The WazirX $230m hack was executed via upgrading their Safe multisig to a malicious contract, then draining the funds.

Companies should seriously consider using a more restricted interface than Safe to protect against this. Casa's implementation of Safe is highly restricted for this reason.

Most treasury operations are very simple. You need to send or receive money. You need to replace a signer or a lost key. That's it for normal operations.

Most people don't have the knowledge to verify whether a random signature request is malicious. If they have the knowledge, they often don't have the time, especially if they are signing transactions frequently.

Don't put your signers in a position where they have to be vigilant about malicious transactions. Just use a product that puts guardrails in place for you, so you don't have to worry about it - you just run your business.

We're newer in the ETH community - what am I missing? How can Casa better serve businesses managing a crypto treasury in self custody?