[AustinDev]

The idea is anyone who compromised my password manager would likely go for the wallet first since it's as good as cold hard cash. Using the private keys and other secrets stored in my manager would take much more time for an attacker to exact meaningful value.

I would expect the BTC to be moved first and foremost which would hopefully give me enough time to mitigate any other damage that could be caused by the content of my password manager being exposed.

[ziddoap]

I think they would be more likely to copy all of the data first, in an effort to avoid detection methods like this, then make their move compromising everything in near parallel. At least that is how I would do it.

[ethbr1]

Would the average attacker, though?

It's a question about not touching an easy $15k, in exchange for a chance at a bigger score.

I'd assume most attackers wouldn't be able to resist securing the low hanging fruit first.

And even if there's a parallel move, it's even less likely they would leverage everything but the $15k, so OP would still receive a realtime indicator of compromise.

From a game theory perspective, it's a pretty compelling trap for OP to get what they want.

[artdigital]

What is “the average attacker”? If someone is compromising your entire password manager then that’s far from average and sophisticated

If OP is part of a bigger breach, those data dumps will almost certainly get analyzed automatically and multiple wallets swept at once. Passwords to interesting stuff likely aggregated and then tried. It’s not some script kiddy that browses through the vault 1by1

[ethbr1]

But OP's point is which will happen first in a breach?

(a) Trivially accessible Bitcoin is stolen or (b) passwords are used to ferret items/info of value out of additional individual sites

For OP's plan to fail, someone has to leave $15k laying on the table, in plain sight and for the taking, while they plan their subsequent moves. Which is why the amount matters.

[drusepth]

Speaking of game theory, there is probably a much lower number that achieves the same goal, though.

Your average attacker might be equally motivated to go for $20k, or $10k, or $5k. $1k, maybe not. $100, probably not. $1, almost certainly not.

There's an interesting game to play in minimizing the cost at no hit to efficiency.

[AustinDev]

I don't play the minimization game. In 2014 when I started this strategy 0.5 BTC was like 100 bucks. Now that it's 15,000 bucks doesn't make a damn bit of difference. If they spent the time to figure out what the rest of the credentials were worth and exploited them to the maximum extent, they'd be walk away a multi-millionaire. However.... 15k in a plaintext wallet is an easy score and I argue that the vast majority of people who could compromise my password manager would take that in a heartbeat.

[gerdesj]

I personally agree with your thinking.

An intruder will rifle through the top drawers and go for the obvious stuff and let's face it half a BTC is a bit of a shiner. You seem to be able to afford to lose it, given that its loss will trigger the shutters coming down and hopefully allow you to secure the rest of your stuff.

I get that and hopefully that is close to the last resort in your defence in depth approach to security.