Ledger CTO warns crypto customers about the dangers of ‘blind signing’

“Don’t belief, study,” says Charles Guillemet, the CTO of hardware wallet firm Ledger.

431 Full views

2 Full shares

Ledger CTO warns crypto users about the dangers of 'blind signing'

With essentially the most modern assault on OpenSea highlighting blockchain vulnerabilities, Charles Guillemet, the CTO of Ledger warns customers about “blind signing” which he defines as “consenting a transaction to be signed blindly, with out figuring out what it formulation.” 

In an interview with Cointelegraph, Guillemet broke down the complications and highlighted points with blind signing. The Ledger CTO notes that consenting to transactions requires signing a message to be despatched to the blockchain. A user is basically the most classic one able to signing transactions with the deepest key, while others can study if it is upright. “The reveal is that this message will not be intelligible by default. It’s a digital payload,” says Guillemet.

Guillemet also explained that after a coin transfer is signed, it’s in total supported by a wallet that “correctly parses the payload and shows its intent.” On the other hand, when it comes to signing complex interactions with beautiful contracts, Guillemet says that “parsing the characterize will not be continually correctly supported and to boot you design not have confidence any selection nonetheless consenting blindly for a transaction that you don’t realize.”

“It’s unhealthy on story of you might perchance possibly well possibly deem you’re signing a transaction to transfer allotment of your funds to handle A at the same time as you in actuality signal a transaction to transfer all of your funds to handle B.”

Linked: OpenSea disables parts lickety-split as contract migration completes

The protection educated also gave examples where blind signing led to famous losses. In essentially the most most modern OpenSea exploit, customers encountered a phishing assault that resulted within the loss of $1.7 million price in nonfungible tokens (NFTs). Guillemet notes that in this incident, the attackers tricked their victims into blind-signing a message that made them consent to sell all their NFTs for 0 ETH.

“The attacker had easiest to signal a transaction announcing ‘I’m ample to map shut these NFTs for 0 ETH,’ after which equipped these two messages to OpenSea to in actuality design the transaction swapping 0 ETH against all the victims’ NFTs.”

When requested what he thinks is the answer to the reveal of blind signing, Guillemet turned to an passe crypto adage, “don’t belief, study.” He tells crypto customers to “continually study the transaction you consent to signal.” One suggestion that the protection educated brought up is signing transactions the usage of trusted shows that can even be found on hardware wallets.