Introducing Multi-Sim: A new standard for verifying transactions
 
blind signing has been responsible for some of the biggest crypto hacks in history — including the recent $1.5 billion Bybit exploit.

here’s how multi-sim fixes it.

Introducing Multi-Sim: A new standard for verifying transactions
 
blind signing has been responsible for some of the biggest crypto hacks in history — including the recent $1.5 billion Bybit exploit.

here’s how multi-sim fixes it. https://engineering.gnosisguild.org/posts/multi-sim

2/ on february 21, attackers drained nearly $1.5b from Bybit users by exploiting a compromised front-end.

users thought they were approving legitimate transactions. but in reality, they were blindly signing malicious payloads.

Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…

1/ the Bybit hack exposes a security risk that could have been easily mitigated with our battle-tested, ultra-secure Zodiac tooling.

no protocol changes needed, quick setup on any @Safe

here's how:

gnosis guild 𒆙

♉︎  good soil tooling for onchain entities

2/ on february 21, attackers drained nearly $1.5b from Bybit users by exploiting a compromised front-end.

users thought they were approving legitimate transactions. but in reality, they were blindly signing malicious payloads. https://x.com/GnosisGuild/status/1893077439770702311

3/ this is not an isolated event. similar attacks include:

🔸$50m Radiant hack
🔸phishing & DNS hijacking campaigns
🔸wallet-draining supply chain attacks

the weakest link is no longer smart contracts. it’s how we verify transactions.

5/ most hardware wallets display raw hex blobs instead of human-readable transactions.

users can’t tell what they’re signing, so they rely on less secure front-ends to decode and explain transactions. this is exactly what was exploited in the Bybit hack.

6/ some security-conscious users try to manually verify transactions:

🔸checking multiple front-ends
🔸reviewing payloads on a separate, offline device
🔸comparing hashes manually before signing

but this process is impractical, even for those handling billions in assets.

7/ the problem: hardware wallets are airgapped by design.

because they lack access to onchain state, block explorers, or RPC endpoints, they can’t decode or simulate transactions themselves.

✨ multi-sim provides a way to securely bridge that gap ✨

8/ how multi-sim works: instead of trusting a single front-end, multi-sim distributes transaction verification across multiple independent providers.

each provider:

🔸decodes the transaction
🔸simulates execution on a blockchain fork
🔸signs a standardized report

9/ these reports are then verified directly by the hardware wallet: 

✔️ cross-checks for consistency across all providers
✔️ confirms provider signatures 
✔️ presents a clear, human-readable transaction summary before signing

10/ why multi-sim is a game-changer: 

✅ eliminates blind signing 
✅ removes reliance on a single front-end 
✅ prevents phishing & supply chain exploits 
✅ automates best security practices at the infrastructure level 

multi-sim is being built into Zodiac Pilot as a complement to our Zodiac mods — but for this to work, we need broad adoption.

we’re calling on: 
- hardware wallet vendors @ledgerofficial @keystonewallet
- infrastructure providers @paradigm @alchemyplatform 
- wallet & tx builder devs @safe @metamask @argent

 let’s make multi-sim the new standard for verifying transactions 🙏

10/ why multi-sim is a game-changer: 

✅ eliminates blind signing 
✅ removes reliance on a single front-end 
✅ prevents phishing & supply chain exploits 
✅ automates best security practices at the infrastructure level 

multi-sim is being built into Zodiac Pilot as a complement to our Zodiac mods — but for this to work, we need broad adoption.

we’re calling on: 
- hardware wallet vendors @ledgerofficial @keystonewallet
- infrastructure providers @paradigm @alchemyplatform 
- wallet & tx builder devs @safe @metamask @argent

 let’s make multi-sim the new standard for verifying transactions 🙏 

https://engineering.gnosisguild.org/posts/multi-sim

4/ hardware wallets should be the last line of defense.

they are airgapped, dedicated devices designed to verify transactions before signing. but in practice, they are nearly unusable for this purpose.