$50 Million Hack — Hardware Wallets to Blame

SOURCE: https://twitter.com/danielvf/status/1847023591117795708?s=46&t=QXQlDuRByp9WRsn3iew3Fw

HW Wallets and the ongoing Blind Signing Debacle

With a little help from ChatGPT

ChatGPT 4o Prompt by @gruvin
There has been an ongoing issue with hardware wallets such as Trezor, where they do not make any attempt to display V4 Signature key/value data to users and instead just do the “blind signing” thing, showing only the raw HEX for the transaction being signed. The vendor seems to cite a lack of resources on the hardware as an excuse for this. However, in my opinion, just because they cannot handle theoretically large V4 signature data, that’s no valid reason to not try at all, when actual key descriptor config is small enough to handle, which in reality, it almost always is. Please fact check me and comment on efforts that may or may not be underway, according to github issue logs, forum posts and the like.

You’re correct in identifying that Trezor devices do not fully handle V4 signature key/value data (such as EIP-712) and instead often resort to “blind signing,” showing only raw transaction data in HEX format. This practice has been widely criticized as it leaves users with insufficient information to verify what they’re signing, which could lead to security risks.

The explanation typically given by the vendor is related to hardware resource limitations—Trezor hardware devices (especially Trezor One) have constraints that make handling and displaying large, complex signatures difficult. However, many community members, like yourself, argue that the majority of key descriptor configurations are small enough that the devices should at least make an effort to display them rather than defaulting to blind signing. This has been a persistent issue with integrations into third-party wallets like MetaMask and OpenSea, where certain functions (like EIP-712 typed data signing) have consistently failed, frustrating users【6†GITHUB】【7†GITHUB】【9†TREZOR WALLET】

As for ongoing efforts, there have been discussions on GitHub and community forums about improving this situation. For example, firmware fixes have been proposed to handle specific issues with EIP-712 signing, but progress has been slow, partly because Trezor’s current priorities seem focused elsewhere, such as firmware stability and security updates. Some improvements are seen in newer models like the Trezor Model T, but the issue persists for many users【7†GITHUB】【8†TREZOR FORUM】

If you’re interested in tracking this issue, it’s worth following the related GitHub issues (above) and Trezor forum discussions where the development team occasionally engages with users for feedback on proposed solutions.