Blind signing is one of the new scams where scammers steal user assets. Next, we’ll explain what blind signing is, how blind signing scams work, and how you can avoid falling for it.

What is a blind sign?

Before discussing the digital operation model of blind signature, let's talk about the basic concept of signing with pen and paper in the real world. We have contracts that govern our relationship; if you sign a contract, you agree to the terms of the contract, whether it’s an employment contract to work 40 hours a week, or a Netflix subscription that you pay monthly. Signing the contract means that you have read and understood these conditions and agree to abide by them.

Sign a digital contract

Smart contract It is the digital version of the contract, and it is also the infrastructure that supports diversified applications, NFT and diversified finance. Suppose you borrow some cryptocurrencies from a lender and you need to repay these cryptocurrencies with a fixed amount every month. When you verify an agreement with your private key, you are actually digitally signing a smart contract.

But what if you can't actually see the contract? Let's go back to the original question.

Smart contracts used by decentralized applications and NFTs pose a challenge to the current generation of crypto wallets because crypto wallets cannot fully extract and display the code of such smart contracts (including key contract details) in a language that users understand. In other words, wallets are still keeping up with the latest options for consumers.

How does that affect me?

Let's use a real example to explain how this can affect your trading. The first thing to be clear is that whenever a computer screen is used to sign any transaction, it is technically blind.

Assume that you only transact through soft wallets: your display (computer or phone) is already connected to the Internet, so the display is vulnerable to hackers. .That said, under no circumstances should you fully trust a screen that shows you signed details, as it is always possible for the screen to be hacked and display wrong information that would mislead you to sign something else. Once the transaction is confirmed, you complete a "blind signature" and approve the transaction based on trust.

The purpose of using Ledger Nano and other hardware wallets is to eliminate this risk. Keeping your wallet offline is a safe space that hackers cannot break into, so the wallet screen will always show the real details of a particular transaction. That's why our Trust Screen is so important to make sure you know exactly what you're supposed to agree to.

While the Nano wallet always displays accurate transaction details, it will only be displayed correctly if the details are in hand. But that's not always the case.

Assuming you have the right security measures in place, you are using your Ledger device to exchange with a soft wallet, which is connected to a decentralized application. -great!

But as we mentioned earlier, most software wallets (i.e. the middleware between your device and decentralized applications) cannot read and fully extract the smart contract elements of transactions. .That is, even if you use a Ledger device to verify and complete the transaction, the device cannot show you the full transaction details since the middleware itself has no information to transmit.

Blind Signatures Create New Fraud

As cryptocurrencies become more mainstream and more people know how to keep their assets safe, there are fewer opportunities for scammers to defraud users of their assets. So instead of trying to force a break, they use you to help them crack.

The release of NFT projects on unknown websites is a typical example. The NFT craze has created a huge demand for this digital asset, and the release of the NFT project is to take advantage of this frenzy. But before an NFT project blindly signs a release, please consider this. Given that few people know about the brand, can you be sure that the deal you're verifying is the one you want to make?

This risk also exists in private correspondence. There was a recent incident where scammers were posing as OpenSea technical managers on Discord. An experienced collector needed technical help, then he started discussing his account with scammers claiming to be service advisors. During the chat, the advisor asked him to use the LedgerNano to approve transaction calls, but did not provide any contract details. In fact, the transaction he was verifying at the time was to provide access to the vault, and the real identity of the advisor was a scammer, so the whole scenario was just a scam.

This example shows that even experienced cryptocurrency users can make mistakes if the scenario is convincing enough.

Don't Believe – Verify

Fraud of this nature utilizes social engineering. Scammers carefully create an environment that makes you trust them and let your guard down. – In this case, the victim assumes that the counterparty is a reputable help desk worker and blindly signs transactions based on trust.

With the rapid development of the cryptocurrency industry, blind signing has become the norm in the industry, and this kind of scam is becoming more and more common. It's time to put our devices to work.

How can you use decentralized applications with peace of mind?

Ledger's mission is to ensure that every transaction is absolutely transparent and secure, which means you can view your contract data every time you sign. Therefore, our latest upgrade will use transparent signatures for all integrated decentralized applications. This approach eliminates the risk of vulnerabilities and creates the safest and smoothest user experience.

In order to achieve this goal, this upgrade has a lot of improvements in two aspects. Your Nano device can now read and display smart contract information for a range of decentralized applications; not only that, but our recently launched application directory on LedgerLive will allow you to use various decentralized financial and Decentralized applications that enable you to use the Ledger ecosystem as a secure portal to your commonly used decentralized applications and services.

Make blind signing a thing of the past!