@jchow
$2B lost in Q1 with multi-sig and access controls continuing to dominate the narrative, for now.
Multi-sig best practices from Hacken.io:
* Human Readable Signatures - adopt EIP-712 typed data signatures
* Hardware Wallets - use wallets that can display and verify EIP-712 messages
* Minimize Contract Logic - use purpose-built multi-sig contracts with minimal code supporting only essential operations (e.g., native and ERC-20 transfers) and avoid unnecessary features like generic delegate calls.
* Off-chain Security Perimeter - web interfaces, SDKs, and other tools used to interact with multi-sigs should be part of the security perimeter. Implement safeguards such as JavaScript pinning and integrity checks.
* Establish Policy and Monitoring - on-chain logic with off-chain internal controls, anomaly detection, monitor signer activity, along with reoccurring signer education and review.
Q1 Security Report - https://hacken.io/insights/q1-2025-security-report/
0 reply
0 recast
0 reaction