Comment by yard2010
4 months ago
It's a cold wallet which means it should never be connected to the internet, so not entirely online, but yes - these are the wild wild west times of the internet. Imagine how easy it was to go into a bank shoot some people and get out with money, and doing it like, daily? monthly? Today it's not possible.
Apparently there was a path from the internet to the wallet anyway, that's what it sounds like.
So it was a lukewarm wallet?
What supposedly happened is that malware was installed on every multisig key signer's device and then the hacker showed them all a fake transaction that looked legit but actually changed the smart contract of the cold wallet to give him access.