The Ethereum Foundation, in collaboration with leading wallet developers, has announced a new standard called 'Clear Signing' that aims to eliminate a major vulnerability in decentralized finance: users unknowingly approving malicious transactions. The standard addresses the longstanding problem of opaque transaction data, which phishers and scammers have exploited to drain billions of dollars in cryptocurrency from unsuspecting users.
Background: The Problem of Blind Signing
For years, Ethereum users have been plagued by 'blind signing' — approving transactions that display nothing more than a long string of hexadecimal code. Scammers exploit this by tricking users into signing malicious transactions that grant them access to wallets or approve fraudulent token transfers. These attacks, often executed through phishing websites, wallet drainers, and fake airdrop claims, have resulted in losses exceeding $1 billion annually since 2021. In 2025 alone, blockchain security firms reported that phishing attacks on Ethereum accounted for over $2.3 billion in stolen assets, with a significant portion linked to blind signing vulnerabilities.
The problem is rooted in the technical design of Ethereum's smart contracts. When a user interacts with a decentralized application, they are presented with a transaction request that includes a data field (often called 'calldata') encoded in raw hexadecimal. This data is machine-readable but almost impossible for a human to interpret without specialized tools. Malicious actors craft cleverly designed requests that appear harmless but actually authorize unlimited token spending or full wallet control.
What Is 'Clear Signing'?
The Clear Signing standard mandates that wallet interfaces must decode transaction data and present it in a human-readable format before asking for approval. Instead of seeing a jumble of hex, users will see plain English explanations: 'This transaction will transfer 100 USDC to wallet 0x123...' or 'This contract will allow the dApp token to withdraw up to 5000 DAI from your wallet.' The standard also requires warnings for high-risk actions such as setting infinite spending allowances or interacting with newly deployed contracts.
The initiative is spearheaded by the Ethereum Foundation's security team, which convened major wallet providers — including MetaMask, WalletConnect, and Ledger — to agree on a unified approach. The standard is built on the Ethereum Request for Comments (ERC) process and is expected to be implemented in stages. Wallet developers will need to update their interfaces to parse transaction data and match it against known token standards and smart contract patterns. The Ethereum Foundation will also provide an open-source library to help wallets perform these translations.
Industry Reaction and Early Adoption
Several major wallets have already committed to integrating Clear Signing by the third quarter of 2026. MetaMask, the most widely used browser extension wallet, has announced that its new version will include a 'Simulate & Sign' feature that shows a preview of all contract interactions. WalletConnect has updated its SDK to enforce Clear Signing for all connected dApps by default. Hardware wallet provider Ledger is also updating its Ethereum app to display decoded transaction summaries on the device screen, ensuring that even cold-storage users can verify what they are signing.
The reception from the crypto community has been largely positive, though some users have raised concerns about the potential for delays in signing if complex transactions require extensive decoding. The Ethereum Foundation acknowledges these trade-offs and has designed the standard to allow wallets to cache decoded data for commonly used contracts, minimizing overhead. Security experts have praised the move as a long-overdue safety layer, comparing it to the addition of URL warnings in web browsers that reduced phishing attacks significantly in the 2000s.
Expanding the Scope: Institutional and Mainstream Use
The Clear Signing standard arrives at a critical juncture for Ethereum. The network is actively courting institutional users and mainstream consumers through Layer 2 scaling solutions and the upcoming Pectra upgrade. However, security incidents remain a top deterrent for adoption. A 2025 survey by the Enterprise Ethereum Alliance found that 64% of institutional investors cited transaction security and user error as their primary concerns when exploring DeFi investments. By making approvals understandable, Clear Signing directly addresses this barrier.
Moreover, the standard aligns with regulatory trends. The European Union's Markets in Crypto-Assets (MiCA) regulation, fully implemented in 2025, requires crypto-asset service providers to ensure that order execution is clear and understandable to clients. Clear Signing provides a technical framework to meet these obligations, potentially reducing legal risk for wallet operators and DeFi platforms operating in regulated markets.
Historical Context: How We Got Here
Ethereum's transaction signing problem has existed since the network's launch in 2015. Early dApps required users to trust transactions without verification, but as the ecosystem grew, so did the sophistication of attacks. The 2020 'approve phishing' wave saw scammers drain millions by asking users to approve a token spend to a malicious contract. In 2022, the infamous 'wallet drainer' script emerged, automated to generate fake signatures that looked identical to legitimate ones. By 2024, losses from blind-signing attacks had reached an all-time high, prompting calls for a mandatory security standard.
The Ethereum Foundation's security team began researching a solution in 2023, initially focusing on improving the Ethereum transaction simulation tools available in wallets. The internal project, codenamed 'SignSafe', led to the development of the Ethereum Transaction Decoding specification, which was later renamed Clear Signing after feedback from wallet developers. The standard has been tested on testnets since early 2026, with over 500 volunteer users providing feedback on readability and accuracy.
