The biggest security problem in Web3 isn’t the cryptography. It’s that humans can’t read what they’re signing.
On February 21, 2025, a group of experienced signers at Bybit approved what looked like a routine cold storage transfer. The message on their screens was familiar. The hex code they were actually authorizing was anything but. North Korea’s Lazarus Group had manipulated the signing interface through a compromised third-party service, and while the signers read one thing, the blockchain executed another: a complete drain of 401,000 ETH — approximately $1.5 billion.
The signers weren’t careless. They were victims of a system never designed to be read by humans.
That is the problem the Ethereum Foundation set out to solve this week, when it officially launched the Clear Signing Standard — a suite of technical specifications aimed at making every transaction approval legible to the person approving it. The registry is live at clearsigning.org, and as of this writing, Ledger and MetaMask are already rolling out compatible updates.
What Is “Blind Signing” — and Why Has It Cost Billions?
When you interact with a DeFi protocol or NFT marketplace today, your wallet typically presents an approval request that looks like this: 0xa90592bb0000000000000000000000001234abcd…
Raw hexadecimal. No translation. No plain-language summary. For most users, approving a transaction is an act of faith — trusting the website’s interface to accurately describe what the bytecode actually says. That trust is precisely what attackers exploit.
The attack pattern is known as UI Injection. A user visits a site advertising a free NFT mint or airdrop claim. A convincing button appears. They click “approve.” The hex code they signed, however, was setApprovalForAll — a function granting complete spending control over their entire NFT collection to a third-party address. The smart contract behaved exactly as programmed. The exploit happened entirely at the human perception layer.
The Bybit incident operated on the same principle at institutional scale: a legitimate signing interface was compromised to display one transaction while routing another. The hex code did the rest.
Industry estimates put broad crypto phishing and approval-based theft losses at over $4 billion across 2024 and 2025 — a figure that captures the general category rather than signing-based attacks in precise isolation. This distinguishes the current threat landscape from earlier high-profile hacks. The Ronin Bridge breach, for example, targeted vulnerabilities in smart contract logic and validator key management — requiring deep protocol knowledge and months of preparation. UI Injection attacks require only control of the interface layer: a compromised third-party service, a malicious site, or a cloned dApp front-end. That is a meaningfully lower technical bar, and well-resourced actors like the Lazarus Group have demonstrated they are willing to exploit it at scale.
The Foundation’s Response: Clear Signing and the Trillion Dollar Security Initiative
The Clear Signing Standard is part of the Ethereum Foundation’s broader Trillion Dollar Security Initiative — a mandate to treat security as foundational infrastructure, not a developer afterthought. The name reflects the EF’s position that Ethereum’s security posture must match the scale of assets it holds, which runs into the hundreds of billions across mainnet and L2s today.
Alongside the standard, the Foundation committed $1 million in audit subsidies to help open-source protocols cover the cost of security reviews required to get their contracts listed in the registry. For large protocols like Uniswap or Aave, audits are routine. For the long tail of smaller legitimate projects — which users arguably need the most guidance on — audit costs can be prohibitive. The subsidy removes that barrier and signals the Foundation is funding adoption, not just publishing a specification.
How It Works: Three Core Components and a Fallback
The standard is built on three primary specifications — ERC-7730, the neutral registry, and ERC-8176 — plus a separate fallback mechanism, ERC-8213, developed by Cyfrin to cover cases the main standard doesn’t yet reach.
ERC-7730: The Universal Translator
Originally proposed by Ledger and now a formal Ethereum standard, ERC-7730 defines the Descriptor — a standardized JSON file that maps hexadecimal function selectors to plain-language transaction summaries.
A developer creates a descriptor file telling compatible wallets: “When you see selector 0x123abc, show the user: You are swapping 500 USDC for 0.15 ETH on Uniswap V3. Slippage tolerance: 0.5%.” The wallet renders the summary before the user approves anything. The cryptographic transaction is unchanged — only the display layer is upgraded.
