Guarding from eth-sign Scams: Important Tips
The eth-sign signature scam has been an active method of fraud, where many cryptocurrency users fall victim to phishing websites or receive suspicious messages on social platforms like Telegram. These messages often request users to sign and authorize malicious messages using eth-sign in exchange for claiming airdrop rewards. Due to a lack of scrutiny or a basic understanding of eth-sign, users may perceive such signature authorization as a normal operation. Consequently, they unknowingly sign the messages, leading to their accounts being compromised and funds being stolen by scammers.
To help more cryptocurrency users become fully aware of and protect themselves against such scams, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) aims to provide an explanation of what eth-sign is and how to utilize Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) to prevent eth-sign fraud. This initiative aims to enhance everyone's security when engaging in daily transactions or interacting with Web3 projects.
What is eth-sign?
Eth-sign is a method of message signing for Ethereum accounts. It allows the account holder to sign any hash, which means it can be used to sign transactions or any other data. However, this type of signature is extremely dangerous and can be likened to a "blank check" for Ethereum.
Once a scammer obtains your signature authorization through a phishing website, they can use your private key to sign any transaction, including transferring all your funds to the scammer's address. Even if you disconnect your wallet from the phishing website, it cannot undo the damage. Once they have the signature, they can directly manipulate your assets without linking them to your wallet.
For example, when you connect your wallet to a phishing website pretending to be a well-known project and claim an airdrop, the wallet will display a popup warning about the signature and the associated risks. However, it is difficult for regular users to discern the exact content of the signature from the popup, and they might mistakenly consider it as a general authorization confirmation. Once the signature is made, the scammer can freely steal all the assets from your address without restraint.
How to prevent the eth-sign signature scam?
As mentioned earlier, it is difficult for ordinary users without a technical background to identify whether they have encountered the eth-sign signature scam. Therefore, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) has launched the eth-sign signature risk alert feature. If you use the wallet to connect to a third-party website involved in phishing fraud for eth-sign signatures, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) will display a risk alert popup, clearly informing you of the potential misuse risk associated with that signature. Even if you are unfamiliar with eth-sign signatures, you can successfully avoid such malicious signature scams.
In addition to using risk alerts to intercept potential threats, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) would like to introduce several common eth-sign scam techniques and corresponding preventive measures:
1.Carefully inspect the data you are signing
Scammers often hide malicious code in smart contracts, DApp websites, or phishing emails, tricking users into unintentionally signing them and gaining control over their accounts. Therefore, before signing any data, it is crucial to carefully examine the content to ensure there is no malicious code or unauthorized transfer transactions, thus avoiding fund theft.
2. Be careful when granting browser signing permissions
DApp websites may request your signature for certain operations. Before authorizing any signing requests, be sure to verify the security and credibility of the website to avoid falling victim to phishing websites.
3. Do not sign messages from unknown sources
Only sign messages when you are certain about their origin and purpose. It is essential to reject signing requests from unknown sources to prevent them from being used as tools to attack your account.
4. Monitor balance changes and enable transaction notifications
Once an attacker gains authorization to access your account, they will immediately steal your funds. Therefore, regularly check your address balance and enable transaction notification alerts in the Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) App. If any abnormal fund movements are detected, swiftly transfer the remaining funds to a secure address to minimize losses.
The official community of Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) Wallet will regularly provide relevant scam prevention knowledge, aiming to help users enhance their awareness of fraud prevention and correctly protect their private keys, mnemonic phrases, signatures, and authorizations.
Furthermore, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) Wallet collaborates with renowned security organization GoPlus Security to conduct comprehensive detection of smart contract vulnerabilities and token risk authorizations. It supports users in easily revoking risky authorizations, thereby fully ensuring the security of users' funds and transaction environment.
To gain more insights into safety knowledge, you can follow the specialized column on Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) Wallet Academy.