Skip to content
Logo

Defensive Design Principles

Security SpecialistOperations & Strategy

Authored by:

Jonathan Riss
Jonathan Riss
CertiK

Key Takeaway: Five principles anchor wrench-attack defense: minimization limits what any coerced individual can authorize; compartmentalization segments keys and roles; controlled surrender offers a believable low-value payout while real reserves sit behind visible delay; resilience enables recovery; prioritization always favors human safety over assets.

These principles guide all subsequent controls, ensuring wallet architectures and operational processes withstand coercion without relying solely on the victim's resistance under extreme pressure.

Minimization

  • Minimize the value and impact of what any single coerced individual can authorize during a time-constrained attack window.
  • Design wallet tiers and signing limits so that even full compliance yields only low-to-moderate losses, forcing attackers to sustain operations longer and increasing their detection risk.

Compartmentalization

  • Segment keys, identities, devices, locations, and roles to prevent compromise of one element from cascading across the entire stack.
  • Separate hot wallets for daily ops from cold storage for long-term holdings, and distribute signer responsibilities across jurisdictions, risk profiles, and access methods.

Controlled surrender

  • Offer attackers a small, believable payout they can take immediately, such as a low-value wallet with balances matching the victim's public profile.
  • Keep strategic reserves behind time-locks and multi-party approval whose delay is visible and cannot be shortened under coercion.
  • Wire duress wallets to fund-movement alerts that notify trusted contacts silently, enabling distress signaling without any call or text from the victim.

Resilience

  • Design for post-incident recovery without single points of failure.
  • Protect human factors: avoid blame cycles, control information flows to prevent secondary leaks or attrition.
  • Maintain operational continuity through distributed knowledge and pre-tested reconstruction.

Prioritization

  • Sequence all controls to favor human safety over assets during active threats.
  • No policy should incentivize physical resistance; wallet rules yield immediately to safety triggers.
  • Integrate with physical security, crisis management, and law enforcement protocols.