alt Hacker News> The attacker used social engineering to induce Drift Security Council multisig signers into pre-signing transactions that appeared routine but carried hidden authorisations.
So much for the "Security Council". What an embarrassment to be in a team/org like that and fail your most basic duty which would be "look at what you sign".
That was inevitable, and all designs like that will eventually yield the same outcome.
The people who should be embarrassed are the ones who thought having a group of humans routinely review (possibly complex) transactions for correctness, with no ability to undo/revert the outcome, was a good idea.