Toggle search
Toggle menu
39
125
1
884
Wrench Defense
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

OPSEC: Difference between revisions

From Wrench Defense
More actions
← Older edit
No edit summary
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
=What's the first rule of Bitcoin?=
=What's the first rule of Bitcoin?=
[[File:batslap.png]]
[[File:batslap.png|thumb|upright 2.0]]


OPSEC (Operational Security) is a process of identifying, protecting, and controlling sensitive information to prevent adversaries from exploiting it. In the context of Bitcoin, OPSEC involves safeguarding private keys, seed phrases, and personal details to protect cryptocurrency assets from digital and physical threats, such as hacking, phishing, or $5 wrench attacks
== OPSEC ==
Operational Security (OPSEC) refers to the practices and strategies used to protect sensitive information and assets from adversaries, such as [[hackers]], scammers, or coercive entities. OpSec is the science of not getting rekt. Bitcoin’s pseudonymous and permissionless nature grants users unparalleled financial sovereignty, but it also places the full burden of security on individuals. Poor OPSEC can lead to theft, exposure, and [[$5 wrench attacks]], undermining Bitcoin’s promise of [[self-custody]].


The term is rooted in five steps:
== Core Principles ==
OPSEC is a disciplined, proactive approach to safeguarding Bitcoin private keys, seed phrases, and transaction privacy. The following principles guide this practice:


1. Identify sensitive information (e.g., private keys, wallet balances).
===1. Protect Private Keys and Seed Phrases===
*'''Self-Custody''': Hold Bitcoin in [[non-custodial]] wallets (e.g., hardware wallets like Trezor or ColdCard) rather than on exchanges or custodial services, which are vulnerable to hacks, freezes, and insolvency.


2. Analyze threats (e.g., hackers, social engineering).
*'''Secure Storage''': Seed phrases (12–24 words used to recover a wallet) must be stored offline, ideally on durable materials like metal plates, in multiple secure locations (e.g., safe deposit boxes or fireproof [[safes]]). Never store seed phrases digitally or in cloud services.


3. Assess vulnerabilities (e.g., public disclosure of wealth).
*'''Avoid Sharing''': Never disclose your stack, private keys or seed phrases, even to trusted individuals. Social engineering attacks, such as [[phishing]] or impersonation, exploit misplaced trust.


4. Evaluate risks (e.g., likelihood of a targeted attack).
*'''Physical Security''': Protect physical access to seed phrases and hardware wallets. Use tamper-evident seals and avoid storing sensitive materials in easily accessible or predictable [[locations]].


5. Implement countermeasures (e.g., anonymity, secure storage).
===2. Minimize Digital Footprints===


In Bitcoin, OPSEC bridges technical security (e.g., encryption) and personal behavior (e.g., discretion), making it a cornerstone of financial sovereignty.
*'''Use Secure Devices''': Run Bitcoin transactions on dedicated, offline, or [[air-gapped]] devices to avoid malware, keyloggers, or remote attacks. Avoid using public or shared computers.


*'''Privacy-Focused Software''': Use open-source, privacy-respecting operating systems ([[Tails OS]]) and Bitcoin wallets (Sparrow, Electrum) to reduce exposure to surveillance or data leaks.


Poor OPSEC can lead to:
*'''Avoid KYC''': Use non-KYC (Know Your Customer) methods for acquiring Bitcoin, such as peer-to-peer platforms (e.g., Bisq, Hodl Hodl) or Bitcoin ATMs, to prevent linking real-world identities to wallet addresses.


1. Digital Theft: Hackers exploiting weak passwords or phishing scams.
*'''VPNs and Tor''': Route internet traffic through Virtual Private Networks ([[VPNs]]) or the [[Tor]] network to obscure IP addresses and enhance transaction privacy.


2. Physical Threats: Attackers targeting users with significant holdings
===3. Enhance Transaction Privacy===
*'''Avoid Address Reuse''': Reusing Bitcoin addresses links transactions, compromising privacy. Use wallets that generate new addresses for each transaction via [[Hierarchical Deterministic]] protocols.


3. Privacy Loss: Blockchain analysis linking transactions to real-world identities.
*'''CoinJoin and Mixing''': Use CoinJoin (e.g., via Wasabi or Samourai Wallet) to obfuscate transaction trails by pooling inputs and outputs with other users. Both these wallets are likely compromised, so use [[JoinMarket]].


4. Irreversible Losses: Stolen Bitcoin cannot be recovered due to the blockchain’s immutability
*'''Lightning Network''': Conduct small, frequent transactions on Bitcoin’s [[Lightning Network]], a second-layer solution that offers faster, cheaper, and more private transactions compared to on-chain activity.


*'''Run a Full Node''': Operating a Bitcoin [[node|full node]] allows users to verify transactions independently, reducing reliance on third-party nodes that could track activity.


