Ledger CTO warns crypto users about the dangers of 'blind signing'

“Don’t trust, verify,” says Charles Guillemet, the CTO of hardware wallet firm Ledger.

With the recent attack on OpenSea highlighting blockchain vulnerabilities, Charles Guillemet, the chief technology officer of Ledger warns users about “blind signing,” which he defines as “consenting a transaction to be signed blindly, without understanding what it means.” 

In an interview with Cointelegraph, Guillemet broke down the problems and highlighted issues with blind signing. The Ledger chief technology officer notes that consenting to transactions requires signing a message to be sent to the blockchain. A user is the only one capable of signing transactions with the private key, while others can verify if it's correct. "The issue is that this message is not intelligible by default. It’s a digital payload," says Guillemet.

Guillemet also explained that when a coin transfer is signed, it’s normally supported by a wallet that “properly parses the payload and displays its intent.” However, when it comes to signing complex interactions with smart contracts, Guillemet says that “parsing the display is not always properly supported and you have no choice but consenting blindly for a transaction that you don’t understand.”

“It’s risky because you can think you’re signing a transaction to move part of your funds to address A while you actually sign a transaction to move all your funds to address B.”

Related: OpenSea disables features temporarily as contract migration completes

The security expert also gave examples where blind signing led to significant losses. In the most recent OpenSea exploit, users encountered a phishing attack that resulted in the loss of $1.7 million worth in nonfungible tokens (NFTs). Guillemet notes that in this incident, the attackers tricked their victims into blind-signing a message that made them consent to sell all their NFTs for 0 ETH.

“The attacker had only to sign a transaction saying "I’m ok to buy these NFTs for 0 ETH," and then presented these two messages to OpenSea to actually execute the transaction swapping 0 ETH against all the victims’ NFTs.”

When asked what he thinks is the solution to the issue of blind signing, Guillemet turned to an old crypto adage, “don’t trust, verify.” He tells crypto users to “always verify the transaction you consent to sign.” One suggestion that the security expert brought up is signing transactions using trusted displays that can be found on hardware wallets.