Recently, when reviewing projects, I first look at GitHub and audit reports, but honestly, it's not about pretending to understand the code… I look for a few very “human” signals: whether the code is maintained long-term, whether there are people seriously追踪 bugs in the issue tracker, whether the audit report clearly states high risks and whether they have been addressed later. The same goes for upgrading multi-signature wallets, don't just look at “multi-signature = security,” I care more about who the signers are, what the threshold is, whether it can be casually replaced, and preferably with a timelock, otherwise, you might not have time to react if there's an upgrade in the middle of the night.

Recently, hardware wallets are out of stock + phishing links are everywhere, the more I look, the more I feel that security is not a mystique, it relies on these hard indicators as a safety net. I personally trust data more; intuition can easily be misled by narratives, and when positions get big, transparency goes out the window… Anyway, I still prefer small positions and staggered entries, better to miss out than to be swept away by a single wave.