以太坊社区推出安全功能以结束盲签名

The Ethereum community has introduced Clear Signing, a security feature that ensures users can clearly understand transaction details before signing, replacing unreadable hex data and reducing risks from blind signing attacks.

“Approving a transaction is meant to be the last line of defense when exercising control over what happens to your assets on the blockchain. When it is done blindly, that defense does not hold,” the Ethereum Foundation said on Tuesday, calling blind signing a “structural flaw” that has contributed to billions of dollars in losses, including the $1.4 billion Bybit hack last year.

The “What You See Is What You Sign” security feature aims to address this issue and is being integrated by several self-custody crypto wallets, including Ledger, Trezor and MetaMask.

Source: Ethereum Foundation

The security feature comes as bad actors target the crypto industry with increasingly sophisticated hacks and scams despite considerable improvements in security measures in recent years.

North Korean state-backed workers have stolen over $7 billion in funds alone since 2009, with a large share of that coming from crypto protocols. Bybit 黑客攻击是其最大的加密货币盗窃案，攻击对象是第三方服务提供商并操纵交易签名。

Trezor chief technology officer Tomáš Sušánka told Cointelegraph that attackers have been exploiting this relentlessly due to there not being a widely accessible security feature that is capable of distinguishing malicious smart contracts from legitimate transactions.

This issue has led users to “unknowingly sign them, and lose everything,” Sušánka said, adding that the Clear Signing feature “directly addresses this by making transactions human-readable before approval.”

The Clear Signing feature was introduced through the Ethereum Foundation’s Trillion Dollar Security Initiative and initiated by Ledger through the open-source ERC-7730 token standard.

The foundation said the key components of the Clear Signing feature include “human-readable transaction descriptions” and a “neutral, mirrorable descriptor registry.”

它还包括一个证明框架，使审计员能够验证这些描述符。

许多加密平台都支持清晰签名

Several other crypto wallets and Ethereum privacy and security platforms contributed to the Clear Signing feature, including Keycard, WalletConnect, Argot, Sourcify, Zama, ZKnox and Fireblocks.

Sušánka 表示，Trezor 寻求在 6 月 30 日之前实施该安全功能。

“We're implementing this standard because it's the right thing to do for our users,” Sušánka said before calling the Clear Signing feature a “critical security advancement for our entire industry.”