According to Foresight News, SlowMist Security reminds that in the cryptocurrency and NFT sectors, more and more phishing websites abuse the eth_sign signature function to conduct blind signature fraud. Reminding or disabling this low-level signature method is crucial to protecting user security. Many Web3 wallets have taken relevant measures to provide security reminders and restrictions on this dangerous signature method. The SlowMist Security Team selected 20 popular Crypto Wallet Apps and 20 browser extension wallets with large market searches and downloads for testing.
1. Based on a test of 20 popular cryptocurrency wallet apps on Google Play, the situation is as follows:
4 crypto wallet apps choose to disable support for eth_sign.
16 crypto wallet apps support eth_sign.
Among them, 4 crypto wallet extensions provide eth_sign security warnings, and the other 12 do not provide security warnings.
Second, based on the test of 20 crypto wallet Chrome extensions in the Chrome Web Store, the situation is as follows:
5 crypto wallet extensions have chosen to disable support for eth_sign.
15 crypto wallet extensions support eth_sign.
Among them, 6 crypto wallet extensions provide eth_sign security warnings, and the other 9 do not provide security warnings.
In summary, there are still a large number of crypto wallets that support eth_sign, and a small number of them provide eth_sign security risk warnings. If users still want to use eth_sign, they can choose crypto wallets that support this function. However, users need to pay special attention to security warnings when using these wallets to ensure the security of their transactions.