OPSEC Practices for Bitcoin Users
===4. Mitigate Social and Physical Threats===
*'''Low Profile''': Avoid publicizing Bitcoin holdings on social media, forums, or in person, as this attracts scammers, hackers, and physical threats (e.g., “wrench attacks” where attackers coerce victims into surrendering keys).


To implement effective OPSEC, Bitcoin users should adopt the following strategies:
*'''Plausible Deniability''': Use [[multi-signature]] wallets or [[decoy]] wallets with small balances to create plausible deniability in case of coercion. [[Shamir’s Secret Sharing]] can split seed phrases across multiple parties for added security.


1. Protect Sensitive Information Secure Private Keys and Seed Phrases: Store them in cold storage (yourwiki.com/cold-storage) (e.g., hardware wallets, paper wallets) and never share them digitally.
*'''Estate Planning''': Securely pass Bitcoin to heirs using [[dead man’s switches]], multi-sig setups, or trusted custodians, ensuring access without compromising OPSEC during one’s lifetime.


Use Secure Backups: Keep seed phrase copies in tamper-evident containers or safe deposit boxes, ideally in multiple locations.
===5. Stay Educated and Vigilant===
*'''Phishing Awareness''': Recognize and avoid phishing attempts, such as fake wallet apps, fraudulent emails, or spoofed websites. Always verify URLs and software sources. Learn [[PGP]]
*'''Test Backups''': Regularly test wallet recovery processes in a safe environment to ensure seed phrases and backups are functional.


Avoid Digital Exposure: Never store private keys or seed phrases in cloud services, email, or unencrypted devices.
===6. Get Wrench Defense===
[https://www.wrenchdefense.com duh]


2. Minimize Public Exposure Stay Pseudonymous: Use pseudonyms online and avoid linking Bitcoin addresses to real-world identities.
===Why OPSEC Matters===
Bitcoin is a revolutionary tool for financial sovereignty, but this freedom comes with responsibility. Unlike fiat systems, where banks or governments may offer recourse, Bitcoin transactions are irreversible, and lost funds are unrecoverable. OPSEC is thus a non-negotiable discipline to:


Limit Wealth Disclosure: Refrain from boasting about Bitcoin holdings on social media or public forums.
*'''Preserve Wealth''': Protect against theft or loss in a world where Bitcoin’s value is expected to grow significantly.


Use Privacy Tools: Employ Tor or VPNs when accessing wallets, and consider privacy-focused wallets like Wasabi for CoinJoin (yourwiki.com/coinjoin) transactions.
*'''Resist Censorship''': Ensure Bitcoin’s censorship-resistant properties are fully realized by preventing surveillance or seizure.


3. Enhance Digital Security Strong Passwords and 2FA: Use unique, complex passwords and two-factor authentication (yourwiki.com/two-factor-authentication) for exchanges or wallet apps.
*'''Uphold Ideology''': Demonstrate the viability of [[self-custody]], reinforcing Bitcoin’s ethos of decentralization and individual empowerment.


Dedicated Devices: Use a dedicated, offline device for signing transactions to avoid malware.
*'''Survive Adversity''': Safeguard assets in scenarios like authoritarian crackdowns, economic collapse, or personal targeting.


Regular Updates: Keep wallet software and devices updated to patch vulnerabilities.
OPSEC is the bedrock of financial [[sovereignty]], enabling users to harness Bitcoin’s potential as decentralized, censorship-resistant money. By protecting private keys, enhancing privacy, and mitigating threats, robust OPSEC ensures that individuals —not governments or corporations— control their wealth. While demanding vigilance and discipline, OPSEC aligns with Bitcoin’s core promise: empowering users to be their own bank in a trustless world.
 
4. Mitigate Physical Risks Discreet Lifestyle: Avoid flashy displays of wealth that could attract attackers.
 
Duress Protections: Use hardware wallets with duress PINs or decoy wallets to mislead attackers.
 
Geographic Distribution: Store keys or backups in multiple secure locations to reduce the impact of theft or coercion.
 
5. Educate Yourself Understand Threats: Learn about common attack vectors like phishing (yourwiki.com/phishing), social engineering (yourwiki.com/social-engineering), and blockchain analysis.
 
Stay Informed: Follow Bitcoin security blogs, forums, or X posts from credible sources to stay updated on new risks.
 
Practice Situational Awareness: Be mindful of who might overhear conversations or observe your activities in public.
 
Further Reading: Bitcoin Security Guide https://bitcoin.org/en/secure-your-wallet

Latest revision as of 05:00, 12 May 2025

What's the first rule of Bitcoin?

OPSEC

Operational Security (OPSEC) refers to the practices and strategies used to protect sensitive information and assets from adversaries, such as hackers, scammers, or coercive entities. OpSec is the science of not getting rekt. Bitcoin’s pseudonymous and permissionless nature grants users unparalleled financial sovereignty, but it also places the full burden of security on individuals. Poor OPSEC can lead to theft, exposure, and $5 wrench attacks, undermining Bitcoin’s promise of self-custody.

