Threat Modeling Basics
Threat modeling starts with identifying assets, adversaries, and potential attack surfaces before selecting controls.
Bitcoin custody introduces unique risks: key theft, phishing, supply-chain attacks, and physical coercion.
Personas include malicious insiders, opportunistic thieves, and motivated nation-state actors with advanced capabilities.
Documenting assumptions helps prioritize mitigations that fit budget, team size, and operational tempo.
Regular reviews keep the model updated as business processes, software, and attacker tactics evolve.
Visualization of Threat Modeling Basics with timelines and arrows.
Hands-on lab
Open the wallet generator, review fee consoles, or pull descriptors without leaving the portal.
All exercises run client-side so you can explore freely—no sign-in or database needed.
Examples
- A small fund identifies its hot wallet as the highest-risk asset and applies spending limits with alerts.
- A family custody plan considers social engineering risks and requires verbal check-ins before approvals.
Glossary
- Threat Model: A structured representation of what you are defending, from whom, and how.
- Attack Surface: All the points where an attacker could try to enter or extract data from a system.
- Adversary: An entity with intent and capability to cause harm or loss.
Key Takeaways
- Clarity about assets and adversaries guides efficient control selection.
- Threat models must evolve with products, teams, and attacker techniques.
- Mitigations should be prioritized based on impact and feasibility.