Assess Your Threat Model
The right security setup depends on your situation. Under-securing significant holdings is dangerous. Over-complicating small amounts creates unnecessary friction and risk of self-lockout.
This guide helps you match your security to your actual needs.
What is a Threat Model?β
A threat model asks three questions:
- What am I protecting? (How much Bitcoin? How important is privacy?)
- Who am I protecting it from? (Random hackers? Targeted attackers? Governments?)
- What am I willing to do? (Time, cost, complexity tolerance)
Your answers determine the right security approach.
The Threat Spectrumβ
π’ Level 1: Opportunistic Threatsβ
Who: Random hackers, phishing attacks, malware, exchange hacks
Characteristics:
- Not targeting you specifically
- Looking for easy victims
- Will move on if you're not an easy target
Protected by:
- Hardware wallet (any reputable brand)
- Basic operational security (don't share seed)
- Not storing Bitcoin on exchanges
Recommended setup: Hardware wallet + proper backup
π‘ Level 2: Targeted Digital Threatsβ
Who: Sophisticated hackers who know you hold Bitcoin, SIM swappers, social engineers
Characteristics:
- Know you specifically hold Bitcoin
- Willing to invest time in attacking you
- May use social engineering, SIM swapping, or targeted malware
Protected by:
- Hardware wallet with passphrase
- Running your own node
- Enhanced operational security
- Not publicly discussing holdings
Recommended setup: Hardware wallet + passphrase + own node + UTXO management
π Level 3: Physical Threatsβ
Who: Criminals who know you hold Bitcoin, home invaders, $5 wrench attackers
Characteristics:
- Willing to use physical force or threats
- May target your home or family
- "Give me your seed or else"
Protected by:
- Multisig (no single point of compromise)
- Geographic distribution of keys
- Duress wallets / plausible deniability
- Not publicly associating with Bitcoin
- Physical security measures
Recommended setup: Multisig + geographic distribution + operational security
π΄ Level 4: State-Level Threatsβ
Who: Governments, law enforcement with legal authority, intelligence agencies
Characteristics:
- Can compel disclosure through legal means
- Vast surveillance resources
- May seize devices physically
Protected by:
- Maximum operational security
- Jurisdictional diversification
- Extreme privacy measures
- This is beyond most people's needs
Recommended setup: Beyond this guide's scopeβseek specialized counsel
Assessment Questionsβ
Answer honestly to determine your level:
Question 1: How much are you protecting?β
| Amount | Implication |
|---|---|
| Under $1,000 | Software wallet may be acceptable |
| $1,000 - $10,000 | Hardware wallet recommended |
| $10,000 - $100,000 | Hardware wallet required, passphrase recommended |
| $100,000 - $1M | Multisig strongly recommended |
| Over $1M | Multisig required, professional security review |
Note: Think in terms of future value too. A small stack today might be significant in 10 years.
Question 2: Does anyone know you hold Bitcoin?β
| Situation | Risk Level |
|---|---|
| No one knows | Lower risk |
| Close friends/family know | Moderate risk |
| Publicly known (social media, work) | Higher risk |
| Public figure / large following | Significant risk |
The more people know, the larger your potential attacker pool.
Question 3: Are you in a hostile jurisdiction?β
| Situation | Consideration |
|---|---|
| Stable democracy with property rights | Standard security usually sufficient |
| Country with capital controls | Privacy becomes more important |
| Authoritarian regime | Maximum operational security |
| Active conflict / instability | Geographic distribution critical |
Question 4: What's your technical comfort?β
| Level | Realistic Setup |
|---|---|
| Non-technical | Hardware wallet, guided setup, possibly collaborative custody |
| Somewhat technical | Hardware wallet, passphrase, can run a node |
| Very technical | DIY seed, multisig, air-gapped setups, custom infrastructure |
Don't implement security you don't understand. Complexity you can't manage is a risk.
Recommended Setups by Profileβ
Profile A: Casual Holderβ
Situation: Small amount, learning about Bitcoin, not publicly associated
Recommended setup:
- β Hardware wallet (Trezor, Ledger, or similar)
- β Proper seed backup (paper or metal)
- β Tested backup recovery
- β¬ Passphrase (optional)
- β¬ Own node (nice to have)
Estimated cost: $70-150 Complexity: Low
Profile B: Serious Holderβ
Situation: Meaningful savings, some people know you're into Bitcoin, privacy-conscious
Recommended setup:
- β Hardware wallet (Bitcoin-only device recommended)
- β Metal seed backup
- β Passphrase
- β Own Bitcoin node
- β UTXO management / coin control
- β¬ CoinJoin for privacy (optional)
Estimated cost: $200-400 Complexity: Medium
Profile C: High-Value Holderβ
Situation: Significant holdings, publicly known to hold Bitcoin, concerned about targeted attacks
Recommended setup:
- β Multisig (2-of-3 minimum)
- β Hardware wallets from different manufacturers
- β Geographic distribution of keys
- β Metal seed backups in separate locations
- β Own Bitcoin node with Tor
- β Strict operational security
- β CoinJoin / privacy measures
Estimated cost: $500-1000+ Complexity: High
Profile D: Maximum Securityβ
Situation: Very large holdings, public figure, hostile jurisdiction concerns
Recommended setup:
- β Multisig (3-of-5)
- β Air-gapped signing devices
- β Open-source firmware (Libreboot/Coreboot)
- β Multiple geographic jurisdictions
- β Professional security audit
- β Legal/estate planning
- β Consider collaborative custody for part of holdings
Estimated cost: $2000+ plus professional services Complexity: Very High
Common Mistakesβ
Over-Engineering for Small Amountsβ
Mistake: Setting up 3-of-5 multisig across 3 countries for $500 of Bitcoin.
Problem: The complexity creates more ways to fail than the threats you're protecting against.
Better: Start simple. Upgrade security as holdings grow.
Under-Engineering for Large Amountsβ
Mistake: $500,000 on a single hardware wallet with seed backup in your desk drawer.
Problem: Single point of failure for life-changing money.
Better: Multisig with geographic distribution.
Security Theaterβ
Mistake: Obsessing over Faraday cages and exotic hardware while your seed is saved in iCloud.
Problem: Focusing on exotic threats while ignoring basic ones.
Better: Master fundamentals before advanced techniques.
Complexity Beyond Competenceβ
Mistake: Implementing multisig without fully understanding how to recover it.
Problem: You might lock yourself out.
Better: Only use security you can confidently manage.
Upgrading Over Timeβ
Your threat model isn't fixed. Reassess when:
- Your holdings significantly increase
- Your public profile changes (more exposure)
- Your jurisdiction situation changes
- You become more technically capable
- After any security incident or close call
The path:
- Start with a hardware wallet
- Add passphrase when comfortable
- Run your own node
- Consider multisig for significant holdings
- Add privacy measures as needed
Your Action Itemsβ
Based on your assessment:
- Identify your profile (A, B, C, or D above)
- Audit your current setup against the recommendations
- Make a plan to close any gaps
- Implement changes one at a time, testing each
- Reassess periodically as your situation evolves
Next Stepsβ
Based on your threat model:
Need a hardware wallet? β Hardware Wallet Setup Guide
Ready for passphrase security? β DIY Passphrase Guide
Want to run your own node? β Bitcoin Node Setup
Need multisig? β Multisig Setup Guide
Concerned about privacy? β Why Privacy Matters