| Owner SPOF — 2FA reset / device 재등록 / Owner transfer 모두 Fireblocks Support 영상 통화 필수 (Console 불가) | vendors/fireblocks/risks.md | owner_recovery_events append-only log + multi-admin escalation procedure |
| Recovery passphrase loss — 사용자가 passphrase 분실 시 cloud backup 해독 불가 | recovery-passphrase.md | Periodic verification (월 1회, Owner/Admin/Signer) + 3-fail lockout. DB 에는 passphrase 자체 저장 안 함 |
| API credential exposure — API key 또는 CSR private key 노출 시 자동 서명 | vendors/fireblocks/risks.md | IP allowlist (/32) + immediate revoke + audit log |
| Mobile device 분실 — Primary MPC key share 손실 | vendors/fireblocks/mobile-app.md | Re-enroll device (2-day window × 2단계) + recovery from cloud backup |
| SPOC at DR — Disaster Recovery 절차가 online machine 에서 실행되면 private key "considered exposed and compromised" | architecture.md Stage 8 DR § | DR Recovery Utility 는 offline-only — 4 secrets 모두 air-gapped 환경에서만 사용 |
| Co-signer compromise — Customer 측 key share 가 compromise 되어도 Fireblocks 의 safeguards 가 작동 | mpc.md Stage 8 (★) | "Safeguards in case keys owned by customers are compromised" — Policy enforcement (tx amount threshold, destination integrity) |
| EVM nonce 충돌 — 동시 withdrawal 시 nonce gap → tx stuck | account-and-wallet-structure.md | Multiple withdrawal vault round-robin + nonce 직렬화 (vault account 단위) |
| Bitcoin 25-chain limit — unconfirmed input chain 이 25 개 도달 시 추가 tx 차단 | account-and-wallet-structure.md | Multiple withdrawal vault + 사전 confirmation 대기 |
| BCM dependency — Hosted MPC customer 만 BCM 자격 — SaaS-only 는 BCM 불가 | business-continuity-module-bcm.md Stage 8 | SaaS customer 는 mobile + 2 Fireblocks share 의 가용성에 의존 |
| Incoming rejected freeze — Incoming tx rejected 시 자산이 Admin unfreeze 까지 lock | primary-transaction-statuses.md, p.8 | Admin escalation path + unfreeze audit |