Subscribe to Bankless or sign in
Hardware wallets can be one of the best ways to bolster your crypto security. They hold your private keys "cold," i.e. offline, so hackers can't directly swipe them. However, these devices aren't a panacea. Attackers can still trick you into signing something nefarious, like sending all your ETH to their address.
The main vector for these sorts of deceptions to date? Blind signing.
The first hardware wallets started around basic transfers that were straightforward to display. In recent years, the rise of complex smart contracts, e.g. 
Ethereum DeFi and NFTs, made it hard for wallets to decode transactions into readable text. Wallets turned to letting users sign these transactions "blindly," i.e. without knowing what's actually being approved, for practicality.
The problem is that hackers can infect your computer or compromise an app frontend and thus make it look like you're signing a harmless transaction, while in actuality it's an approval for some theft scheme. So blind signing began as a practical shortcut, but it's evolved into a systemic vulnerability across the crypto ecosystem and played a key role in the hacks of projects like Bybit (~$1.5B), WazirX (~$230M), and Radiant Capital (~$50M).
These kinds of heists will absolutely continue to creep up so long as blind signing remains open as a pressure point for advanced persistent threats like Lazarus Group. Fortunately, though, the end of the blind signing era is now officially coming into focus.
Enjoying this article?
Subscribe to Bankless or sign in
0/ Clear signing is now live.
— Ethereum Foundation (@ethereumfndn) May 12, 2026
An open standard to end blind signing, making human-readable transactions default.
This effort brings a major UX and Security upgrade to transaction signing on Ethereum. pic.twitter.com/nIGRCBQh6G
That's because this week the Ethereum Foundation's Trillion Dollar Security Initiative and a working group of crypto companies (Ledger, Trezor, Fireblocks, WalletConnect, etc.) debuted Clear Signing, a new open standard designed to make human-readable transactions the default on Ethereum.
Central to this effort is ERC-7730, a shared format that lets protocols readily describe what their transactions actually do in plain language. In other words, a team can write a JSON descriptor that assigns readable fields to raw contract calls, and then they can publish this descriptor to an open registry stewarded by the Ethereum Foundation. Wallets then fetch from this registry as needed, allowing users to know exactly what's being asked when signing transactions.
Notably, 
Ledger is already live with Clear Signing support, and so far more than 40 protocols have published descriptors to the ERC-7730 registry, including DeFi heavyweights like Aave, Lido, Uniswap, and Safe. Of course, this registry is open and permissionless, so we'll see the rise of attestations here, and wallets will be the final decider of which sources they accept before rendering anything.
Needless to say, at a time when crypto hacks are on the rise, this initiative is a very welcome effort. User education simply can't overcome blind signing because the threat vector it opens up is a structural problem. To this end, Clear Signing is the structural fix, so it'll be nice to see the ERC-7730 registry's coverage steadily widen. Cheers to that!
