Die Ethereum-Community führt eine Sicherheitsfunktion ein, um blindes Signieren zu beenden

The Ethereum community has introduced Clear Signing, a security feature that ensures users can clearly understand transaction details before signing, replacing unreadable hex data and reducing risks from blind signing attacks.

“Approving a transaction is meant to be the last line of defense when exercising control over what happens to your assets on the blockchain. When it is done blindly, that defense does not hold,” the Ethereum Foundation said on Tuesday, calling blind signing a “structural flaw” that has contributed to billions of dollars in losses, including the $1.4 billion Bybit hack last year.

The “What You See Is What You Sign” security feature aims to address this issue and is being integrated by several self-custody crypto wallets, including Ledger, Trezor and MetaMask.

Quelle: Ethereum Foundation

The security feature comes as bad actors target the crypto industry with increasingly sophisticated hacks and scams despite considerable improvements in security measures in recent years.

North Korean state-backed workers have stolen over $7 billion in funds alone since 2009, with a large share of that coming from crypto protocols. Der Bybit-Hack war der größte Krypto-Raub, bei dem ein Drittdienstleister kompromittiert und Transaktionssignaturen manipuliert wurden.

Trezor chief technology officer Tomáš Sušánka told Cointelegraph that attackers have been exploiting this relentlessly due to there not being a widely accessible security feature that is capable of distinguishing malicious smart contracts from legitimate transactions.

This issue has led users to “unknowingly sign them, and lose everything,” Sušánka said, adding that the Clear Signing feature “directly addresses this by making transactions human-readable before approval.”

The Clear Signing feature was introduced through the Ethereum Foundation’s Trillion Dollar Security Initiative and initiated by Ledger through the open-source ERC-7730 token standard.

The foundation said the key components of the Clear Signing feature include “human-readable transaction descriptions” and a “neutral, mirrorable descriptor registry.”

Es enthält auch ein Bescheinigungsrahmenwerk, das es Prüfern ermöglicht, diese Deskriptoren zu überprüfen.

Eine Vielzahl von Kryptoplattformen unterstützen Clear Signing

Several other crypto wallets and Ethereum privacy and security platforms contributed to the Clear Signing feature, including Keycard, WalletConnect, Argot, Sourcify, Zama, ZKnox and Fireblocks.

Sušánka sagte, Trezor wolle die Sicherheitsfunktion vor dem 30. Juni implementieren.

“We're implementing this standard because it's the right thing to do for our users,” Sušánka said before calling the Clear Signing feature a “critical security advancement for our entire industry.”