The Neutral Registry (clearsigning.org)
A translation system is only as trustworthy as whoever controls the translations. The solution is a decentralized, open-source public registry hosted by the Ethereum Foundation. Wallets query the registry directly — not the website being visited — so the site you’re on never defines what its transactions mean. The registry is mirrorable, no single entity controls it, and its contents are publicly auditable.
ERC-8176: The Auditor’s Seal
ERC-8176 addresses a second question: how do we know the descriptor files themselves are accurate? Using the Ethereum Attestation Service (EAS), vetted security firms — Cyfrin is a confirmed early participant — cryptographically attest to each descriptor’s accuracy. A wallet displays a verification checkmark only when a trusted auditor has signed off.
The analogy to HTTPS certificate authorities is intentional. The SSL padlock didn’t invent secure connections — it made them visible. That visible trust signal shifted consumer behavior and enabled e-commerce at scale. ERC-8176 is designed to function as that signal for on-chain transactions.
ERC-8213: The Byte-Level Fallback
Authored by Cyfrin and best understood as a complementary fallback mechanism rather than a core component of the main standard, ERC-8213 handles cases where no descriptor exists yet — new protocols, complex batch transactions, or anything not yet registered. Rather than a plain-language description, it generates a cryptographic fingerprint of the transaction. The signer independently computes a digest on an isolated machine and compares it against what their hardware wallet displays. If they match, the transaction is unmodified. It ensures that even unregistered transactions have a tamper-verification pathway — closing what would otherwise be a significant gap in coverage.
Who’s Behind It
Wallets: Ledger (original ERC-7730 proposer and lead implementer), MetaMask, Trezor, WalletConnect, ZKnox.
Security and audit: Cyfrin (ERC-8213 author, attestation partner), OpenZeppelin (ERC-8176 attestation), Fireblocks (institutional adoption lead), Zama (privacy/FHE expertise).
Governance: The Ethereum Foundation — registry stewardship and audit subsidy administration.
The closest structural parallel is the CA/Browser Forum — the cross-industry body that standardized HTTPS in the mid-2000s. That effort took years to reach comprehensive adoption and is now invisible infrastructure the entire web depends on. The Clear Signing coalition is attempting something similar with a more defined threat model and a faster timeline.
What Changes — and What Doesn’t
For a retail user today, transaction approval means trusting the website presenting the hex string. Under the updated flow — assuming a registered, attested descriptor exists — the wallet instead displays: “You are granting Protocol X permission to spend up to 500 USDC from your wallet. Verified by Cyfrin. ✓”
The cryptography is identical. The user experience is categorically different. For institutional signers, the implications are more significant still: a human-readable, auditor-verified summary creates the verification step that the Bybit signers never had.
What it doesn’t fix is equally important to state clearly:
-
Compromised smart contract code is a separate threat. Clear Signing accurately describes what a transaction does as written — if the underlying contract has a vulnerability, that vulnerability remains.
-
Fake wallet apps and seed phrase theft operate before the signing layer and are unaffected.
-
Developer adoption is the most consequential near-term variable. Coverage will be strong for major protocols but sparse for newer ones in the early months, despite the subsidy program.
-
Attestation quality depends on the integrity of attesting firms. Cryptographic attestation confirms a firm signed a descriptor; it doesn’t guarantee a comprehensive review. Attestation distributes trust — it doesn’t eliminate it.
The Closing Argument
The Bybit hack made the argument plainly: the contract code was fine, the multi-sig was industry-standard, and the signers were still deceived. Attackers had simply moved up the stack, to the one layer the ecosystem hadn’t hardened — the human interface.
ERC-7730 is positioned as the answer to that: a “human patch” for a system whose cryptography was always strong but whose readability never was. The standard is live, major wallets are updating, and the $1 million audit subsidy signals the Foundation is funding adoption, not just publishing a spec.
The caveats are real. Ethereum standards have historically taken years to reach broad coverage, and this one’s value scales directly with how many protocols participate and how soon. Attestation quality will need to prove itself over time.
But the infrastructure now exists. The green checkmark is a small thing. The browser padlock was too.