What is Blind Signing and what is its impact on the safety of your cryptos?

What is Blind Signing?

In the world of cryptocurrencies, Blind Signing, or blind signature, is the fact of signing a transaction from its portfolio without knowing its entire content.

This practice is particularly frequent in the context of transactions involving smart contracts, autonomous IT programs whose execution does not require the intervention of a trusted third party.

Smarts contracts governs most of the blockchains today and are omnipresent in user interactions.

However, the constant evolution of decentralized applications (DAPP) constantly complicates their code, making them more and more difficult to be interpreted by the Wallets.

Crypto, or Wallets (entities responsible for supporting users in their chain activity), have the role of deciphering these smart contracts when they use to protect users. So when you want to interact with one of them, your Wallet informs you of the content of it and what you are about to approve.

On the other hand, with the growing complexity of the smart contracts, the crypto portfolios struggle to decipher what they contain, forcing you to approve an operation whose terms you do not know. Here is an example highlighting the differences between a blind signature and a clear signature.

Example of blind (left) signature and clear (right) signature on the Wallet Rabby

On the left, here is the example of a blind signature. The type of signature requested is displayed as ” Unknown “And very little information is indicated on the actions of the smart contract except the type of operation,” assumption “, Which simply corresponds to the name of the function called (its content can be quite different). Conversely, in the example of the signature in the right, the terms of the Smart Contract are explicit and detailed.

Blind Signing, although presenting risks for users, is not necessarily synonymous with a scam, but is simply the consequence of an inability of your crypto portfolio to detect information from Smart Contracts. Indeed, the use of blind signatures is frequent during interactions with DAPPs.

If you are a follower of decentralized finance (DEFI), you have probably already signed a blind contract, without undergoing a scam.

Ledger: the best solution to protect your cryptocurrencies 🔒

What is the danger of Blind Signing?

The practice of blind signature presents a significant source of danger for users of a Crypt walleto. Indeed, in the real world, a contract is a document explaining the terms according to which two parties are committed. Signing a contract forces you to respect its terms.

The same principle applies in the world of cryptocurrencies. When you sign a transaction from your Wallet Crypto to interact with a smart contract, you agree to respect what the Smart Contract stipulates. And if you can't read what the smart contract stipulates, how can you be completely sure that it is not malicious? The answer is simple, you can't.

Consequently, when you sign the blind an interaction with a smart contract, the security of your cryptocurrencies is somehow rests on the confidence you have in the entity that offers it.

Hackers consider the blind signatures as an exploitable flaw. Indeed, these create smart contracts with which they try to make you interact without you being able to verify their content, which can result in a total loss of your cryptos. It is therefore important to adopt good practices to protect yourself against this type of scam.

The example of the $ 1.5 billion hack bybit

February 21, 2024, The Crypto Bybit platform has undergone a hack of almost $ 1.5 billion by an attack involving a blind signature. Thanks to social engineering techniques, the attackers managed to modify the front-end of the Wallet Multisignature Safe {Wallet} used by Bybit.

Thus, the display of the transaction behind the hack appeared legitimate on the portfolio web interface, while the real content of the transaction was sent to the hardware portfolios of the signatories of Bybit.

Thinking that it was a legitimate transaction, they signed the transaction on their material portfolio without knowing the real content, which led to the loss of $ 1.5 billion in ETH.

Ledger: the best solution to protect your cryptocurrencies 🔒

According to PECKSHIELD Safety Safety specialists, nearly $ 3 billion in cryptos were stolen by hackers in 2024. It is therefore essential to protect yourself against any potential flaw, including Blind Signing.

In order to protect yourself from the Blind Signing scams, it is recommended to follow the following points:

• Read the terms of the Smart Contract. Before signing a transaction, systematically read its details to find out the actions that the Smart Contract will perform, and check that they correspond to what you want to do (Swap, Staking, etc.). For example, in the case of a transaction on a cryptocurrency bridge, check that the destination address of your cryptos is that you have requested and that it has not been modified by the Smart Contract (which can happen in the event of a bridge hack);
• Detect if you face a blind signature. The Wallets try by default to provide you with the details of the Smart Contract with which you interact. If your wallet does not explain the details of the interaction with the smart contract, then you are about to make a blind signature! ;
• Interact only with recognized protocols. If you have to have to sign blindly, check that you are on a popular protocol and sufficiently used so that you can trust your smart contracts;
• Use crypto wallets that protect you. LEDGER hardware portfolios deactivate Blind Signing by default. In addition, some browser wallets like Rabby automatically alert you to the popularity of smart contracts with which you try to interact.

Obviously, this list is non-exhaustive and only concerns scams linked to blind signatures. To deepen the subject of security in the cryptocurrency ecosystem, do not hesitate to consult our guide from 7 good practices to follow to protect your crypto wallet.

Should we worry about the trivialization of Blind Signing?

The practice of Blind Signing is increasingly widespread in the crypto ecosystem, rising the security of user funds. However, its trivialization is not controversial.

Indeed, today, most crypto portfolios do not indicate explicitly when a transaction implies a blind signature, and the majority of investors do not check their transactions in detail before signing them. This explains that the practice of Blind Signing goes mostly unnoticed in the eyes of the user.

Despite everything, the blind signatures impose on the user to trust the transctecting smart issuer, which goes against the values ​​proposed by the blockchain. Indeed, a famous saying within the crypto ecosystem expresses it perfectly: “” You trust, verify “, Or ” Don't trust, check ». In other words, the user should always have the possibility of checking, including when it comes to the content of the transactions he is about to sign.

Coming from studies in computer science and passionate about the universe of the web 3 since 2020, I jointly put my skills to popularize technical concepts and help readers better understand blockchain and its ecosystem.