Be wary of the eth_sign blind signature scam: introduction, methods, and prevention

Beware of eth_sign blind signature scam: overview, methods, and prevention

Recently, we have noticed an abnormal activity of the eth_sign blind signature scam, where many users were induced to sign seemingly harmless eth_sign signatures on unknown websites, resulting in their assets disappearing from their wallets. To better understand how this scam works, we need to explain what eth_sign signature is first.

What is eth_sign signature

In Ethereum, eth_sign is a widely-used signing method that allows users to sign a message using their private key. This signing mechanism is a core part of blockchain transactions, as it can prove that a specific account is the initiator of a transaction. Simply put, it’s like signing your name on a piece of paper to prove that you agree with or support the content on the paper.

However, there is a problem that people often overlook in the use of eth_sign, which is that it is often referred to as “blind signature”. This is because when you use eth_sign to sign a message, you may not fully know what you are signing, and you cannot check what the signature represents in reverse. This is because the input of eth_sign is raw characters, not a human-readable format. It’s like signing a contract written in a language you can’t understand, which is why it’s called “blind signature”.

Common scam methods

With an understanding of eth_sign signatures and blind signatures, we can delve into the potential risks of eth_sign and how to prevent such blind signature scams.

Because eth_sign can be used to sign any type of message, including instructions for transactions and smart contracts, malicious third parties may induce you to sign a message that you do not fully understand, resulting in your assets being transferred to their account. Worse yet, they may give you a seemingly harmless message to sign, but in reality, this message may be an operational instruction, and once you sign it, your assets will be transferred to their account.

In the face of this situation, how should we prevent it? To address this type of scam, the new version of imToken has upgraded its risk control system. When a user accesses a third-party DApp to call eth_sign to sign a message, imToken will provide a risk warning pop-up window, reminding the user that the current transaction may have potential risks, and start a 15-second countdown cooldown. This setting is designed to give users enough time to evaluate the necessity and security of the signature operation.

△ imToken risk warning popup

Security Reminder

The imToken security team reminds everyone:

  • Be vigilant about all requests that require the use of eth_sign for signature, especially those from unknown or untrusted sources. If there is any doubt about the authenticity or purpose of a request, do not sign it lightly.
  • Ensure that the message or transaction request being processed comes from a trusted source, such as an official website, official social media, or a verified communication channel. Do not trust links, emails, or private messages from unknown sources.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Starting to decentralize the game platform: Is it a good day to break the monopoly?

On May 31 , Xiao Xiao invited the founding partner of Xingyao Capital, Liu Jiang, founder of Xingheng Education, Chen...

Market

Fortune Magazine From ambitious to defensive, what twists and turns has the crypto queen Katie Haun experienced?

Cryptocurrencies may experience cyclical fluctuations, but this time the trough is much steeper than investors expect...

Blockchain

Raise $130 million! Encrypted exchange INX will issue securities tokens via IPO

According to Coindesk's August 20 report, the incremental exchange startup INX Limited plans to raise $129.5 mil...

Blockchain

FTX shatters Taylor Swift's crypto dream, $100 million collaboration also falls through.

FTX shatters Taylor Swift's Crypto dream, $100 million collaboration falls through. Blocking, former founder SBF is n...

Policy

Jurors buckle up as Sam Bankman-Fried's criminal trial takes off with riveting jury directions

SBF faces seven charges of financial fraud in connection with FTX's downfall in November.

Blockchain

Ieo, which used to be ten times easier, is there anyone else involved?

At the beginning of the new year, the coin opened the curtain of the IEO "issuing the first exchange" stage...