With the emergence of decentralized finance (DeFi) and the birth of non-fungible token (NFTs), the cryptocurrency industry has seen an incredible surge in the use of smart contracts, which are programs that run on a blockchain, that automatically respond to various parameters drawn from data on the blockchain written by individuals or other data providers. For users, smart contracts can be perceived as digital agreements between people that can self-execute. While they are considered one of the greatest innovations in the crypto space for enabling automated and permissionless transactions, not everyone has the necessary level of understanding to ensure their security.
With this lack of understanding and lack of discussion, the issue of “blind signing” becomes a real threat to unsuspecting users. This article aims to highlight the dangers of blind signing as demonstrated during the recent attack on OpenSea.
The OpenSea Incident
Industry-leading NFT marketplace OpenSea suffered an exploit in February 2022, reporting a loss of $1.7 million in digital assets over a span of three hours. Co-founder and CEO Devin Finzer explained the attack in a tweet, stating that it was conducted by initially sending potential targets “half of a valid Wyvern order,” which is basically a partial contract that exploits the flexibility of the Wyvern Protocol. A huge portion of the contract was left empty, such that the attacker was then able complete the transaction with their own contract call.
The problem was that the victims had no idea that the compromised contract they were about to sign would be used in this way. Think of it as signing a blank check and giving it to another person. The attacker had only to input the amount they wished to cash out from their victims before proceeding.
Coincidentally, OpenSea had announced a couple of days before the exploit that it was requiring users to migrate their listed NFTs from the Ethereum network to a new smart contract, an announcement the culprits took advantage of. Investigations are still ongoing, but many analysts believe that the attacker used common phishing techniques.
What is Blind Signing?
A blind signature is a type of digital signature where the contents of a message are hidden before it is signed. It is normally used in privacy-centric interactions where the message creator and the signer are different parties. However, blind signing can also be used as an attack vector for hackers to steal assets.
Smart contracts require digital signatures, which function as a form of consent to the terms and conditions for everyone involved in a particular transaction. Traditionally, you have to know what you’re agreeing to in the fine print before you sign a contract. However, the front-end of most decentralized applications only provide a bird’s eye view of the process entailed in a smart-contract call. With the simple click of a button, you can sell an asset at a particular price and confirm the transaction with your private key via a Web 3 wallet—all without having to look into the code behind it, which would most likely be unintelligible to most users.
All of this relies on the idea that you trust the contents of a smart contract and that it is legitimate and faithful to your intention in any particular transaction. Platforms like OpenSea and Uniswap have been operational for a while; hence, users blindly trust their smart contracts. But even if their smart contracts are not compromised, hackers can still steal their users’ funds through phishing methods, like sending private messages and posing as customer support.
Why is Blind Signing Dangerous?
Blind signing opens new avenues for attackers to conduct fraudulent transactions. Here are some examples.
Fake Websites
Most attackers use phishing websites imitating popular platforms in order to call a malicious smart contract. For example, “pancaleswap.com” instead of “pancakeswap.com” or “openseaa.com” instead of “opensea.com.” In such cases, a typo could lead you to a clone website created by a scammer, which would enable them to steal your assets via a malicious smart contract disguised as a “swap” button or other mechanisms.
This method can be used to mimic DEXs, browser-based wallets, marketplaces, and virtually any type of platform your wallet can connect to.
Platform and Smart Contract Vulnerabilities
Similar to what happened with OpenSea, attackers can exploit the flexibities or vulnerabilities of applications to send smart contracts that can perform malicious transaction activities unknown to the victim; malicious actors can get victims to sign a smart contract without letting them know what they are fully getting into.
For instance, fake smart contracts can trick victims by showing them a fake price when selling an asset, when in reality, the true price could be zero.Not only does this open the floodgate for scams, but it also erodes the trust of blockchain communities in smart contract-based transactions.
How to Improve Safety While Using dApps
Disable Blind Signing
Not all crypto wallets support blind signing. If possible, do not force a transaction on a non-supporting wallet by going through third-party applications, especially when you’re transacting with someone you don’t fully trust.
Don’t Trust, Verify
Always make sure that you are signing the right smart contract from the right platform. Moreover, always try to determine whether that app or website you’re using is compromised. You need to be very vigilant when it comes to transacting on a trustless platform, or you just might lose all the assets in your wallet.
The Takeaway
Blind signing is one of many methods hackers use to steal digital assets from their owners. Crypto has come a long way since its early days, but it seems that it’s not completely out of the woods yet. Methods employed by bad actors to exploit vulnerabilities often capitalize on the new technology’s lack of maturity, as it seeks to become more user-friendly and gain mainstream adoption.
As risky as blind signing exploits sound, it’s possible to protect yourself by taking the proper security measures. You don’t blindly sign traditional contracts with random individuals in the offline world, so don’t do it online either.