Blank check eth_sign

Blank check eth_sign is a type of phishing scam that targets individuals who use Ethereum and other decentralized applications (dApps). In this type of scam, the attacker creates a fake dApp or contract that appears to be legitimate and asks the victim to sign a transaction or message using their Ethereum wallet.

The transaction or message is called a "blank check" because the victim is essentially giving the attacker permission to access and transfer their funds without specifying the amount or the purpose of the transfer.

Here's an example of a blank check eth_sign scam:

  1. A user visits a fake dApp or contract that appears to be legitimate.

  2. The attacker asks the user to sign a transaction or message using their Ethereum wallet.

  3. The user signs the transaction or message, believing it to be legitimate.

  4. The attacker then uses the signed message to access and transfer the user's funds to their own wallet.

It's important to be cautious of dApps or contracts that ask you to sign transactions or messages and to only use trusted sources. Additionally, it's important to understand what you're signing and to never sign a transaction or message that is not fully understood.

Sources

SlowMist: “Blank Check” eth_sign Phishing Analysis

https://slowmist.medium.com/slow-mist-blank-check-eth-sign-phishing-analysis-741115bd0b1f

getoffdeez

Just keep flapping

Next
Next

Malicious airdrops