Signature Phishing (Web3).

A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase. Es gehört zur Kategorie Web3 und Blockchain der Cybersicherheit.

A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.

Signature phishing — sometimes called 'sign-in scam' or 'one-click drainer' — is the dominant Web3 phishing pattern of 2023–2025, displacing traditional seed-phrase phishing. The attacker convinces a user to connect their wallet to a malicious dApp (typically a fake mint, airdrop, claim, or 'verify your wallet for refund' page) and to sign one or more messages. Those messages look benign in older wallets — `personal_sign` shows opaque bytes, `eth_signTypedData` shows generic-looking JSON — but actually encode high-impact authorizations: an unlimited ERC-20 `Permit`, an ERC-20 `Permit2.transfer`, an `setApprovalForAll` on a high-value NFT collection, an OpenSea or Blur order to sell the user's holdings for ~zero, or, increasingly, a `safe.execTransaction` on the user's Safe / smart-contract wallet. The attacker submits the signature on-chain and drains the user. Defenses are unfortunately almost entirely UI-side: wallets that decode EIP-712 typed data into 'You are granting unlimited spend of X to address Y', anti-phishing extensions (Wallet Guard, ScamSniffer, Rabby, Pocket Universe, Stelo), and user education that any signature request is functionally equivalent to a transaction.

Schutzmaßnahmen gegen Signature Phishing (Web3) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Sign-in scam, One-click drainer.