This list of security incidents was created to get your attention and point you to security resources.

These will be your primary security concerns:

  1. Protect key material. Your servers will be accessed.
  2. Be defensive against application vulnerability. You will have bugs.
  3. Protect all authentication to your cloud infrastructure (2Fac, Strong + Unique Passwords). Your employees will re-use passwords and bad guys will get them.
  4. Limit the exposure of funds with cold storage, HSMs, and Multi-Signature transactions. This is because intrusions will happen anyway.
  5. Design for collusion whenever possible for sensitive or high value operations. Don’t allow a lone insider too much influence.

If this seems intimidating, here’s some further advice!

Bitcoin Specific Advice

These are practices that are unique to blockchain companies.

  • Cold Storage can reduce the impact of a security breach from 100% to a configurable percentage. After this, reduce your risk of a large hot wallet even further with cryptographic hardware or multisignature transactions.
  • After reducing the amount of funds you’d store in a “Hot Wallet”, use multisignature transactions to secure a hot wallet even further.
  • Use an HSM that will protect key material and make it extremely hard to make a transaction that cannot be audited. It will also defend greatly against insider threats.

General Security

These are practices that are common at any company, not just a blockchain company.


This started as bitcoin_breaches.txt on my laptop and figured it would pair well with Starting Up Security for the BTC / ETH community. A much more broad list exists here at bitcointalk that includes scams and fraud.

Feel free to suggest additions to the graveyard or advice section in pull requests.