Be wary of the eth_sign blind signature scam: introduction, methods, and prevention

Beware of eth_sign blind signature scam: overview, methods, and prevention

Recently, we have noticed an abnormal activity of the eth_sign blind signature scam, where many users were induced to sign seemingly harmless eth_sign signatures on unknown websites, resulting in their assets disappearing from their wallets. To better understand how this scam works, we need to explain what eth_sign signature is first.

What is eth_sign signature

In Ethereum, eth_sign is a widely-used signing method that allows users to sign a message using their private key. This signing mechanism is a core part of blockchain transactions, as it can prove that a specific account is the initiator of a transaction. Simply put, it’s like signing your name on a piece of paper to prove that you agree with or support the content on the paper.

However, there is a problem that people often overlook in the use of eth_sign, which is that it is often referred to as “blind signature”. This is because when you use eth_sign to sign a message, you may not fully know what you are signing, and you cannot check what the signature represents in reverse. This is because the input of eth_sign is raw characters, not a human-readable format. It’s like signing a contract written in a language you can’t understand, which is why it’s called “blind signature”.

Common scam methods

With an understanding of eth_sign signatures and blind signatures, we can delve into the potential risks of eth_sign and how to prevent such blind signature scams.

Because eth_sign can be used to sign any type of message, including instructions for transactions and smart contracts, malicious third parties may induce you to sign a message that you do not fully understand, resulting in your assets being transferred to their account. Worse yet, they may give you a seemingly harmless message to sign, but in reality, this message may be an operational instruction, and once you sign it, your assets will be transferred to their account.

In the face of this situation, how should we prevent it? To address this type of scam, the new version of imToken has upgraded its risk control system. When a user accesses a third-party DApp to call eth_sign to sign a message, imToken will provide a risk warning pop-up window, reminding the user that the current transaction may have potential risks, and start a 15-second countdown cooldown. This setting is designed to give users enough time to evaluate the necessity and security of the signature operation.

△ imToken risk warning popup

Security Reminder

The imToken security team reminds everyone:

  • Be vigilant about all requests that require the use of eth_sign for signature, especially those from unknown or untrusted sources. If there is any doubt about the authenticity or purpose of a request, do not sign it lightly.
  • Ensure that the message or transaction request being processed comes from a trusted source, such as an official website, official social media, or a verified communication channel. Do not trust links, emails, or private messages from unknown sources.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Hong Kong Stock Exchange with cross-border marriage: will enter digital asset trading within three years

On September 11, the Hong Kong Stock Exchange suddenly announced that it intends to issue a merger proposal to the Lo...

Market

Three days after listing, trading volume is lackluster. The first-ever leveraged BTC ETF in the US did not have a good start.

First leveraged cryptocurrency ETF in the US underperforms expectations three days after listing.

Blockchain

Bibox and SKR staged the coin ring, and the IEO gambling nature became more intense.

At 8 am on the 22nd, two hours before the start of the first Star Project (IEO) on the Bibox Exchange, Bibox official...

Blockchain

Blockchain data analysis lets you see the counterparties

By analyzing the blockchain data set, we will have a better and clearer understanding of cryptocurrencies. (Image sou...

Market

Multiple macroeconomic negative factors have hit the market, causing Bitcoin to drop below 26,000 US dollars in the short term.

24-hour bitcoin price analysis chart shows that bitcoin is in a strong downtrend, with bears dominating the market.

Blockchain

Gu Yanxi: The Governance Mechanism of the Future Encrypted Digital Asset Trading Industry

More and more encrypted digital asset exchanges have emerged in the US market recently. In addition to existing encry...