Malicious transaction risks mitigated as Ethereum Foundation introduces pioneering authentication protocol

The Ethereum Foundation and a group of major crypto wallet developers are rolling out a new security standard designed to stop users from accidentally signing away their funds, a problem that has fueled some of the industry’s biggest hacks and scams.

The initiative, called “Clear Signing,” aims to replace the confusing walls of code users currently see when approving Ethereum transactions with simple, human-readable explanations of what they’re actually agreeing to.

The effort comes after years of phishing attacks and wallet drains that often boil down to the same issue: users unknowingly approving malicious transactions they don’t understand. The Ethereum Foundation pointed to incidents like the Bybit hack as examples of how attackers exploit “blind signing,” where users approve transactions filled with unreadable technical data.

Right now, signing a crypto transaction can feel like clicking “accept” on a terms-of-service page written in another language. Wallets often display long strings of code that only highly technical users can decipher, leaving everyday traders vulnerable to fake apps, malicious links and compromised websites.

The new system would instead let wallets display clearer prompts such as what assets are moving, who is receiving them and what permissions are being granted before users hit approve.

The framework relies on a proposed Ethereum standard called ERC-7730 and a public registry where transaction descriptions can be reviewed and verified by independent security researchers. Wallets can then choose which trusted sources to use when presenting information to users.

The Ethereum Foundation’s Trillion Dollar Security Initiative said it plans to oversee the infrastructure behind the registry while encouraging wallets and developers across the ecosystem to adopt the standard.

The push highlights a growing realization inside crypto that better security may depend less on smarter code and more on making sure users actually understand what they’re signing.

"We welcome the Ethereum Foundation's Clear Signing standard as a critical security advancement for our entire industry. This addresses a fundamental vulnerability that has plagued cryptocurrency users for years, blind signing. When users can't understand what they're signing, security becomes much more difficult. This standard changes that, and every wallet provider should embrace it," said Tomáš Sušánka, chief technology officer of Trezor, in an email sent to CoinDesk.

Read more: Vitalik Buterin pushes ‘DVT-Lite’ to make Ethereum validator setup easier