Safe responds to the blind signature security incident and recommends multi-device signing

2024-10-18 23:41:06

Collection

ChainCatcher message, the Safe team reviewed the security incident mentioned in the post-mortem report of Radiant Capital, noting that the Safe {Wallet} front-end functioned normally, but external devices were compromised during the signing process, allowing hackers to replace transaction data and trick signers into signing malicious transactions.

The Safe team believes this incident highlights the risks of blind signing, where users approve transactions without fully viewing the transaction details, especially when using hardware wallets. To address this issue, Safe recommends using multiple signing devices from different vendors (for example, a combination of Ledger and Trezor) and connecting these devices through trusted interfaces to enhance transaction visibility and security.

Additionally, Safe is exploring technologies like conditional signing to provide more contextual information without sacrificing security. The Safe team is considering directly calculating the Ledger hash in its interface so that users can verify the hash displayed on the hardware wallet and the interface. The Safe team emphasizes that all parties in the ecosystem need to collaborate to address the blind signing issue and is committed to working with hardware wallet providers and the community to improve transaction and message signing processes.

(Source Link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.