Signature phishing
Does this article need to be translated?
Signature phishing is a method where attackers obtain an off-chain signature from users, and then use it later to steal their assets.
Naturally, there's a lot of blanks to fill in here, so let's begin.
What is an off-chain signature?
Signatures are an integral part of using a self-custody wallet like MetaMask. Any action in web3 requires your authentication—via signing—to prove that the message or transaction came from you.
Every time you interact with a smart contract, such as when swapping on MetaMask, you're signing a message that allows something to happen on your authority. A swap, for example, requires you to sign a message to confirm that you actually *do *want to swap a given amount of token A for a given amount of token B.
Want more on signatures?
For more information on signatures and their role in MetaMask, see here.
The majority of signatures are on chain; that is to say, they are broadcast to the network and recorded on the blockchain.
As Ethereum has evolved, it has become possible to sign transactions off chain. This means they are never broadcast to the network. Crucially, in this scam, off-chain signatures allow the dapp collecting the signature to use the signed message at a time of their choosing.
For a fuller explanation of the difference between on-chain and off-chain transactions, see our article on metatransactions here.
Signature phishing attacks
Here's the general pattern of this scam:
- The attacker creates a fake dapp and somehow manages to achieve some user traffic to the dapp.
- The dapp is designed to prompt users to sign off-chain messages. The dapp will be misleading: the user will likely be told by the dapp that they're signing a message with a completely different function. For example, they may think they are signing to deposit tokens, or list an NFT. In reality, and since transaction data is so rarely readable by humans, they may be inadvertently handing over an unlimited token approval, or allowing all their NFTs to be listed.
- The attacker uses the signature to steal your assets.
Let's take a look at the two main contexts in which we've seen this type of attack:
NFT signature phishing
As we've already mentioned, it's possible for a dapp to request your signature to list NFTs. This is not inherently bad: any NFT marketplace will require your permission to list an asset.
Things do turn bad, though, when you sign a message on a fraudulent dapp.
How it works
One example we've seen in the wild involves fraudulent imitations of the NFT marketplace, Blur. As with similar NFT marketplaces, listing an NFT on Blur requires approving the dapp's request to'spend' your NFT; in other words, give them the authority to list it.
The specific part of Blur that attackers have taken advantage of is the ability to bulk list your NFTs. This involves signing a 'Root' message, as below:
Image courtesy of ScamSniffer. Thread here.
Malicious dapps try to get your signature on similar 'Root' messages, allowing them to 'spend' (withdraw) all the NFTs in your account.