Crypto’s Greatest Weakness? Blind Signing, Explained

By Kirsty Moreland

If you’ve been hearing about blind signing, but you’re not sure what it means, then look no further. Here, we explain the concept.

If you’re reading this, you already know that crypto is a hot property. Whether your thing is coins, tokens or NFTs, we all have a vested interest in keeping our assets safe. “I know!” you say. Never give my private keys or share my recovery phrase with anyone. Well, that’s true, but it’s not the end of the story.

Following the incredible rise of DeFi and dApps within the crypto scene, smart contracts are becoming more impressive.  If that’s news to you, make sure you check out the Ledger Academy article on what a smart contract is. But for this article, it’s important to understand that smart contracts are essential for executing complex processes in a decentralized manner. To do so, this computer program on the blockchain can store information and self-execute under the right conditions. However, to set off these conditions, a user just like you must sign a blockchain transaction.  Wait though, you are not a robot. So how does a person go about reading a blockchain transaction? 

Well, it’s a difficult topic, and scammers are always on the lookout for new vulnerabilities in the transaction process. There are countless scams and they can also be hard to detect, even for a crypto pro.

Blind signing is a trick leveraged by scammers to steal your assets. Here, we will explain what a blind signature is, how blind signing scams work – and tell you how you can avoid them.

What is Blind Signing?

Simply, a blind signature is a type of wallet signature that allows users to approve a smart contract to interact with their wallet, without knowing the contract’s full details.

How Signing Contracts Translates on The Blockchain

To explain how this concept works digitally, let’s start with the pen-and-paper basics of the real world. Contracts exist to govern our relationships; whether it’s an employment contract requiring you to work 40 hours per week or a monthly Netflix subscription. When you sign a contract, you indicate that you understand and consent to its conditions.

Smart contracts – the infrastructure that powers dApps, NFTs, and many elements of DeFi – work similarly. Let’s say you borrow some crypto from a lender, on the basis that each month you will pay back a set amount with interest. The lending protocol relies on smart contracts to function.

When you sign the smart contract using the private key corresponding to your hardware wallet, you’re essentially agreeing to its terms.

But what if you can’t see the contract? 

Reading Smart Contracts As A Human Is Harder Than It Sounds

The smart contracts used in present-day dApps and NFTs have posed a challenge for the current generation of crypto wallets because their code – containing key contact details – cannot be fully extracted and displayed in a language that the user would understand. In other words, wallets are still playing catch-up with the latest options for consumers.

What Are The Dangers of Blind Signing

So now we know what blind signing is and some of the problems there are with reading signatures. Let’s get into some of the issues blind signing causes.

Blind Signing Allows For Specific Scams and Possible Fraud

With crypto bursting into the mainstream, more and more people are becoming educated about how to keep their assets secure, and there are fewer opportunities for scammers to gain access to your assets. So instead of trying to break the door open – they are relying on you to open it for them.

This type of scam was popular with NFT drops. Bad actors would play on that excitement that came with the industry’s popularity and instead of minting, users would approve transactions that gave scammers access to their assets. So before you give a blind signature for an NFT drop, think. If it’s not a well-known brand, can you be sure the transaction you’re verifying is what you think it is?

Private messages are another hotbed for this type of threat. For example, scammers posed as OpenSea tech admins on Discord, managing o scam an experienced collector. The scammer convinced his victim he was a service advisor and asked him to approve a transaction using his Ledger device. This showed no contract details and the victim believed it was safe. In reality, the transaction he was verifying provided access to his vault, and the advisor was a fraud. Unfortunately, the entire scenario was the staging for a scam.

This is a perfect example of how even an experienced crypto user can make a mistake when the circumstances are convincing enough.

Using Your Laptop or Phone To Transact Is Also Blind Signing

Whenever you sign any transaction using your computer screen, you are technically blind signing.

So let’s say you’re transacting through a soft wallet only. Since your display screen (the computer or mobile) is connected to the internet, it is vulnerable to hacking. The screen of your laptop or phone is untrustworthy.  If a scammer hacks your device, they could change the details on your screen, leading you to sign a malicious transaction. In this case, you would be“blind signing” – approving the transaction based on trust.

The point of using a hardware wallet such as a Ledger device is to eliminate this risk. Your wallet serves as a secure, offline venue that is impenetrable to hackers. As a result, you can trust its screen will always show the true details of a blockchain transaction. The “Trusted Display” on all Ledger devices is invaluable in making sure you know exactly what you’re agreeing to.

