Ledger CTO warns crypto users about the dangers of ‘blind signing’

Free Bitcoin



With the recent attack on OpenSea highlighting blockchain vulnerabilities, Charles Guillemet, the CTO of Ledger warns users about “blind signing” which he defines as “consenting a transaction to be signed blindly, without understanding what it means.” 

In an interview with Cointelegraph, Guillemet broke down the problems and highlighted issues with blind signing. The Ledger CTO notes that consenting to transactions requires signing a message to be sent to the blockchain. A user is the only one capable of signing transactions with the private key, while others can verify if it’s correct. “The issue is that this message is not intelligible by default. It’s a digital payload,” says Guillemet.

Guillemet also explained that when a coin transfer is signed, it’s normally supported by a wallet that “properly parses the payload and displays its intent.” However, when it comes to signing complex interactions with smart contracts, Guillemet says that “parsing the display is not always properly supported and you have no choice but consenting blindly for a transaction that you don’t understand.”

“It’s risky because you can think you’re signing a transaction to move part of your funds to address A while you actually sign a transaction to move all your funds to address B.”

Related: OpenSea disables features temporarily as contract migration completes

Genesis-mining

The security expert also gave examples where blind signing led to significant losses. In the most recent OpenSea exploit, users encountered a phishing attack that resulted in the loss of $1.7 million worth in nonfungible tokens (NFTs). Guillemet notes that in this incident, the attackers tricked their victims into blind-signing a message that made them consent to sell all their NFTs for 0 ETH.

“The attacker had only to sign a transaction saying ‘I’m ok to buy these NFTs for 0 ETH,’ and then presented these two messages to OpenSea to actually execute the transaction swapping 0 ETH against all the victims’ NFTs.”

When asked what he thinks is the solution to the issue of blind signing, Guillemet turned to an old crypto adage, “don’t trust, verify.” He tells crypto users to “always verify the transaction you consent to sign.” One suggestion that the security expert brought up is signing transactions using trusted displays that can be found on hardware wallets.



  • Bitcoin
  • Ethereum
  • Tether
  • Dogecoin
Scan to Donate Bitcoin to 14dNrgxvkPsmFNUSW1h2Qit8ox5AioJpNc

Help us! Donate any amount of Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0xe925df5a97c85f2d52547bace18feca6e0bfa6cc

Help us! Donate any amount of Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Tether to 0xe925df5a97c85f2d52547bace18feca6e0bfa6cc

Help us! Donate any amount of Tether to this address

Scan the QR code or copy the address below into your wallet to send some Tether

Scan to Donate Dogecoin to D9tRctXqnQeqSKFBzWeHFHCwTu7rcRE4XQ

Help us! Donate any amount of Dogecoin to this address

Scan the QR code or copy the address below into your wallet to send some Dogecoin



Source link

Ledger Nano X - The secure hardware wallet

Be the first to comment

Leave a Reply

Your email address will not be published.


*