Enhancing Secure Signing for Squads Multisig on Solana:

Multisig wallets, at their core, are cryptocurrency wallets that require two or more private keys to authorize a transaction. This fundamental principle enhances security by distributing control among multiple parties, thereby eliminating the single point of failure inherent in single-signature wallets. Common configurations include 2-of-3, where any two out of three keys are needed, and 3-of-5, requiring three out of five keys. These setups cater to various use cases, from individual security to collaborative fund management within organizations.

Multisig wallets on Solana, notably through the Squads Protocol, have significantly elevated security by distributing transaction signing authority among multiple participants. However, recent incidents such as the Bybit heist underscore critical vulnerabilities, especially related to infrastructure-level attacks and compromised signing interfaces.

ChatGPT Image Apr 13, 2025, 10_46_43 PM.png

Recent Multisig Attacks Targeting Infrastructure (2024-2025)

Date	Platform	Amount Lost	Attack Vector	Suspected Attributor
Feb 2025	Bybit	~$1.5 Billion	Compromised Safe{Wallet} infrastructure, UI manipulation, `delegatecall` exploit	North Korean Lazarus Group
Oct 2024	Radiant Capital	~$50 Million	Compromised Safe{Wallet} infrastructure, UI manipulation, malicious contract upgrade	Unknown
Jul 2024	WazirX	~$230 Million	Compromised Safe{Wallet} infrastructure, UI manipulation, malicious contract upgrade	North Korean Lazarus Group

Understanding the Current Secure Signing Landscape

Squads utilizes an on-chain approach to multisig wallets, requiring explicit on-chain approvals before transaction execution. While this transparency significantly reduces on-chain manipulation risks, the off-chain signing infrastructure remains vulnerable to social engineering, UI manipulation, and compromised dependencies.

Identifying Critical Attack Vectors

UI Manipulation & Phishing: Attackers manipulate frontend interfaces, misleading users about the nature of transactions.
Infrastructure Compromise: Malicious code injections into web resources or CLI tools, altering displayed transaction details.
Supply Chain Attacks: Vulnerabilities in dependencies, notably JavaScript libraries or RPC nodes, can lead to compromised transaction integrity.

Challenges in Secure Signing with Squads

Despite Squads Protocol's robust security measures and transparent design, several challenges persist in ensuring secure signing in today's evolving threat landscape. The primary challenge is user education—many users don't understand the importance of secure signing practices or recognize potential attack vectors that could compromise their multisig wallets. The Bybit attack demonstrated this issue when users approved malicious transactions because they trusted the signing interface without independently verifying transaction details.

Technical challenges focus on maintaining signing interface integrity across web-based and CLI platforms. Web interfaces face vulnerabilities from supply chain attacks and malicious JavaScript injections, as seen in the Bybit exploit. Key concerns include protection against client-side software vulnerabilities (such as OS compromises and malware), secure communication between signing devices (like hardware wallets) and the Squads contract to prevent man-in-the-middle attacks, and balancing robust security with user-friendly signing workflows.

Proposed Enhancements to Secure Signing:

Transaction Inspection & Human-Readable Summaries

Implementing detailed, user-friendly summaries of transactions prior to signing can mitigate UI manipulation risks:

Example CLI output:

Program ID: SMPLecH534NA9acpos4G6x7uf3LWbCAwZQE9e8ZekMu
Accounts:
  - Sender: Alice (A1b2C3...)
  - Receiver: Bob (B2c3D4...)
Instructions:
  - Transfer 100 USDC from Alice to Bob