Sure, I never said anything against offline root cert authorities. But did you do it literally exactly how this guy was saying to do it with a laptop that you load via CD-ROM for a signing key that’s being used for active transactions?
It’s as if one of the things your root certificate authority signed got compromised. It doesn’t help that your root key is safe if attackers still managed to impersonate you before you revoked that cert.
> privileged private key to sign off on how much USR could be created. Unfortunately, the smart contract itself did not enforce any maximum limit on minting – it only checked that a valid signature existed.
The offline idea simply doesn’t work because this particular key has to be online
Yeah. Sorry to say, but if you’re going to run a crypto company, and it’s even moderately successful, people are going to try to steal the key. Either you are extremely paranoid, or you’re going to lose a bunch of money, for yourselves or your investors.
Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it.