How hackers may steal your Ethers and why does eth_sign function matter?
0xB25C
July 8th, 2022

| Authors: twitter.com/ortomichDev, twitter.com/officer_cia


Today we're going to look into a new scam method! Do not confuse it with allowance approve scam (to prevent which you can use revoke.cash / unrekt.net) which targets ERC20 tokens, but not Ethers. (1, 2, 3, 4).

In presented attack, scammers may steal your Ethers.

Use this information for educational purposes only ❗️


Prehistory

Recently in the network began to appear a large number of scam websites like you can see on video. All such sites have the same structure, which can tell us about one thing - they are all run & made by a single man or we deal with some kind of a MaaS.

When you enter the site you are then asked to sign a message, well, you sign it, because everyone knows that the simple signature of a message through the MetaMask is not terrible, and should be safe, right? But no, MetaMask warns you with an alert, but inattentive users sign the message anyway and then the most interesting thing happens - the transaction is sent to the address of the scammer with all your Ethers! Yes, with a simple message signature they can send the transaction on your behalf!


How does it work in details?

Let's not get too deep into the technical details, let's try to get as superficial and crude a handle on the matter as possible. There are different ways to sign message (for example personal_sign) and only at one of them MetaMask will warn you, it happens only in case of eth_sign, and the reason is simple string "\x19Ethereum Signed Message:\n", but how it affects so much?

First, let's understand the order in which each of these two types of signatures is signed:

eth_sign: message -> hash(message) -> JSON-RPC request -> display request -> sign request

personal_sign: message -> JSON-RPC request -> display request -> hash(message) -> sign request

As we can see, in eth_sign we have hashing first, and then "\x19Ethereum Signed Message:\n" is added, and in personal_sign we have "\x19Ethereum Signed Message: \n", and after that hashing, so in eth_sign we can pass the message with all transaction data, take out unnecessary "\x19Ethereum Signed Message:\n" and get signed transaction, which now should be sent and that's all, attack performed successfully!


Don't be afraid of all signatures

In case your signature is suspicious you will be notified by MetaMask with big red alert (like on video), in other cases message signing is completely safe action, which just confirms that you are the owner of the wallet, and site does not get any data about private keys or other secret information from you!

Here is the repository with the exploit code:

Use this information for educational purposes only ❗️

References:

| If you are more interested in this signing method you should read this resource - It goes extensively into why and how eth_sign works.


Use dangerzone.rocks if you are working with PDFs and please follow OpSec Guide!

How to store crypto securely - tips from CIA_Officer

2 Violent attack vectors in Crypto: a detailed review

OpSec in Crypto: Thoughts

Original article: Original article!


Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!

If you want to support my work, you can send me a donation to the address:

Thank you! ❤️

Subscribe to CIA Officer's Blog
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.