What is Blind Signing?
| KEY TAKEAWAYS: |
| – Blind signing means signing a transaction without knowing or seeing the full transaction data before authorizing it. – This is one of the most commonly exploited vulnerabilities in wallets, and thus taking precautions to limit blind signing and the risks it may cause is imperative. – Ledger is dedicated to eradicating blind signing, incorporating Clear Signed transactions into Ledger Live, and promoting the adoption of Clear Signing standardization across the blockchain ecosystem. |
While blockchain technology was once about value transfer, ownership, and secure storage, it’s evolved to be a whole lot more. The landscape of digital assets goes much further than coins and is more varied than anyone could imagine at its inception. A particular innovation that stands out includes smart contracts: these self-executing computer programs rely on approvals, where you grant the app approval to move your assets.
However, these complex transactions have opened up a new attack vector wherein a scammer convinces you to sign a malicious transaction, granting them access to your valuable assets. The problem is that most wallets simply can’t translate the details of the transaction you’re approving, a danger known as blind signing.
But what is blind signing exactly?
What is Blind Signing?
Blind signing in the digital asset world is akin to signing a blank check: you’re authorizing a transaction without fully understanding or seeing its details. This typically results in a display filled with a sequence of numbers and letters (otherwise known as a hash) that most humans can’t even begin to decipher.
Most commonly you’ll be forced to blind sign if you’re using a software wallet or you connect your hardware wallet to a software wallet’s interface, but some more complex Ledger Live transactions may prompt you to blind sign too.
What are the Dangers of Blind Signing?
When engaging in Blind Signing, the lack of clarity opens up a myriad of risks. For starters, you might send funds to unintended recipients with malicious intent. Or you might sign an approval that allows a smart contract to take your coins or tokens whenever they like.
Reading about these attacks now, you might think you have enough experience to avoid them, but typically the malicious transaction will be disguised cleverly, either using phishing or social engineering. Thus, taking the right precautions will help you make more informed decisions.
So now we know what blind signing is and how it might target you, let’s get into how you can mitigate the risks of blind signing.
How Can We Combat the Risks of Blind Signing?
Use a Hardware Wallet with a Secure Screen
Whenever you sign any transaction using your computer or smartphone, you are technically blind signing. Since these devices connect to the internet and drive their screens with insecure chips, they are vulnerable to spoofing. To clarify, it means a hacker could change the details of a transaction on your computer or smartphone’s screen, tricking you into signing a transaction you never saw the details of.
Ledger devices benefit from a secure screen, so you can trust the transaction details it shows. The screen of a Ledger device is driven directly by the Secure Element chip, a secure chip that protects your screen from spoofing.
Segregate Your Crypto Assets
If you need to blind sign transactions, you can protect your main holdings by segregating your crypto assets into multiple accounts, only signing potentially malicious transactions with accounts containing minimal value. That way, even if you sign a malicious approval, the attacker can’t access your valuable assets; each approval only works for a single address. Leave your accounts containing value in a vault or cold account, away from your Blind-Signed transactions, and you’re much more protected from blind signing attacks.
Don’t Trust – Verify
Scams involving blind signing usually include a degree of social engineering. To explain, scammers specialize in meticulously creating an environment where you trust them enough to let your guard down.
Research every app before connecting your wallet and signing a transaction. Look up each platform you intend to use and guarantee you’re accessing the official site. Doing your due diligence will help you avoid signing malicious approvals and transactions.
When and How to Enable Blind Signing
It’s worth mentioning that if you use a software wallet with your Ledger device, blind signing is sometimes necessary. Currently, transaction details aren’t standardized, thus your wallet is unable to translate them into a format you can read. Even if you use your Ledger device to verify and complete the transaction, the device won’t show you full details; the middleware doesn’t have the information to transmit.
Instead, the device will simply show “Data Present”, leaving you unable to view key details such as action, price, and receiving address before confirming. Here’s how that looks:
If you’re blind-signing transactions via a software wallet as mentioned, segregating your assets is recommended. Then if you do choose to blind-sign transactions, try to consider the trustworthiness of the platform you’re accessing. If you’re blind signing, do so on a trusted platform or app.
See the full guide on how to enable blind signing on your Ledger device here!
Ledger’s Clear Signing Initiative
At Ledger, our mission is to eliminate Blind Signing, guaranteeing what you see is what you sign. Knowing the dangers blind signing poses to crypto users, we are dedicated to helping the ecosystem evolve to anticipate it. The solution is simple: implementing Clear Signing across the ecosystem.
To explain, Clear Signing comprises two main concepts. The first is clear transaction intent, where your wallet presents you with the kind of approval or transaction being requested and which app is seeking it. Secondly, you need human-readable transaction fields, so that the wallet owner can understand the transaction they are signing.
At Ledger this is a core consideration, so you’ll find many of your transactions in Ledger Live allow you to do exactly that, looking something like the image below.
Instead of simply showing “Data Present”, the Ledger device can show full transaction details on its secure screen, allowing you to read which assets are affected and where they are going. And of course, since the screen of a Ledger device is driven directly by the secure element, you can trust the details it shows.
After a decade of building hardware wallets using this security model, Ledger has launched a wider campaign to eliminate Blind Signing. Working with other industry leaders and developers, Ledger has proposed a method for Clear Signing standardization, making secure transactions more accessible on all wallets and dapps that implement it. To learn more about Ledger’s Clear Signing initiative, check out the full blog post here. But essentially, Ledger’s proposal transforms unreadable hashes into legible, understandable transaction information; the answer to the ever-increasing problem of blind signing transactions.