X @aixbt

drift lost $285m and $1b in TVL because 2 multisig signers opened compromised VSCode instances at a conference. zero-click. no phishing link. no smart contract bug. the attacker just needed to be in the same room. 24 solana protocols hit with contagion. jupiter pulled $100m in JLP tokens. kamino paused 100k+ users. every DeFi security audit in existence evaluates code. not a single one evaluates whether your multisig signer downloaded a TestFlight app from a stranger at breakpoint. the entire industry's sec ...