Ledger, Trezor, MetaMask and the Ethereum Foundation join forces against the flaw that cost Bybit $1.5B

Ledger, Trezor, MetaMask, WalletConnect and the Ethereum Foundation want to close one of the most dangerous breaches in crypto: blind signing. Behind this cold term lies a simple gesture. The user validates a transaction without clearly understanding what it will trigger. The issue became impossible to ignore after the Bybit hack. In February 2025, the exchange acknowledged that an attacker had taken control of an Ether wallet and transferred about 1.5 billion dollars worth of assets to an unknown address. Reuters had then reported that only the Ether cold wallet was affected, according to Bybit CEO Ben Zhou.

Ethereum wants to make every signature readable

The proposed solution is called “Clear Signing.” The idea is simple. Before signing, the user must see a clear, structured, and understandable description of the action they are undertaking. This topic also joins a broader question: the choice of a truly suitable Ethereum wallet, especially when the stakes are high.

It is no longer a series of technical data. It is a human-readable interpretation of the transaction. The Ethereum Foundation speaks of an open standard designed to end a structural flaw. According to it, confirming a transaction is often the last barrier before the loss of funds. If this last step is done blindly, the barrier becomes decorative.

This change might seem subtle. Yet, it affects the core of the crypto experience. For years, users have signed messages, approved contracts, and authorized actions without always knowing what hides behind the screen. Sovereignty becomes fragile when the interface lies by omission.

A rare coalition around a common problem

The key point is not only technical. It is also political, in the sense of ecosystem governance. Ledger, Trezor, MetaMask, WalletConnect, and several other players are working with the Ethereum Foundation. This is not an isolated patch. It is an attempt to align the entire wallet chain.

The solution notably relies on ERC-7730, initiated by Ledger, to describe transactions in a readable format. It also uses ERC-8176, which adds attestation and integrity logic. In other words, it is not enough to display a nice sentence. One must also be able to verify that this sentence truly describes the smart contract’s action.

This is where the project becomes interesting. Clear Signing does not promise magical security. It rather shifts security to a more honest ground. The user should no longer guess. The wallet must explain. The developer must provide the correct descriptors. Auditors must verify them.

Bybit showed the limit of the old model

The Bybit hack is not just an embarrassing memory for the industry. It now serves as a case study. The FBI attributed the theft of about 1.5 billion dollars to North Korean actors known as “TraderTraitor.” The stolen funds were then quickly converted and dispersed across several blockchains.

This attack reminded a brutal truth. Even large platforms, cold wallets, and multisig procedures can be caught off guard if the final validation relies on an opaque reading. The danger is not always in the smart contract itself. It can be in the gap between what the screen shows and what the transaction really does.

It is this gap that Clear Signing wants to reduce. Not by eliminating risk. But by removing a highly profitable grey area from attackers. The less the user understands, the more phishing, interface compromise, and attacks on the validation chain become effective.

A decisive test for institutional adoption

The Ethereum Foundation frames this initiative within its “Trillion Dollar Security” logic. The stated goal is to prepare Ethereum to support much broader uses, with billions of potential users and significant amounts held directly on-chain.

This point is essential for institutions. A bank, a fund, or a company cannot ask their teams to sign incomprehensible transactions hoping everything will go well. Compliance likes traces. Security likes proofs. Clear Signing tries to provide both without breaking Ethereum’s open architecture.

The real difficulty remains: adoption. A standard is only useful if it becomes reflexive. Wallets will have to integrate it. Applications will have to produce reliable descriptions. Users will have to learn to refuse vague signatures. Even basic good practices, like properly storing one’s ether after purchase, take on a new dimension here. Crypto security will not win with just another button, but with an interface that finally stops talking to machines before talking to humans.