Vitalik Buterin
@vitalik.eth
People who work in large corporate settings where things like this are a risk, do you have any existing rules or standardized best practices for how to minimize the risk? https://twitter.com/RichardHanania/status/1754257428198416393
46 replies
31 recasts
503 reactions
christopher
@christopher
yes, it’s called approval levels. e.g. you need your manager, whom has a $500,000 approval limit, to approve anything. any more than that you need their manager to approve until you get to the board
1 reply
0 recast
3 reactions
Vitalik Buterin
@vitalik.eth
Is this a company policy, or is it enforced in code? (whether through multisigs for cryptocurrency, or instructions given ahead of time to the bank for fiat)
2 replies
0 recast
2 reactions
Vitalik Buterin
@vitalik.eth
If company policy, then how do you deal with the risk of an attack tricking whoever is "actually" the administrator (if you can impersonate 1 person on a video call, you can probably impersonate the entire board)? (And of course, how to deal with rogue administrator risk)
4 replies
1 recast
22 reactions
Alex Michelsen
@snowman
Within corporates they generally have a treasury dept responsible for all cash management, but it ends up being on the shoulders of 2 or 3 key individuals who hold all the power to send money. It is absolutely possible for one or two of them to get a fake demand from CFO or Treasurer to send money and they execute it.
1 reply
0 recast
1 reaction