The Bybit hack didn’t happen because someone broke Ethereum’s cryptography. It happened because a human being clicked “approve” on a transaction they could not read. That distinction matters, because a multi-party Ethereum Working Group — wallet developers, security firms, and the Ethereum Foundation’s Trillion Dollar Security Initiative — just shipped an open standard built around that exact failure mode. It’s called Clear Signing, it runs on ERC-7730, and if it succeeds, the way every serious dApp ships transactions is about to change.
Why Blind Signing Has Quietly Become Ethereum’s Most Expensive Vulnerability
According to the Working Group’s announcement, blind signing is “a structural flaw that has contributed to billions in user losses, including the Bybit hack.” That’s not a UX complaint. That’s a security category. Across major exploits in crypto, the final step often isn’t a bug in Solidity — it’s a user approving a payload they can’t meaningfully parse, even when phishing or an infrastructure compromise initiated the breach.
The industry has spent a decade hardening every layer except the one where the loss actually crystallizes. Smart contract audits, formal verification, MPC custody, hardware wallets — all of it routes through a final confirmation screen that, in the Working Group’s words, shows information “in low-level, machine-readable formats that are accurate but difficult to interpret without technical expertise.” Hex blobs. Function selectors. Nested calldata. Imagine you’re a treasury operator at a fund moving nine figures through a multisig — your last line of defense is squinting at 0xa9059cbb... and trusting that the front-end didn’t lie to you. That’s the status quo Clear Signing is trying to retire.
The editorial take: blind signing has been treated as a user-education problem for too long. It’s an infrastructure problem, and the fact that it took a Bybit-scale incident to get a coordinated working group is, frankly, late.
How ERC-7730 Turns Transactions Into Something Humans Can Actually Read
The technical core of the announcement is ERC-7730 — a shared format for human-readable, structured descriptions of what a transaction will do. The Working Group is pairing the spec with a registry to store and distribute those descriptions, an attestation layer so independent reviewers can verify accuracy, and tooling — including Rust and TypeScript libraries funded through the Trillion Dollar Security Initiative — to make adoption cheap for wallet teams. The Ethereum Foundation is hosting the registry as what the announcement calls “a credibly neutral steward.”
The design choice worth flagging: descriptors live alongside transactions, not inside them. That sounds like a footnote, but it’s the whole reason this can ship. If ERC-7730 required contracts to embed metadata on-chain, every existing dApp on Ethereum would be locked out. Instead, anyone — the protocol team, a security firm, a community contributor — can submit a descriptor for an existing contract, get it reviewed and attested, and wallets choose which attesters they trust. It’s a trust graph, not a single root of authority.
If you’re building a DeFi protocol today, this means you can ship a descriptor for your swap() or delegate() calls so that MetaMask, Trezor, Keycard, Fireblocks, or any compliant wallet renders “Swap 1,000 USDC for at least 0.42 ETH, expires in 5 minutes” instead of a hex string. For teams already weighing what custom blockchain work actually costs in 2026, descriptor authoring is going to land on the line item sheet next to audits — and it should.
Prediction: within 18 months, any serious wallet that still shows raw calldata for a known contract will be treated the way browsers without HTTPS warnings are treated today. Negligent by default.
Why a Registry Plus Attestations Beats a Walled Garden
Ledger initiated ERC-7730, and the announcement explicitly credits them for early tooling and educational work. But the list of contributors — ZKnox, Sourcify, Cyfrin, Zama, WalletConnect, Fireblocks, Trezor, Keycard, MetaMask, Argot — tells you what’s really happening. This isn’t a vendor-led standard wrapped in working-group cosplay. It’s a genuine multi-party effort, and the Ethereum Foundation is hosting the registry specifically so no single wallet maker owns the trust pipe.
Every previous attempt to make transactions readable lived inside one wallet’s UX. Ledger had its own approach. MetaMask had Snaps. Hardware wallets had their own per-app integrations. The result was that every dApp had to ship N integrations for N wallets, and most never shipped any — so users got the blind-signing screen by default. A neutral registry with open attestations breaks that N×M problem into an N+M problem. Write the descriptor once, attest it once, every conforming wallet renders it.
If you’re a security firm, this is also a new revenue line. Attestation services for ERC-7730 descriptors are going to be a real market, alongside traditional custom blockchain engagements where descriptor authorship gets bundled into the deliverable. Cyfrin and the audit-shop tier are clearly positioned for this; expect the rest to follow.
The take: credibly neutral infrastructure is the only thing that scales. The Ethereum Foundation taking custodianship of the registry — rather than letting a wallet vendor own it — is the most important governance decision in the announcement, and it’s the part most coverage will under-weight.
What Wallet And Protocol Teams Should Be Doing This Quarter
For wallet developers, the path is direct: integrate the Rust or TypeScript library from clearsigning.org, define a trust policy for attesters, and ship descriptor-aware rendering. For protocol teams, the work is producing accurate descriptors for every externally callable function and getting them attested. For security firms, it’s standing up attestation pipelines as a service.
The trap to avoid: treating Clear Signing as a checkbox. A descriptor that says “approve token transfer” without showing the spender, the amount, and the expiry is technically compliant and practically useless. The whole point of WYSIWYS — “What You See Is What You Sign” — is granularity. If your descriptor doesn’t surface the fields an attacker would exploit, you’ve shipped security theater.
Concrete scenario: a DAO treasury approves a routine setApprovalForAll to a new vault contract. Today, the multisig signers see opaque calldata and trust the proposer’s description. Under Clear Signing, the wallet shows “Grant unlimited NFT transfer rights to 0xVault — this address was deployed 3 days ago and has no attestation from your trusted reviewers.” That second sentence is the entire game. It’s where billions stop walking out the door.
Prediction: the first major exploit after Clear Signing reaches material adoption will be against a wallet that shipped the spec but used a permissive trust policy — accepting attestations from low-reputation reviewers. The standard is necessary. It is not sufficient.
FAQ
Q: What is Clear Signing on Ethereum? A: Clear Signing is an open standard, coordinated by an Ethereum Working Group and stewarded by the Ethereum Foundation’s Trillion Dollar Security Initiative, that replaces unreadable transaction payloads with human-readable, structured descriptions. It uses ERC-7730 as the descriptor format and a public registry with independent attestations to verify accuracy.
Q: How is ERC-7730 different from existing wallet transaction previews? A: Existing previews are wallet-specific and require per-app integrations, which is why most dApps fall back to blind signing. ERC-7730 defines a shared descriptor format stored in a neutral registry, so a single descriptor renders consistently across any conforming wallet — MetaMask, Trezor, Fireblocks, Keycard, and others.
Q: Do protocol teams have to redeploy contracts to support Clear Signing? A: No. According to the Working Group, descriptors are provided alongside transactions rather than embedded on-chain, which means existing contracts can be made Clear Signing–compatible by publishing and attesting a descriptor — no redeployment required.
Key Takeaways
- Wallet teams that don’t ship ERC-7730 support within the next adoption cycle will be the weak link institutional custody desks point to when allocating volume.
- Protocol teams should budget descriptor authoring and attestation alongside audits — it’s the same threat surface, just one layer up.
- Security firms have a new product line in attestation-as-a-service; the audit shops that move first will own the trust graph.
- A neutral registry hosted by the Ethereum Foundation, not a wallet vendor, is what makes this standard credible — watch for governance attempts to capture it.
- Expect the first post–Clear Signing exploit to come from permissive attestation trust policies, not from the spec itself; the standard is necessary but doesn’t replace careful trust configuration.