Comment by wslh
4 months ago
The concept of strong safeties was not in place. Safeties refer to layers that go beyond common trust mechanisms. In this case, signing a transaction of that magnitude solely based on multi-signature approval was completely insufficient. There should have been additional safeguards, such as special approvals and extra verification steps, specifically designed for transactions within that amount range.
Indeed. As in, the organization should only sign such transactions when all signers are present in person in a secure location and they follow a procedure witnessed by independent auditors. “Work from home” when you control billion in value does not cut it.
They didn't sign a transaction for 1 billion dollars. They all signed what they thought was a routine transfer, but in reality what they signed gave the hacker full control of the smart contract (the Gnosis Safe) in which the 1.4B $ of tokens were stored. The hackers, having gained control of the smart contract, proceeded to empty it of funds.
Safeties applies as well, it is not the same to have a Gnosis smart contract with 1k, 1m, or 1b. They should change the smart contract to add extra steps in these circumstances, this includes Safe itself.