More actions
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
*'''Physical Security''': Protect physical access to seed phrases and hardware wallets. Use tamper-evident seals and avoid storing sensitive materials in easily accessible or predictable locations. | *'''Physical Security''': Protect physical access to seed phrases and hardware wallets. Use tamper-evident seals and avoid storing sensitive materials in easily accessible or predictable locations. | ||
2. Minimize Digital Footprints | ===2. Minimize Digital Footprints=== | ||
Use Secure Devices: Run Bitcoin transactions on dedicated, offline, or air-gapped devices to avoid malware, keyloggers, or remote attacks. Avoid using public or shared computers. | Use Secure Devices: Run Bitcoin transactions on dedicated, offline, or air-gapped devices to avoid malware, keyloggers, or remote attacks. Avoid using public or shared computers. | ||
| Line 26: | Line 26: | ||
VPNs and Tor: Route internet traffic through Virtual Private Networks (VPNs) or the Tor network to obscure IP addresses and enhance transaction privacy. | VPNs and Tor: Route internet traffic through Virtual Private Networks (VPNs) or the Tor network to obscure IP addresses and enhance transaction privacy. | ||
3. Enhance Transaction Privacy | ===3. Enhance Transaction Privacy=== | ||
Avoid Address Reuse: Reusing Bitcoin addresses links transactions, compromising privacy. Use wallets that generate new addresses for each transaction via Hierarchical Deterministic (HD) protocols. | Avoid Address Reuse: Reusing Bitcoin addresses links transactions, compromising privacy. Use wallets that generate new addresses for each transaction via Hierarchical Deterministic (HD) protocols. | ||
| Line 35: | Line 35: | ||
Run a Full Node: Operating a Bitcoin full node allows users to verify transactions independently, reducing reliance on third-party nodes that could track activity. | Run a Full Node: Operating a Bitcoin full node allows users to verify transactions independently, reducing reliance on third-party nodes that could track activity. | ||
4. Mitigate Social and Physical Threats | ===4. Mitigate Social and Physical Threats=== | ||
Low Profile: Avoid publicizing Bitcoin holdings on social media, forums, or in person, as this attracts scammers, hackers, or physical threats (e.g., “wrench attacks” where attackers coerce victims into surrendering keys). | Low Profile: Avoid publicizing Bitcoin holdings on social media, forums, or in person, as this attracts scammers, hackers, or physical threats (e.g., “wrench attacks” where attackers coerce victims into surrendering keys). | ||
| Line 42: | Line 42: | ||
Estate Planning: Securely pass Bitcoin to heirs using dead man’s switches, multi-sig setups, or trusted custodians, ensuring access without compromising OPSEC during one’s lifetime. | Estate Planning: Securely pass Bitcoin to heirs using dead man’s switches, multi-sig setups, or trusted custodians, ensuring access without compromising OPSEC during one’s lifetime. | ||
5. Stay Educated and Vigilant | ===5. Stay Educated and Vigilant=== | ||
Phishing Awareness: Recognize and avoid phishing attempts, such as fake wallet apps, fraudulent emails, or spoofed websites. Always verify URLs and software sources. | Phishing Awareness: Recognize and avoid phishing attempts, such as fake wallet apps, fraudulent emails, or spoofed websites. Always verify URLs and software sources. | ||
Revision as of 07:54, 10 May 2025
What's the first rule of Bitcoin?
OPSEC
Operational Security (OPSEC) refers to the practices and strategies used to protect sensitive information and assets from adversaries, such as hackers, scammers, or coercive entities. Bitcoin’s pseudonymous and permissionless nature grants users unparalleled financial sovereignty, but it also places the full burden of security on individuals. Poor OPSEC can lead to theft, exposure, and $5 wrench attacks, undermining Bitcoin’s promise of self-custody.
Core Principles
OPSEC as a disciplined, proactive approach to safeguarding Bitcoin private keys, seed phrases, and transaction privacy. The following principles guide this practice:
1. Protect Private Keys and Seed Phrases
- Self-Custody: Hold Bitcoin in non-custodial wallets (e.g., hardware wallets like Trezor or ColdCard) rather than on exchanges or custodial services, which are vulnerable to hacks, freezes, and insolvency.
- Secure Storage: Seed phrases (12–24 words used to recover a wallet) must be stored offline, ideally on durable materials like metal plates, in multiple secure locations (e.g., safe deposit boxes or fireproof safes). Never store seed phrases digitally or in cloud services.
- Avoid Sharing: Never disclose private keys or seed phrases, even to trusted individuals. Social engineering attacks, such as phishing or impersonation, exploit misplaced trust.
- Physical Security: Protect physical access to seed phrases and hardware wallets. Use tamper-evident seals and avoid storing sensitive materials in easily accessible or predictable locations.
2. Minimize Digital Footprints
Use Secure Devices: Run Bitcoin transactions on dedicated, offline, or air-gapped devices to avoid malware, keyloggers, or remote attacks. Avoid using public or shared computers.
Privacy-Focused Software: Use open-source, privacy-respecting operating systems (e.g., Tails OS) and Bitcoin wallets (e.g., Sparrow, Electrum) to reduce exposure to surveillance or data leaks.
Avoid KYC: Maximalists prefer non-KYC (Know Your Customer) methods for acquiring Bitcoin, such as peer-to-peer platforms (e.g., Bisq, Hodl Hodl) or Bitcoin ATMs, to prevent linking real-world identities to wallet addresses.
VPNs and Tor: Route internet traffic through Virtual Private Networks (VPNs) or the Tor network to obscure IP addresses and enhance transaction privacy.
3. Enhance Transaction Privacy
Avoid Address Reuse: Reusing Bitcoin addresses links transactions, compromising privacy. Use wallets that generate new addresses for each transaction via Hierarchical Deterministic (HD) protocols.
CoinJoin and Mixing: Use CoinJoin (e.g., via Wasabi or Samourai Wallet) to obfuscate transaction trails by pooling inputs and outputs with other users. Maximalists view this as essential to counter blockchain analysis by governments or corporations.
Lightning Network: Conduct small, frequent transactions on Bitcoin’s Lightning Network, a second-layer solution that offers faster, cheaper, and more private transactions compared to on-chain activity.
Run a Full Node: Operating a Bitcoin full node allows users to verify transactions independently, reducing reliance on third-party nodes that could track activity.
4. Mitigate Social and Physical Threats
Low Profile: Avoid publicizing Bitcoin holdings on social media, forums, or in person, as this attracts scammers, hackers, or physical threats (e.g., “wrench attacks” where attackers coerce victims into surrendering keys).
Plausible Deniability: Use multi-signature wallets or decoy wallets with small balances to create plausible deniability in case of coercion. Shamir’s Secret Sharing can split seed phrases across multiple parties for added security.
Estate Planning: Securely pass Bitcoin to heirs using dead man’s switches, multi-sig setups, or trusted custodians, ensuring access without compromising OPSEC during one’s lifetime.
5. Stay Educated and Vigilant
Phishing Awareness: Recognize and avoid phishing attempts, such as fake wallet apps, fraudulent emails, or spoofed websites. Always verify URLs and software sources.
Update Practices: Stay informed about evolving threats, such as new malware or regulatory changes, and adapt OPSEC accordingly.
Test Backups: Regularly test wallet recovery processes in a safe environment to ensure seed phrases and backups are functional.