EthFinance

What a crafty hack. Pyongyang is now on par with Dubai, New York, and Zug for being a hotspot of crypto innovation.

If draining a multisig cold wallet managed by a competent professional team is now in the realm of possibilities, how can we expect corporates and normies to embrace the tech (let alone self-custody) without strong layer-0 guarantees and insurance?

And if we do implement those, how is it not just TardFi and the FDIC with extra steps?

Aviator, diver, Etherean, nexialist, PhD in aviation ∩ climate science | Host of /diving /ethfinance /eth-staker /geopolitics /science /singapore /thomas

IDK about a detailed formal PDF yet, but Bybit has explained that their multisig signatories had been hit with malware used to obfuscate the real transaction, which tampered with their smart contract

This is an S-tier supply chain attack

But also this suggests an upgradable smart contract, which sounds unnecessarily risky to me for a cold wallet. So I’d also want to know more