Two years ago, signature phishing meant a fake site asking you to sign a transaction that drained your wallet. Users learned to check transaction amounts and spender addresses. Attackers adapted.
The 2026 generation of signature phishing doesn’t need you to approve a transaction at all. It works by exploiting the gap between what your wallet shows you and what you’re actually signing.
Attack 1: Blind Signing on Hardware Wallets
Hardware wallets can’t decode every transaction. When a dApp asks you to sign a complex multicall or smart-contract interaction, your Ledger or Trezor shows you a hex string and a prompt: "Blind sign?" Most users click yes because the alternative is not using the dApp.
Attackers craft transactions that look routine but include a hidden setApprovalForAll or permit call. Your hardware wallet displays unverified data. You approve. The malicious call executes alongside the legitimate one.
Defence: never blind sign. If your wallet can’t verify a transaction, don’t sign it. Use a wallet with clear signing support for the specific protocol (Ledger has expanded protocol support in recent firmware).
Attack 2: Permit2 Signature Trees
Permit2 allows batch signatures — one signature authorising multiple token spends. Attackers hide malicious tokens inside an otherwise legitimate signature tree. The wallet shows you the top-level structure ("Approve 3 tokens") but hides the details of each token and spender.
A legitimate DEX might ask you to approve USDC, USDT, and DAI to a router. A malicious site asks you to approve USDC, USDT, and a fourth token — one with a malicious spender address that drains any matching token you hold.
Defence: always expand Permit2 signature trees fully before signing. Verify each token and each spender address individually. If your wallet doesn’t let you inspect the full tree, don’t use it for Permit2.
Attack 3: Intent Swapping
You visit a dApp. The UI shows a clear action: "Buy NFT for 0.5 ETH." You click. Your wallet prompts. But the signature request has been swapped — the UI shows one thing, the actual EIP-712 payload is different. This happens when the dApp’s frontend is compromised (injected malicious JS), the wallet connection is hijacked (WalletConnect impersonation), or the signature is crafted to look benign in a preview but have dangerous effects on execution.
Defence: read the actual EIP-712 data your wallet displays, not the dApp’s UI. If your wallet shows different data than the website says it should, reject the signature immediately. This is where hardware wallets with trusted displays become critical — they show you what you’re actually signing, independent of the dApp.
Attack 4: Gasless Signatures for Off-Chain Actions
Some attacks don’t need you to broadcast a transaction. A gasless permit signature (EIP-2612) or an off-chain order (Seaport, 0x) can be submitted by the attacker days later. You sign what looks like a harmless message. The attacker holds it. When convenient, they submit it on-chain.
By the time the transaction appears on-chain, you’ve long since forgotten about the signature. The tokens vanish. No drain transaction appears in your history at the time of the theft — only the signature, which most wallets don’t log.
Defence: be extremely cautious with off-chain signature requests. Never sign a message you don’t understand. If a site asks you to sign something to "verify ownership" or "update permissions" without any on-chain transaction, close the site.
The Common Thread
All four attacks exploit the same weakness: wallet UIs can’t always show you what you’re actually signing. Complex transactions, batch signatures, and off-chain data are all hard to render safely. Attackers weaponise that gap.
The old advice — "check the spender address, check the amount" — isn’t enough anymore. The new advice:
- If you can’t read it, don’t sign it.
- If the UI says one thing and the wallet shows another, trust the wallet.
- Never blind sign anything.
- Off-chain signatures are transactions you haven’t seen yet.
Signature phishing is no longer about spotting the fake OpenSea URL. It’s about knowing exactly what your signature does — every time, without exception.