The past few years have shown that the biggest security vulnerability in cryptocurrency wallets today is blind signing. This is the practice of approving primary hex strings without knowing what they actually do. However, the Ethereum Foundation officially announced on Tuesday that this standard will be phased out and replaced with a clear signature alongside some of the leading wallets and hardware infrastructure that already runs Ethereum for most users. This includes names like Ledger, Trezor, MetaMask, WalletConnect, Fireblocks, and Cyfrin. In practical terms, this means that users will be able to see a clear, human-readable summary of what the signature allows.
The reason why this happens is simple and is due to the recent high-profile hacks that have occurred over the past couple of years. The $1.5 billion Bybit hack, which remains the largest cryptocurrency hack to date, occurred in part because signers approved a transaction they couldn’t physically read. Likewise, in July 2024, the WazirX hack occurred which saw around $235 million stolen from the Indian cryptocurrency exchange’s multi-signature wallet in much the same manner. According to the Ethereum Foundation, blind staking has been a structural flaw in the ecosystem for years and has led to billions of dollars in cumulative losses via hacks, phishing, and approval exploits.
What does a clear signature actually do?
Authorizations and signatures currently have a specific flaw. Users interacting with smart contracts can view granular data, but this is usually a string of low-level data that is largely unreadable to anyone without a developer or technical background.
The clear signature basically flips this script. Wallets that support the new standard will pull a descriptor file that converts the contract functionality into readable text while presenting a summary of it to the user before signing anything.
The technical basis comes from two existing improvement proposals. ERC-7730, first proposed by Ledger in 2024, defines an open format for describing transactions in human-readable JSON format. ERC-8176 then adds an authentication layer on top, allowing independent validators to cryptographically verify that the descriptor matches what the contract will actually do. The descriptors themselves live off-chain in a neutral registry on Clearsigning.org, meaning existing contracts can adopt the standard without any redeployment required.
An alliance that touches where users actually live
This is not a single portfolio offering. The list of contributors looks like every piece of infrastructure that touches Ethereum users today, with Ledger and Trezor on hardware, MetaMask and WalletConnect on software, Fireblocks on the institutional custody side, Cyfrin on audits and support tools Sourcify and Argot. Ledger originally created clear signing as an internal security feature back in 2021, formalized it as ERC-7730 in 2024, and earlier this year handed governance over to the foundation specifically to make the standard credibly neutral and not tied to any one company.
Why is the timing aligned with institutional money?
The timing here is also not a coincidence. The Foundation’s Trillion Dollar Security Initiative, which now oversees a clear signing ledger, was created specifically to prepare Ethereum for the kind of institutional-level value that now exists directly on the chain. Fireblocks being part of the rollout is especially important, since it’s the custodial provider that most traditional finance companies actually use when they start taking on crypto trails.
Blind signing has always been an acceptable level of risk for retail users transferring small amounts. However, for an asset manager moving in real volume, it’s basically a non-starter, as you can’t really put a compliance signature behind a transaction that your operations team can’t read in the first place.
