Key Compromises (KEC)

Losing access to critical system components.

Validator Key Custody Risk

ID	Risk Group	Risk Vectors	Risk Vector Description
KEC1	Infrastructure	Failure to use vault system	No audit trail and controlled access to secrets
KEC2	People	Stolen / Lost Signing Keys (malicious internal employee)	Malicious employee deletes or steals the signing keys
KEC3	People	Stolen / Lost Signing Keys (malicious internal employee)	Malicious employee gets access to the unencrypted signing keys
KEC4	People	Stolen / Lost Signing Keys (External Hacker)	Malicious external hacker deletes signing keys
KEC5	People	Stolen / Lost Signing Keys (External Hacker)	Stealing the signing key from the unencrypted memory of the Web3Signer, even if keys are encrypted at rest in a vault
KEC6	Process	Loss of Signing Keys (Operational Failure)	Signing keys are lost in an operational process
KEC7	Process	Privilege escalation mechanisms not prevented	Someone with access to one service/node can increase their privileges and do more harm on further nodes.
KEC8	Infrastructure	Failure to protect infrastructure against physical access	Someone who gains physical access to a server can have access to locally exposed ports and can access the software API

Withdrawal Key Custody Risk

ID	Risk Group	Risk Vectors	Risk Vector Description
KEC9	Process	Loss of Withdrawal Keys (Operational Failure)	Loss of Withdrawal Keys (Operational Failure)
KEC10	People	Stolen Withdrawal Keys (Internal Employee)	Stolen Withdrawal Keys (Internal Employee)
KEC11	People	Stolen Withdrawal Keys (External Hacker)	Stolen Withdrawal Keys (External Hacker)