Blank Check eth_sign Phishing Analysis

Recently, we have seen a number of phishing incidents involving eth_sign signatures.

Phishing Site 1: https://moonbirds-exclusive.com/

When we connect the wallet and click Claim, a signature application box pops up, and MetaMask displays a red alert warning, and it is impossible to tell what the signature is required from this pop-up window.

This is actually a very dangerous type of signature, basically a “blank check” for Ethereum. With this phishing, crooks can use your private key to sign any transaction.

In addition, there is also a kind of phishing: after you reject the above sign, it will automatically display another signature box in your MetaMask, cheating your signature without you noticing. Looking at the content of the signature, the SetApprovalForAll method is used, and the target of the Approved asset is displayed as All of your NFT, which means that once you sign, the crooks can steal all your NFT without restraint. as follows:

Phishing Site 2: https://dooooodles.org/

We use MistTrack to analyze the scammer addresses:

0xa594f48e80ffc8240f2f28d375fe4ca5379babc7

Through analysis, the scammer called SetApprovalForAll many times to steal user assets. The scammer’s address has received 33 NFTs, and after selling some of them, he has obtained over 4 ETH.

Back to the topic, let’s study this fishing method. First, let’s see how MetaMask officially states:

That said, MetaMask currently has six signature methods (such as personal_sign), and there is only one way in which the MetaMask warning will appear, which happens in the case of eth_sign’s signature, because the eth_sign method is an open signature method, which allows arbitrary Hash Signed, which means it can be used to sign transactions or any other data, posing a dangerous phishing risk.

According to the official documentation of MetaMask, the eth_sign method can sign any hash, and when we sign a transaction, we also sign a series of hashes, but the encoding process in the middle is handled by MetaMask for us . We can briefly review the process from encoding to transaction broadcasting:

Before the transaction broadcast, MetaMask will obtain the object of our transfer (to), the amount of transfer (value), the attached data (data), and the nonce, gasPrice, gasLimit parameters that MetaMask automatically obtains and calculates for us, and are obtained by RLP encoding. The original transaction content (rawTransaction). If it is a contract call, then to is the contract address, and data is the call data.

rlp = require('rlp');
// Use non-EIP115 standardconst 
transaction = {    
nonce: '',   gasPrice: '',   gasLimit: '',  to: '0x',    value: '',    data: '0x'
};
// RLP encodeconst 
rawTransaction = rlp.encode([transaction.nonce, transaction.gasPrice, transaction.gasLimit, transaction.to, 
transaction.value, transaction.data]);

Then perform a keccak256 hash on this content to get a string of bytes32 data, which is the data that we need to sign.

// keccak256 encodeconst msgHex = rawTransaction.toString('hex');const msgHash = Web3.utils.keccak256('0x'+ msgHex);

After we use MetaMask to sign this string of data, we will get the r, s, v values, and use these three values ​​to perform RLP encoding with nonce/gasPrice/gasLimit/to/value/data to get the original signed transaction content Now, you can broadcast the transaction.

rlp = require('rlp');const transaction = {    nonce: '',    gasPrice: '',    gasLimit: '',    to: '',    value: '',    data: '',    v: '',    r: '',    s: ''};// RLP encodeconst signedRawTransaction = rlp.encode([transaction.nonce, transaction.gasPrice, transaction.gasLimit, transaction.to, 
transaction.value, transaction.data, transaction.v, transaction.r, transaction.s]);

As mentioned above, the eth_sign method can sign any hash, so naturally the bytes32 data we signed can be signed. Therefore, the attacker only needs to obtain our address to analyze and query our account after we connect to the DApp, and can construct any data (such as: native token transfer, contract call) and let us sign it through eth_sign.

This phishing method will be very confusing to users. The authorized phishing we encountered in the past will give me an intuitive display of the data that the attacker wants us to sign in MetaMask. As shown below, MetaMask demonstrates this phishing site to induce users to authorize NFTs to malicious addresses.

And when the attacker uses the eth_sign method to get the user to sign, as shown below, MetaMask shows just a string of bytes32 hashes.

Summarize

This article mainly introduces the phishing method of the eth_sign signature method. Although MetaMask will have a risk warning when signing, if combined with the interference of phishing techniques, it is difficult for ordinary users without technical background to prevent such phishing. It is recommended that users be vigilant when encountering such phishing, identify the domain name, carefully check the signature data, and install security plugins if necessary, such as RevokeCash, ScamSniffer, etc., and pay attention to plug-in reminders.

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.

Share:

Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Industry
Digital Asset Investment
Location
Real world, Metaverse and Network.
Goals
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Type
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.