ZenGo suggests EIP-6384 as a response to offline signature hacks
ZenGo presented a solution to the issue of offline signature exploits, which in recent years have resulted in the theft of NFTs and cash.
The suggested method, known as EIP-6384, proposes to turn offline signatures used by decentralized applications into human-readable data.
ZenGo, a supplier of crypto security and wallets, has developed a way to combat the growing issue of offline signature vulnerabilities. As a result of these vulnerabilities, attackers have deceived users into signing difficult-to-read wallet messages in order to steal crypto assets and NFTs.
Several crypto users have fallen victim to these fraudulent signatures over the last several years, notably on NFT markets like OpenSea where offline signatures are often utilized to trade NFTs without paying upfront fees.
Kevin Rose, an NFT entrepreneur, was hacked for $1.5 million worth of NFTs in January after signing a fraudulent offline signature in what looked to be a real function on OpenSea.
To address this frequent security vulnerability, ZenGo has issued EIP-6384, an official Ethereum enhancement proposal including its suggested solution. The idea intends to make offline signatures safe and user-friendly. By extending the current offline signature standard EIP-712, ZenGo has introduced to smart contracts a view-only function that converts the message into a human-readable format.
By adopting EIP-6384, all Ethereum smart contracts would be responsible for delivering a concise message explanation, safeguarding the fee-free transaction experience of decentralized applications. This modification would enable wallet users to get a clear and comprehensible explanation of the message they are being requested to sign, enabling them to make an educated choice when signing transactions.
There are already some third-party services available to assist users in comprehending what they are signing, however, they may not always be accurate. ZenGo said that if this suggestion is adopted by wallets and decentralized applications, users will no longer need to rely on such third-party tools to access information on offline signatures.
“By design, the EIP does not rely on any new or additional infrastructure to provide data; rather, it uses the preexisting components of the system, such as wallets and smart contracts. This removes the need for third-party services or browser plugins, which may bring additional potential vulnerabilities and trust difficulties “ZenGo’s chief technology officer, Tal Be’ery, said.
The suggested technique may be a step toward establishing more secure applications and relieving users and projects of the concern of losing assets to hackers when using offline signatures, according to the ZenGo team.
Also Read: Ether Supply Is At An All-Time Low After The Merge