$2B lost in Q1 with multi-sig and access controls continuing to dominate the narrative, for now. 

Multi-sig best practices from Hacken.io: 

* Human Readable Signatures - adopt EIP-712 typed data signatures

* Hardware Wallets - use wallets that can display and verify EIP-712 messages

* Minimize Contract Logic - use purpose-built multi-sig contracts with minimal code supporting only essential operations (e.g., native and ERC-20 transfers) and avoid unnecessary features like generic delegate calls.  

* Off-chain Security Perimeter - web interfaces, SDKs, and other tools used to interact with multi-sigs should be part of the security perimeter. Implement safeguards such as JavaScript pinning and integrity checks. 

* Establish Policy and Monitoring - on-chain logic with off-chain internal controls, anomaly detection, monitor signer activity, along with reoccurring signer education and review.   

Q1 Security Report -

$2B lost in Q1 with multi-sig and access controls continuing to dominate the narrative, for now. 

Multi-sig best practices from Hacken.io: 

* Human Readable Signatures - adopt EIP-712 typed data signatures

* Hardware Wallets - use wallets that can display and verify EIP-712 messages

* Minimize Contract Logic - use purpose-built multi-sig contracts with minimal code supporting only essential operations (e.g., native and ERC-20 transfers) and avoid unnecessary features like generic delegate calls.  

* Off-chain Security Perimeter - web interfaces, SDKs, and other tools used to interact with multi-sigs should be part of the security perimeter. Implement safeguards such as JavaScript pinning and integrity checks. 

* Establish Policy and Monitoring - on-chain logic with off-chain internal controls, anomaly detection, monitor signer activity, along with reoccurring signer education and review.   

Q1 Security Report - https://hacken.io/insights/q1-2025-security-report/