Core Principles

OPSEC is a disciplined, proactive approach to safeguarding Bitcoin private keys, seed phrases, and transaction privacy. The following principles guide this practice:

1. Protect Private Keys and Seed Phrases

  • Self-Custody: Hold Bitcoin in non-custodial wallets (e.g., hardware wallets like Trezor or ColdCard) rather than on exchanges or custodial services, which are vulnerable to hacks, freezes, and insolvency.
  • Secure Storage: Seed phrases (12–24 words used to recover a wallet) must be stored offline, ideally on durable materials like metal plates, in multiple secure locations (e.g., safe deposit boxes or fireproof safes). Never store seed phrases digitally or in cloud services.
  • Avoid Sharing: Never disclose your stack, private keys or seed phrases, even to trusted individuals. Social engineering attacks, such as phishing or impersonation, exploit misplaced trust.
  • Physical Security: Protect physical access to seed phrases and hardware wallets. Use tamper-evident seals and avoid storing sensitive materials in easily accessible or predictable locations.

2. Minimize Digital Footprints

  • Use Secure Devices: Run Bitcoin transactions on dedicated, offline, or air-gapped devices to avoid malware, keyloggers, or remote attacks. Avoid using public or shared computers.
  • Privacy-Focused Software: Use open-source, privacy-respecting operating systems (Tails OS) and Bitcoin wallets (Sparrow, Electrum) to reduce exposure to surveillance or data leaks.
  • Avoid KYC: Use non-KYC (Know Your Customer) methods for acquiring Bitcoin, such as peer-to-peer platforms (e.g., Bisq, Hodl Hodl) or Bitcoin ATMs, to prevent linking real-world identities to wallet addresses.
  • VPNs and Tor: Route internet traffic through Virtual Private Networks (VPNs) or the Tor network to obscure IP addresses and enhance transaction privacy.

3. Enhance Transaction Privacy

  • Avoid Address Reuse: Reusing Bitcoin addresses links transactions, compromising privacy. Use wallets that generate new addresses for each transaction via Hierarchical Deterministic protocols.
  • CoinJoin and Mixing: Use CoinJoin (e.g., via Wasabi or Samourai Wallet) to obfuscate transaction trails by pooling inputs and outputs with other users. Both these wallets are likely compromised, so use JoinMarket.
  • Lightning Network: Conduct small, frequent transactions on Bitcoin’s Lightning Network, a second-layer solution that offers faster, cheaper, and more private transactions compared to on-chain activity.
  • Run a Full Node: Operating a Bitcoin full node allows users to verify transactions independently, reducing reliance on third-party nodes that could track activity.

4. Mitigate Social and Physical Threats

  • Low Profile: Avoid publicizing Bitcoin holdings on social media, forums, or in person, as this attracts scammers, hackers, and physical threats (e.g., “wrench attacks” where attackers coerce victims into surrendering keys).
  • Plausible Deniability: Use multi-signature wallets or decoy wallets with small balances to create plausible deniability in case of coercion. Shamir’s Secret Sharing can split seed phrases across multiple parties for added security.
  • Estate Planning: Securely pass Bitcoin to heirs using dead man’s switches, multi-sig setups, or trusted custodians, ensuring access without compromising OPSEC during one’s lifetime.

5. Stay Educated and Vigilant

  • Phishing Awareness: Recognize and avoid phishing attempts, such as fake wallet apps, fraudulent emails, or spoofed websites. Always verify URLs and software sources. Learn PGP
  • Test Backups: Regularly test wallet recovery processes in a safe environment to ensure seed phrases and backups are functional.

6. Get Wrench Defense

duh

Why OPSEC Matters

Bitcoin is a revolutionary tool for financial sovereignty, but this freedom comes with responsibility. Unlike fiat systems, where banks or governments may offer recourse, Bitcoin transactions are irreversible, and lost funds are unrecoverable. OPSEC is thus a non-negotiable discipline to:

  • Preserve Wealth: Protect against theft or loss in a world where Bitcoin’s value is expected to grow significantly.
  • Resist Censorship: Ensure Bitcoin’s censorship-resistant properties are fully realized by preventing surveillance or seizure.
  • Uphold Ideology: Demonstrate the viability of self-custody, reinforcing Bitcoin’s ethos of decentralization and individual empowerment.
  • Survive Adversity: Safeguard assets in scenarios like authoritarian crackdowns, economic collapse, or personal targeting.

OPSEC is the bedrock of financial sovereignty, enabling users to harness Bitcoin’s potential as decentralized, censorship-resistant money. By protecting private keys, enhancing privacy, and mitigating threats, robust OPSEC ensures that individuals —not governments or corporations— control their wealth. While demanding vigilance and discipline, OPSEC aligns with Bitcoin’s core promise: empowering users to be their own bank in a trustless world.

Retrieved from "http://wiki.wrenchdefense.com/index.php?title=OPSEC&oldid=803"
Last modified
This page was last edited on 12 May 2025, at 05:00.