The biggest security problem in Web3 isn’t cryptography. It’s that people can’t read what they sign.
On February 21, 2025, a group of veteran signatories at Bybit approved what appeared to be a routine cold storage transfer. The message on their screens was familiar. The hexadecimal code they actually authorized was anything but. North Korea’s Lazarus Group had manipulated the signing interface through a compromised third-party service, and while the signers read one thing, the blockchain performed something else: a complete drainage of 401,000 ETH – approximately $1.5 billion.
The signatories were not careless. They were victims of a system that was never designed to be read by humans.
That’s the problem the Ethereum Foundation set out to solve this week when it became official launched the Clear Signing Standard — a set of technical specifications aimed at making each transaction approval readable to the person approving it. The registry is live at clearsigning.organd at the time of writing, Ledger and MetaMask are already rolling out compatible updates.
What is ‘blind signing’ – and why did it cost billions?
Today, when you interact with a DeFi protocol or NFT marketplace, your wallet typically presents an approval request that looks like this: 0xa90592bb000000000000000000000001234abcd…
Raw hexadecimal. No translation. No clear summary. For most users, approving a transaction is an act of faith: they trust that the website’s interface accurately describes what the bytecode actually says. That confidence is exactly that attackers abuse.
The attack pattern is known as UI Injection. A user visits a site that advertises a free NFT coin or airdrop claim. A convincing button will appear. They click ‘approve’. However, the hexadecimal code they signed was setApprovalForAll — a feature that gives full control over spending across their entire NFT collection to a third-party address. The smart contract behaved exactly as programmed. The exploit took place entirely at the human perception layer.
The Bybit incident worked on an institutional scale on the same principle: a legitimate signing interface was compromised to display one transaction while routing another. The hexadecimal code did the rest.
According to industry estimates, losses from crypto phishing and approval-based theft are over $4 billion in 2024 and 2025 – a figure that represents the general category rather than signature-based attacks in precise isolation. This differentiates the current threat landscape from previous high-profile hacks. For example, the Ronin Bridge breach targeted vulnerabilities in smart contract logic and validator key management, which required deep protocol knowledge and months of preparation. UI Injection attacks only require control over the interface layer: a compromised third-party service, a malicious site, or a cloned dApp front-end. That’s a significantly lower technical bar, and well-resourced actors like the Lazarus Group have shown they are willing to exploit it at scale.
The Foundation’s response: clear signing and the Trillion Dollar Security Initiative
The Clear Signing Standard is part of the Ethereum Foundation’s broader program Trillion dollar security initiative – a mandate to treat security as fundamental infrastructure, not as an afterthought for the developer. The name reflects the EF’s position that Ethereum’s security posture should match the size of the assets it holds, which today number in the hundreds of billions on mainnet and L2s.
In addition to the standard, the Foundation has committed $1 million in audit grants to help open source protocols cover the costs of security assessments required to have their contracts listed. For large protocols like Uniswap or Aave, audits are routine. For the long tail of smaller, legitimate projects – where users arguably need the most guidance – audit fees can be prohibitive. The grant removes that barrier and signals that the Foundation is funding adoption and not just publishing a specification.
How it works: three core components and a fallback
The standard is based on three primary specifications – ERC-7730, the Neutral Registry and ERC-8176 – plus a separate fallback mechanism, ERC-8213, developed by Cyfrin to cover cases not yet reached by the main standard.
ERC-7730: The Universal Translator
Originally proposed by Ledger and now a formal Ethereum standard, ERC-7730 defines the Descriptor – a standardized JSON file that maps hexadecimal function selectors to simple-language transaction summaries.
A developer creates a descriptor file that tells compatible wallets: “If you see selector 0x123abcshows the user: You exchange 500 USDC for 0.15 ETH on Uniswap V3. Slip tolerance: 0.5%.The wallet displays the summary before the user approves anything. The cryptographic transaction is unchanged: only the display layer has been upgraded.
