[chizhik-pyzhik]

In a multisig interaction there are 3 ways to get hacked:

- The multisig smart contract is owned

- The computer you're signing on is owned

- The hardware wallet (ledger, trezor) you're using is owned

The multisig contract in question here (Gnosis Safe) has shown to be incredibly robust, and hardware wallets are very difficult to attack, so the current weak point is the computer.

Cryptocurrency companies need to start solving this by moving to a more locked-down, dedicated machine for signing, as well as actually verifying what is shown on the tiny hardware wallet screen instead of blindly clicking "yes".

[paulpauper]

I think this shows that the best option or protection is to just send many small transactions, never a big one. Define some max tolerance for loss and then send that. This is the advantage of XRP. instant and very cheap TX. You can just automate many small transactions. If something goes wrong, then you can overhaul everything before losing all your $.

[m3kw9]

They should only use a computer that is air gapped to go online only when signing something. This is an op sec failure to not have this procedure

[alwa]

Why should it go online at all? $1.5 billion buys a lot of plane tickets to the same physical place, and how frequently do they need to be accessing the whole lump, anyway?

For that matter, I know signatures are long and human-unfriendly, but isn’t it on the order of a couple hundred bytes? Surely $1.5 billion buys transcribing the putative signature request into an isolated machine in a known state, validating/interpreting/displaying the request’s meaning on that offline machine, performing your signing there offline, copying down the result, and carrying the attestation to your secret conclave lair to combine with the others’ or whatever?

[greg7mdp]

What you should do is sign the transaction on an offline computer (which is booted from a linux OS on a flash drive with only the essential software), simulate the transaction to verify it does what you expect, and then save the signed transaction to a flash drive. Then you can submit your transaction on a connected computer with confidence that you didn't sign your tokens away to someone else.

[catlikesshrimp]

But flashdrives can be tampered with. What about a live cd / dvd / bluray? You would need to compromise the BIOS / UEFI to affect the OS.

(No, I won't suggest carrying the BIOS chip around)

[tremarley]

That’s precisely what happened in this attack.

They were attacked when they went online

[m3kw9]

No, the computers were pre infected. If they used airgapped systems only to sign there would be almost no vector to from other than some major zero click zero day stuff, in that case everyone is screwed

[wslh]

The missing part is that you cannot apply the same procedure to 1 ETH as you would to 1k ETH, regardless of the technology being used.

[FabHK]

Or, you know, employ technology that allows for mistakes to be fixed.