Comment by qqqult
18 hours ago
They did.
This was a multisig - meaning M out of N signatures from different signing devices were needed to sign a transaction. The attacker infected enough signer devices to go unnoticed and the signers failed to verify what they were signing on air-gapped devices
> the signers failed to verify what they were signing on air-gapped devices
This is the part that really surprises me given the amount of money involved.
But they didn't know the amount because the UI showed them a different value, so if it's for 50ETH and you regular sign tx for 100-200ETH you may be a little less thorough.
If the setup you are using has the ability to perform large transactions then you must verify all transactions regardless of size as though they are large.
It's a security domain issue. A highly secure system involves highly secure controls. Bypassing those controls for lower risk activities will typically reduce the security of the entire system. You need an entirely independent low or medium risk system.
The software development practices of banks are probably a good example here.