Ethereum Developers Propose Fix to 'Blind Signing' Risk Tied to Massive Losses
A coalition of Ethereum developers and key wallet providers has proposed ending "blind signing," a vulnerable process where users approve machine-readable transactions that are difficult to interpret. This vulnerability has contributed to significant losses, such as the $1.5 billion Bybit hack. The proposed “clear signing” standard will ensure users see clear, human-readable transaction details before approval, enhancing security and reducing the risk of fund loss. The initiative involves the Ethereum Foundation, Ledger, Trezor, MetaMask, and WalletConnect, building on former Ethereum Improvement Proposals (ERC-7730 for readable descriptions and ERC-8176 for attestation and integrity). The approach also includes a decentralized registry for securely distributing transaction descriptors and developer tools. The Ethereum Foundation’s Trillion Dollar Security Initiative will oversee the clear signing registry, with the broader aim to prepare the Ethereum network for large-scale, secure adoption while also addressing quantum computing, front-end security, and usability improvements.
