The recent assault on OpenSea indicated the blockchain weaknesses, as Ledger’s CTO – Charles Guillemet – cautions the customers regarding the blind signing as he categorizes to consent a transfer to be blindly signed, without comprehending it. In his interview, he simplified the issues and identified the problems associated with bling signing.
The CTO brings out that to consent for transactions there is a requirement for signing a message that would be received by the blockchain. A customer is a sole person having the potential to sign transactions as he holds the private key, whereas the rest of the people just verify it to be correct.
The problem lies with the non-intelligibility of the message. It contains a digital payload, as per Guillemet. He also elaborated on the signing of a transfer, it is usually supported on the behalf of a wallet responsible for adequately parsing the respective payload as well as showing the intent thereof.
Nevertheless, Guillemet added, in case of signing complicated smart contracts-based interactions, sometimes parsing is not adequately supported and the consumer does not have any choice but to consent to the transaction blindly without having a sufficient understanding.
In his words, it is hazardous as the users consider signing the transaction to shift a proportion of the funds to the address of their choice whereas signing the transaction shifts entirety of the funds thereof to some other address.
Apart from this, the security expert provided the instances where the consumers were led to substantial losses due to blindly signing. In the latest exploit, up to $1.7M worth in NFTs (non-fungible tokens) was lost. Guillemet signifies that the swindlers deceive the investors by tricking them into signing a message blindly and having their consent to sell the entirety of the NFTs thereof in return for nothing.
He moved on to say that the attacker, in the above-mentioned example, attacker just required to sign a transaction noting to be agreed to purchase the respective NFTs for nothing in return, and a couple of the messages were shown to the blockchain OpenSea thus the transaction was executed transferring the NFTs of all the affected people. On being enquired about his viewpoint regarding the probable solution in this respect, Guillemet moved toward a former crypto proverb that the customers should not trust anyone in advance of verifying the transactions themselves.