Technical Details of the Standard
Clear Signing relies on several key components. First, it defines a 'Transaction Display Interface' that wallets must implement to present a human-readable summary of any transaction. This interface decodes the transaction's 'to' address, function selector, and parameters using an on-chain registry of function signatures. For common token standards (ERC-20, ERC-721, ERC-1155), the standard predefines explanations for standard functions like approve, transferFrom, and safeMint.
Second, the standard introduces a risk scoring system. Each transaction is assigned a risk level based on factors such as the age of the contract, whether it has been verified on Etherscan, the total supply of tokens involved, and whether it includes an infinite approval. High-risk transactions trigger a red warning banner and require an additional confirmation step, such as waiting a few seconds before signing.
Third, Clear Signing mandates that wallets display the 'full intent' of a transaction in plain language. For example, instead of showing a data field with a function call to an unknown contract, the wallet will say: 'This contract wants permission to spend your tokens. If you approve, it can take any of the following tokens: [list tokens]. You can cancel this approval at any time by using the revoke function.' The wallet also displays the expiration of the approval if applicable.
Challenges and Limitations
Despite its promise, Clear Signing is not a silver bullet. Sophisticated attackers may attempt to obfuscate their intentions by using complex contract logic that even decoded explanations are hard to interpret. For example, a malicious contract could bundle a seemingly harmless transfer with a hidden function that grants admin rights later. To counter this, the Ethereum Foundation recommends that wallets also implement transaction simulation — running the transaction in a sandboxed environment before signing to check actual outcomes. Many wallets, such as MetaMask and Rabby, already offer simulation features, but the foundation is working on a standard simulation API that all wallets can use.
Another limitation is the need for continuous updates. As new token standards and DeFi protocols are created, the registry of function signatures must be maintained. The Ethereum Foundation has established a governance committee consisting of wallet developers, security researchers, and community members to review and approve new entries to the registry. This process is designed to be transparent and fast, with a target response time of 48 hours for new contract-based signatures.
User education remains vital even with Clear Signing. While the standard reduces the chance of accidentally approving a phishing transaction, it cannot prevent users from being tricked by social engineering attacks that ask them to sign a seemingly legitimate transaction that is actually malicious. The foundation plans to launch a public awareness campaign in parallel with the rollout, including tutorials, browser extensions that flag phishing sites, and partnerships with anti-phishing organizations.
Broader Implications for Crypto Security
The introduction of Clear Signing marks a turning point in Ethereum's approach to user protection. Historically, the philosophy of 'not your keys, not your coins' placed the burden of security entirely on users. This new standard shifts some of that burden to the wallet interface, acknowledging that technical complexity is a barrier to mass adoption. It echoes similar moves in the broader tech industry, such as the adoption of HTTPS padlock icons and privacy nutrition labels in mobile app stores.
Competing blockchain networks are likely to follow suit. Solana, for example, already requires wallets to display transaction summaries, but they are often generated by the dApp itself, leaving room for manipulation. Avalanche and Binance Smart Chain have yet to implement a universal signing standard. Ethereum's leadership on this issue could pressure other ecosystems to adopt similar protections, raising the security bar across the entire crypto industry.
In addition, Clear Signing may reduce the demand for third-party security tools. Currently, users rely on browser extensions like Pocket Universe or Scam Sniffer to detect phishing transactions. These tools work by parsing transaction data after the fact, often flagging malicious transactions only after they have been signed. Clear Signing aims to provide a first line of defense directly in the wallet, reducing the need for post-hoc monitoring.
The standard also has implications for decentralized governance. DAOs that require members to vote on proposals by signing transactions will benefit from clearer voting interfaces, reducing the risk of votes being hijacked or misinterpreted. The Ethereum Foundation's own governance processes are expected to adopt Clear Signing for future upgrade votes, setting an example for the community.
Next Steps and Timeline
The Clear Signing standard was officially published as ERC-7732 on May 12, 2026. Wallet developers have until September 2026 to implement the basic decoding and display requirements. By December 2026, the mandatory risk scoring and warnings for high-risk transactions will become effective. The Ethereum Foundation has committed to providing technical support and bug bounties for wallets that encounter issues during implementation.
Phased rollout allows wallets to adapt without disrupting their current user base. Users who do not upgrade will still be able to sign transactions, but may see an increasing number of warnings urging them to update. Eventually, the Ethereum Foundation hopes that Clear Signing becomes a de facto standard enforced by all wallet apps, similar to how HTTPS is now standard for websites.
The ultimate goal is to reduce annual losses from phishing attacks on Ethereum to below $100 million within two years, a reduction of over 95% from current levels. While ambitious, the foundation believes that with widespread adoption, Clear Signing can achieve this target, transforming Ethereum into a safer environment for both crypto natives and newcomers alike.
Source: Coindesk News