Ethereum developers have floated a technical proposal to kill off 'blind signing' — a wallet behavior that has let attackers drain user funds in everything from phishing scams to malicious dApps. The change, introduced this week, would require wallets to present a complete, human-readable breakdown of what a transaction actually does before a user can approve it.
Blind signing has been a known vulnerability for years. It means a user signs a transaction without seeing the full payload, effectively giving a smart contract or a dApp carte blanche to move tokens. The results have been catastrophic: researchers estimate cumulative losses tied to blind-signing exploits have run into the billions of dollars since the feature became standard in early Ethereum wallets.
What blind signing actually does
Most Ethereum wallets today show only a generic approval request — something like 'Sign this message' or 'Approve transaction.' The actual data, including which token contract is being called and how much authority is granted, stays hidden behind a hash or a single line of raw hex. Attackers weaponize that opacity. A fake Uniswap interface can ask for an approval that looks harmless but actually gives the scammer full control over the victim's wallet.
The proposal, posted to the Ethereum Magicians forum on Monday, targets exactly that gap. It lays out a standard for wallets to understanding transaction data on the client side and display it in plain language — 'You are about to approve 1,000 USDC to contract 0xABC...' — before the signing button becomes active.
How the fix would work
Under the proposed framework, wallet developers would adopt a shared schema for parsing common smart-contract functions. When a user opens a transaction request, the wallet would run the raw bytecode against known function signatures and render a clear summary. If the wallet can't parse the data, it would warn the user explicitly: 'This transaction cannot be decoded. Proceed at your own risk.'
The idea isn't new — some wallets like Rabby and Frame already offer partial simulation. But the Ethereum developer community has never agreed on a universal standard. This proposal aims to change that by baking the requirement into wallet specifications and, eventually, into the Ethereum core developer guidelines.
No formal vote has been scheduled yet. The proposal is open for feedback until the end of May, after which it could be included in the next Ethereum Application Layer upgrade, expected later this year.
The timing isn't coincidental. Several high-profile exploits in early 2026 — including the $340 million drain on a cross-chain bridge in February and the ongoing wave of 'approval phishing' attacks on major NFT marketplaces — have been traced back to blind-signing vulnerabilities. Lawmakers in the U.S. and the EU have also started asking whether wallet software should be subject to basic consumer-protection standards.
Ethereum's core developers, who typically focus on the base layer, rarely wade into wallet-level UX. That they're taking this on speaks to how acute the problem has become. If the standard is adopted, the real work will fall to wallet developers: MetaMask, Trust Wallet, Coinbase Wallet, and dozens of others will need to rewrite their signing flows to comply.
The proposal's authors say they've designed it to be backward-compatible. Old wallets that don't implement the new standard would still work — but users would see a prominent warning that the wallet doesn't protect against blind signing. That pressure alone, they argue, will push adoption quickly.