The neutral register (clearsigning.org)
A translation system is only as reliable as the person managing the translations. The solution is a decentralized, open-source public registry hosted by the Ethereum Foundation. Wallets query the registry directly (not the website being visited), so the site you are on never defines what the transactions mean. The registry is mirrorable, no entity controls it and its contents are publicly verifiable.
ERC-8176: The Accountant Seal
ERC-8176 addresses a second question: how do we know that the descriptor files themselves are accurate? Using the Ethereum Attestation Service (EAS), vetted security companies – Cyfrin is a confirmed early entrant – cryptographically confirm the accuracy of each descriptor. A wallet will only show a verification check mark if a trusted auditor has unsubscribed.
The analogy to HTTPS certificate authorities is intentional. The SSL padlock didn’t invent secure connections, it made them visible. That visible signal of trust changed consumer behavior and made e-commerce possible on a large scale. ERC-8176 is designed to function as that signal for on-chain transactions.
ERC-8213: Byte level fallback
ERC-8213, written by Cyfrin and best understood as an additional fallback mechanism rather than a core component of the main standard, addresses cases where no descriptor yet exists: new protocols, complex batch transactions, or something not yet registered. Instead of a plain language description, it generates a cryptographic fingerprint of the transaction. The signer independently calculates a summary on an isolated machine and compares it to what their hardware wallet displays. If they match, the transaction is unchanged. It ensures that even unrecorded transactions have a tamper verification trail, closing a significant gap in coverage.
Who is behind it?
Wallets: Ledger (original ERC-7730 proposer and main implementer), MetaMask, Trezor, WalletConnect, ZKnox.
Security and audit: Cyfrin (ERC-8213 author, attestation partner), OpenZeppelin (ERC-8176 attestation), Fireblocks (institutional adoption leader), Zama (privacy/FHE expertise).
Management: The Ethereum Foundation – registry management and audit grant management.
The closest structural parallel is the CA/Browser Forum – the cross-industry body that standardized HTTPS in the mid-2000s. It took years for that effort to lead to widespread adoption, and now it’s an invisible infrastructure on which the entire Internet depends. The Clear Signing coalition is trying something similar, with a better defined threat model and a faster timeline.
What changes – and what doesn’t
For a retail user today, transaction approval means trusting the website that presents the hexadecimal string. Below the updated flow (assuming a registered, confirmed descriptor exists) the following is displayed instead: “You authorize Protocol
The cryptography is identical. The user experience is categorically different. For institutional signers, the implications are even more important: a human-readable, auditor-verified summary creates the verification step that Bybit signers never had.
What it doesn’t solve is just as important to state clearly:
-
Compromised smart contract code is a separate threat. Clear Signing precisely describes what a transaction does as written: if the underlying contract has a vulnerability, that vulnerability remains.
-
Fake wallet apps and seed phrase theft work before the signature layer and are not affected.
-
adoption by developers is the most consequential variable in the short run. Coverage will be strong for the main protocols, but sparse for the newer protocols in the first months, despite the subsidy program.
-
Attestation quality depends on the integrity of the certifying companies. Cryptographic attestation confirms that a company has signed a descriptor; it does not guarantee a comprehensive review. Attestation spreads trust, but does not eliminate it.
The closing argument
The Bybit hack made the argument clear: the contract code was fine, the multi-sig was industry standard, and the signers were still deceived. Attackers had simply moved higher, to the one layer that had not yet hardened the ecosystem: the human interface.
ERC-7730 is positioned as the answer to that: a “human patch” for a system whose cryptography has always been strong, but whose readability has never been so. The standard is live, major portfolios are being updated, and the $1 million audit grant indicates that the Foundation is funding adoption, not just publishing a specification.
The caveats are real. Historically, Ethereum standards have taken years to achieve broad coverage, and the value of this standard is directly related to how many protocols participate and how quickly. The quality of certificates will have to prove itself over time.
But the infrastructure exists now. The green checkmark is a small thing. So was the browser padlock.