1 reply
0 recast
10 reactions
This was one of the most sophisticated crypto attacks ever recorded, and many other protocols are at risk of a similar hack.
But despite the sophistication, the exploit relies on one of DeFi's most known and critical weaknesses: most smart-contracts uses ABI encoded hash which requires blind-signatures of non-human readable data on hardware wallets. Even if you see realiable data on your mobile/desktop/browser wallet, even if they pass all checks, ultimately what matters is that you are always able to understand and verify what you are signing on your hardware. If you fully trust the software interface, using a hardware wallet as a dedicated signing device makes ZERO sense.
Until hardware wallets implement advanced, downloadable, updatable ABI decoding, the only counter-measure is to take raw transaction data when a signature is prompted (e.g., Metamask, Rabby) and paste it into https://etherscan.io/inputdatadecoder to check functions and ToAddress
š If you like this thread, please put a ā¤ļø and mā¦ 0 reply
0 recast
0 reaction