Comment by m3kw9
20 hours ago
They should only use a computer that is air gapped to go online only when signing something. This is an op sec failure to not have this procedure
20 hours ago
They should only use a computer that is air gapped to go online only when signing something. This is an op sec failure to not have this procedure
Why should it go online at all? $1.5 billion buys a lot of plane tickets to the same physical place, and how frequently do they need to be accessing the whole lump, anyway?
For that matter, I know signatures are long and human-unfriendly, but isn’t it on the order of a couple hundred bytes? Surely $1.5 billion buys transcribing the putative signature request into an isolated machine in a known state, validating/interpreting/displaying the request’s meaning on that offline machine, performing your signing there offline, copying down the result, and carrying the attestation to your secret conclave lair to combine with the others’ or whatever?
What you should do is sign the transaction on an offline computer (which is booted from a linux OS on a flash drive with only the essential software), simulate the transaction to verify it does what you expect, and then save the signed transaction to a flash drive. Then you can submit your transaction on a connected computer with confidence that you didn't sign your tokens away to someone else.
That’s precisely what happened in this attack.
They were attacked when they went online
No, the computers were pre infected. If they used airgapped systems only to sign there would be almost no vector to from other than some major zero click zero day stuff, in that case everyone is screwed