MRO

As an user: 1. If a program that has any type of escrows that store private keys - that would be compromised (if they updated in the last 6h to any of these versions) 2. Any other program that doesn't store them, say, when you sign a TX for a swap - this should be fine. Looks like they already drained, incredibly unlikely they are storing keys. Just in case, wait until all projects have updated to the safe version and don't do anything. Removing connections in phantom or anything like that is moot. You can move funds if it makes you feel safer but unless you are running something locally with those keys - you are most likely safe