2026-02-16 –, Auditorium
Multisig wallets give holders a false sense of security. The real attack surface isn't key compromise, it's all of the human and non-deterministic elements. Spoofed simulations, poisoned addresses, compromised frontends, and coerced signers all exploit the same gap. Users don't know what they're signing, and by the time they find out something is wrong, it's already too late. This talk introduces a threat model for high-value custody and presents Kleidi, a wallet system built around reversibility, configurable policies, and guardian-based recovery.
Large crypto holders face well-resourced adversaries using attack vectors that multisig alone cannot address. This talk walks through six categories of threat: simulation spoofing, address poisoning, frontend compromises, supply chain attacks, insider threats, and kidnapping or duress scenarios.
Each attack exploits a common weakness: the finality of signed transactions and the opacity of what's actually being approved. We'll examine real incidents, break down why existing solutions fail, and introduce a defense framework centered on post-signature review windows and cancellation authority.
The session concludes with a demonstration of Kleidi, a wallet implementation that operationalizes this framework through timelocks, policy engines, and guardian services. Attendees will leave with a threat model they can apply to custody architecture reviews and a concrete reference for how reversibility changes the security calculus.
Elliot Friedman is a smart contract engineer focused on security and keeping users safe. He previously ran Solidity Labs, a boutique consulting firm that wrote smart contracts for leading DeFi protocols. He's spoken at the DeFi Security Summit on emerging threat vectors and is currently building Kleidi, a wallet system designed to protect high-value holders from the attacks that multisigs can't stop.