$1.4B in stolen funds is the hefty price of attention to bring into light that multi sigs and cold wallets aren't viable solutions for storing large token values. Despite being the industry best practice, given the reliance on human trust - the weakest link in security, this practice demands dedicated devices isolated from external connections, maintaining rigorous security hygiene, and tedious user experience.
In the wake of the Bybit hack, Holonym is rolling out Human Wallet for alpha testing that secures against blind signing attacks. Follow this tutorial to see how Human Wallet uses your hardware wallet as a secondary authorization method for high-risk transactions, providing clear human-readable warnings about potential threats. As an alpha release, we encourage users to experiment within their security workflows rather than rely on it for major assets.
What is Blind Signing?
Blind signing refers to signing a transaction without knowing what it does. For example, when a user signs a contract call transaction, the transaction might appear in the wallet as a simple hex string. In such a case, the user will most likely trust the source of the transaction request, the dapp, but the dapp could be compromised. The user might be signing a transaction that sends all their funds to a malicious actor.
Human Wallets Making Transactions Human Readable
Human Wallet uses transaction simulation, human readable warnings, and multi-factor authorization to prevent blind signing.
How it works
Human Wallet uses a 2 Party Computation (2PC) signing protocol, with one client-side keyshare and one server-side keyshare, which never leaves a TEE. The server will only generate its signature share if the transaction to be signed is safe according to policies set by the user. Every transaction is simulated and checked against the user’s policies. Some of the checks are: comparing token balances before and after the transaction and comparing the destination address with a list of known malicious contracts. Human Wallet uses the simulation result and the user’s policies to mark a transaction as either high risk or low risk. High risk transactions require additional authorization.
Human Wallet allows using an external wallet as the authorization method for confirming high risk transactions. When the server marks a transaction as high risk, it generates a warning message that summarizes the simulation results (e.g., “This contract is potentially dangerous. Flags: SCAM_TOKEN”). To proceed with signing this transaction, the user must sign this human readable warning message using their external wallet. A hardware wallet is especially helpful here. Having a separate device that displays the message ensures that the user is reading the correct signature challenge even if their main device is compromised by malware.
The human readable warning message generated from the transaction simulation tells the user what they are signing. Even if the user is using a laptop compromised by malware to sign a transaction to an unknown contract, they can avoid blind signing attacks by configuring their Human Wallet to use a hardware wallet as their authorization method.
2PC Designed for Dynamic Security
Human Wallet's blind signing prevention is one of the many mitigations on the roadmap preventing other threats prevalent with self custody today. By validating every transaction and evaluating contextual risks, Human Wallet builds on Zero Trust Architecture—never trust, always verify.
2PC’s trustless design enables deployment of granular policies and transaction simulation to cross-check every transaction a user signs—similar to tradfi, where every transaction is checked by the bank or financial intermediary. 2PC does just that, but with user sovereignty. Here, security can be further layered through dynamic features such as transaction limits, time locks, coupled with other fraud detection capabilities.
Human Wallet will soon move to 2PC MPC, where the second signer is a decentralized network, able to handle 10k signatures/second, while the keys are distributed across 100s of nodes. To compromise the signing keys, both the user and a massively decentralized network have to be compromised, making 2PC resilient to single point of failure.
There are no silver bullets in security, but the silver lining is the attention brought to these understated attack vectors. Join our alpha testing to try Human Wallet, in one of the many moves the industry is making to make self custody safer and simpler through adaptive security practices.
Tutorial
Follow the steps in the tutorial below to configure an external wallet as your authorization method for Human Wallet.
About Human Wallet
The Human Wallet is a one-click sign-on wallet that revolutionizes digital finance by eliminating the tradeoff between convenience and security, offering seamless, trustless account recovery and easy integration across any website for borderless finance and identity management.
About human.tech
human.tech is a suite of technologies designed to enhance personal freedom, privacy, and financial autonomy. human.tech provides innovative solutions for secure identity, data ownership, and private transactions, ensuring that technology remains a tool for human empowerment.