Blind Signing is Sometimes Necessary

However, although your Ledger device will always display accurate transaction details, this is only possible when those details are available. And this is not always the case. Let’s say you’ve got the right security measures in place and that you’re making a swap using a combination of your Ledger device along with the soft wallet that’s connecting you to the dApp – good job! 

But, as we previously mentioned most software wallets i.e the middleware between your device and the dApp are unable to read and fully extract the smart contract elements of the transaction. This means that, even if you use your Ledger device to verify and complete the transaction, the device will be unable to show you full details –  since the middleware itself has nothing to transmit to it.

Instead, the device will simply show “Data Present”, leaving you unable to view key details such as action, price, receiving address etc before confirming. Here’s how that looks:

With no detail of what this contract entails, the only option here is to once again verify your transaction based on trust. This is why it’s called blind signing.

Described in this way, blind signing seems pretty risky, but most of us are guilty of doing it; when was the last time you read the user agreement for that new service you signed up to? The fact is that we base many of our decisions on the reputation of who we are transacting with.

Don’t Trust – Verify

Scams involving blind signing usually include a degree of social engineering. To explain, scammers specialize in meticulously creating an environment where you trust them enough to let your guard down.

This type of scam is becoming all the more common because the sheer pace of evolution has made blind signing an industry norm. It’s time for the tools to catch up.

How Can I Ever Use dApps With Peace of Mind?

At Ledger, our mission is to bring absolute transparency and security to every one of your transactions – that means being able to read your contract data each time you sign. Our latest upgrade achieves that by providing clear signing for every integrated dApp. This eliminates the vulnerability faced by users to bring the most secure and fluid experience possible.

Our upgrade sees two big improvements that make this possible. Not only can your Ledger device now read and display smart contract information for a range of dApps; the recent launch of our App Catalogue within Ledger Live enables you to access several DeFi and dApps from within the security of your Ledger device, so you can use Ledger’s ecosystem as a secure gateway to the dApps and services you love. 

Let’s make blind signing a thing of the past!

Take a look at a ParaSwap transaction to show what this means for you:

As shown in the example above, instead of simply showing “Data Present”, the Ledger device can show full transaction details within the absolute security of its Trusted Display – so instead of trusting, you can now verify. 

With new integrations happening constantly, our Ledger’s App Catalogue is leading the industry for dApps security.

What if the dApp I Need Isn’t Integrated?

Since Ledger Live is an open source and open platform – no matter the project, you can write your own plugin to make it Ledger Live compatible and allow your users to clear sign. So why wait? 

In the meantime, while our integrations expand, we understand that some transactions still need an intermediary wallet. If you’re verifying transactions through middleware, you may still be asked to blind sign. Where this is the case, there are still several steps you can take to mitigate your risk of being scammed.

• • Don’t use dApps that you’ve never heard of before, always double-check authenticity. 

• • Be skeptical of DM’s on social media: if someone you don’t know is actively reaching out to you, consider the reasons why. Remember, it could be anyone (don’t link on links). 

• • No matter what type of transaction you’re doing, Ledger devices keep your private keys offline at all times. Using one adds a layer of security to all of your interactions.

Oh…And never ever disclose your recovery phrase to anyone. Your recovery phrase belongs in a place far from the internet. Make sure you never enter it in a software wallet either. Your recovery phrase is only meant for recovering your Ledger device  – one more time for the people at the back!

You can also use the Ledger Extension (Beta) with your Ledger Nano X. Ledger Extension is a Safari browser extension that allows you to:

• • Preview the transaction before it happens,

• • Be aware of any known risks or scams with Web3 Checks, and

• • Make web3 transactions using your iPhone and Ledger Nano X via Bluetooth.

Here’s an example of just two of the warnings Ledger Extension offers.

The Gatekeeper is You

Blind signing has two elements: it’s a technological gap that invites human error. That’s why your judgment has never been so crucial.

No matter how advanced your wallet is, you are the last point of defense for your crypto assets. But by allowing you to scrutinize the details of transactions, Ledger’s expanding App Catalogue empowers you to enjoy the incredible new options made possible by crypto. All of that without submitting yourself to chance.

Knowledge is Power.

Every crypto user should be aware of blind signing – here, School of Block takes a deep dive into the issue, so you’re armed to protect yourself and your crypto!