Comment by fc417fc802

8 months ago

> the signers failed to verify what they were signing on air-gapped devices

This is the part that really surprises me given the amount of money involved.

But they didn't know the amount because the UI showed them a different value, so if it's for 50ETH and you regular sign tx for 100-200ETH you may be a little less thorough.

  • If the setup you are using has the ability to perform large transactions then you must verify all transactions regardless of size as though they are large.

    It's a security domain issue. A highly secure system involves highly secure controls. Bypassing those controls for lower risk activities will typically reduce the security of the entire system. You need an entirely independent low or medium risk system.

    The software development practices of banks are probably a good example here.