PANews reported on April 3 that Keone Hon, co-founder of Monad, released a security checklist on the X platform, focusing on core issues such as management permissions, fund security, and multi-signature mechanism design. The checklist includes ten key points:

1. Identify which administrator functions may lead to financial losses;

2. Ensure that all related operations are set with time locks;

3. Establish a real-time monitoring mechanism;

4. Provide timely alerts when administrator functions are called;

5. Review all privileged accounts and adopt a multi-signature (k-of-n) structure whenever possible;

6. Clearly define the signature threshold parameters;

7. Multisignature signers should use a separate cold device solely for signing operations and follow best practices (such as independently verifying transaction hashes).

8. Set withdrawal rate limits and avoid having them controlled by the same multi-signature;

9. Ensure that employees' devices have the capability to detect and manage malicious software;

10. Pre-set extreme scenarios where multiple signers are compromised, reverse-engineer potential attack paths from the attacker's perspective, and optimize system design accordingly to increase attack cost and complexity.

According to previous reports, a week before suffering a $285 million hack, Drift Protocol changed its multisignature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attackers then gained administrator privileges, forged CVT tokens, manipulated oracles, disabled security mechanisms, and transferred high-value assets from the liquidity pool.