address, a common and stealthy attack, Passport will check the change address and warn if it does not belong to your wallet. As the malware on your computer has no way to access Passport via USB or Bluetooth, it cannot infect Passport and make Passport display false transaction details, either. This is an immensely powerful defense and one that protects you against many different threats!
The next time you send a transaction, take a bit of extra time and be sure that you’re verifying the address and amount properly to protect your sats. In addition, make sure to bookmark the legitimate sites for your favorite Bitcoin wallets, never trust a random DM on Telegram, and verify software that you download whenever possible.
“Evil maid” attacks
The attack: An “evil maid” attack is a category of attacks encompassing any time an attacker gains physical access to a device that’s off. This can happen when you’re at home (i.e. someone you trust), when you’re traveling (i.e. an actual maid at a hotel), or when the device is in transit (i.e. checked baggage while flying). A whole new world of risk opens up as soon as an attacker has physical access to your Bitcoin wallet as they can perform a host of attacks.
The most common evil maid attack is to swap your Bitcoin wallet with a malicious wallet that records your PIN code and then recover the malicious device and use the captured PIN code to steal funds from your wallet.
How Passport protects you: Passport provides two main mechanisms to help protect yourself against a malicious device swap attack. Security words are easily enabled in Passport’s settings and make Passport show you two unique security words that can not be seen or replicated without knowledge of your PIN. You can learn more on how to use this feature in our documentation here.
The second defense is to check the boot count under Firmware in settings and compare with what you’d expect. While it’s a simple and less fool-proof check, it does add an additional layer of difficulty for any device swap.
Learn more: Security Code & Security Words
Physical theft
The attack: This one is quite straight forward, and involves an attacker simply stealing your Bitcoin wallet. Stealing your hardware wallet gives the attacker more time to attempt physical attacks or a PIN brute-force attack, though the fact that your wallet is missing can give you a chance to move funds if you have proper backups available.
An example: Kraken Identifies Critical Flaw in Trezor Hardware Wallets | Kraken
How Passport protects you: Passport has been built from the ground up to provide an extremely strong defense in the case of a stolen device. Passport’s security architecture leverages a secure element to best protect against physical attacks, making successful physical attacks that steal funds infeasible.
Passport’s secure element provides a strong hardware-based PIN code rate limiting, allowing only 21 attempts to enter the correct PIN before the device is intentionally bricked and no seed is able to be recovered from the device. The secure element also prevents an attacker with strong electronics expertise from being able to extract the seed from the processor or memory, as the secure element would also have to be compromised to retrieve a working private key.
Learn more: Maximum PIN Attempts
Supply chain attacks
The attack: Last but not least, we have supply chain attacks where an attacker intercepts the device before you receive it. The attacker could tamper with the hardware of the device and re-assemble it with some form of backdoor or transmission of the private key built in.
An example: Case study: fake hardware cryptowallet | Kaspersky
How Passport protects you: With Passport we’ve engineered a novel supply chain verification system that leverages the secure element on Passport. Every Passport device has a secret key locked away in the secure element that is used when you setup your Passport to perform a challenge-response check with our servers that will only be valid on devices we have provisioned directly at the factory that have not been tampered with.
If the secure element is tampered with in any way, or if a malicious device was swapped out for a legitimate one it would be unable to pass supply chain verification.
Learn more: Passport Supply Chain Validation
Conclusion
While seeing many of the potential threats to your Bitcoin can feel overwhelming, note that the vast majority of these threats are mitigated by simply using Passport as intended. Secure self-custody doesn’t have to be complex and daunting, though we do have to be vigilant and responsible when taking back control of our money via Bitcoin.