A whitelist mechanism will be deployed in the next few days so new multisig accounts initially go to a pending state requiring manual addition to the Squad list Further updates will be shared as these

— A banner alerting users to this attack — An alert on any multisig never interacted with before

— If legitimacy is uncertain, verify with the team before taking action — Set Squads accounts as default to pin them at the top of the Squad list via the Squad list options UI updates deploying in the

— Do not interact with any multisig that was not created or added by the team — Do not rely on matching only the first and last characters of an address; always verify the full address against internal

Impact: None if there is no interaction. This is not a protocol vulnerability. Attackers cannot access funds, execute transactions, or modify existing multisigs. It is a UI-level social engineering attempt.

Attacker goal: Cause a fake multisig to be mistaken for a real one — either by copying its vault address (sending funds to an attacker-controlled account) or by getting a signer to approve a transaction

Attack vector: Because all public keys are visible on-chain, attackers are programmatically creating new multisig accounts that include existing Squads users as members. These multisigs show up in the

An address-poisoning attack targeting Squads users has been identified. No evidence exists of any users being impacted at this time.

Avoid doxxing multi-sigs Squads users are the target Every co-signer, every pubkey, indexed and grindable on-chain Offline signing provides one signature and no visible members Multi-auth without the map

Bybit Wallet - 0-0.5% Binance Web3 Wallet - 0-0.5% OKX Web3 Wallet - 0-0.5%

Exodus - 0.5% minimum, actual spread often 2-5% depending on pair Rabby - 0.25% Backpack - 0% on Solana swaps and bridges Ledger Live - 0.5-1%, varies by partner provider Atomic Wallet - ~0.5-1% Zengo

Swap fees per wallet: MetaMask - 0.875% OpenSea - 0.85% Phantom - 0.85% (1.5% for gasless mobile swaps on Solana) Zerion - 0.67% (0% with Premium DNA)

0.5% and below performs very well with Vultisig Holding a larger $VULT balance lowers fees — it's that simple

A request for a post clarifying the security of funds once imported to a new MPC wallet 🙏🏻

Sweet! Will the original seed phrase still be a risk factor if it were compromised? Or are the funds somehow imported into new addresses that are multi-sig secure?

For long-term safety, creating a fresh MPC vault is recommended. Suited for those with active positions or who prefer not to migrate manually

Yes, the seed phrase remains cryptographically valid, so it can't be invalidated and the risk of it leaking still exists. Day-to-day operations are protected by the vault's multi-factor security.

Rafiki could nail that - auto-rebalancing sounds seamless with AI smarts

Thoughts? 😏 One area likely to 10x: Personalized yield strategies Apps assess user risk Apps build the right strategy Apps implement and auto-rebalance Simple but so powerful

If the team commits to comply when that day comes, some investors would increase positions 20x