A small recommendation I would have is that multisig signers could be expected to have GridPlus devices which would allow them to better assess multisig transactions. This seems a reasonably small budget outlay.
I presume when someone is onboarded to a multisig committee that they are provided with documentation of best practises. And I think a document like this should now include a statement to the effect that one should presume that they are a target of social engineering by a nation state APT.
I think Lido is a highly competent DAO and a lot of this is known to them but no harm in upping the paranoia level a little.
2 Likes