ERA Wallet Adds On-Device Clear Signing to Address DeFi Blind Signing

ERA Wallet Introduces On-Device Clear Signing – Aims to Reduce Blind Signing Risks in DeFi

Key Takeaways

• Blind signing allows users to approve unreadable smart contract transactions, a flaw linked to billions in losses.
• The Ethereum Foundation and an Ethereum Working Group launched the Clear Signing standard on May 12.
• ERA Wallet integrates an on-device parsing engine called ERA Lens to translate transaction data before signing.
• The wallet uses a QR-only air-gapped model based on EIP-4527 and replaces paper seed phrases with encrypted NFC recovery cards.

Blind Signing Identified as Structural Risk in DeFi

Blind signing refers to approving a blockchain transaction without seeing its full intent in human-readable form. Instead of clear information, users often see hashes or encoded data that only developers can interpret. Once signed, the blockchain executes the transaction exactly as authorized.

On May 12, the Ethereum Foundation and an Ethereum Working Group of wallet developers and security firms introduced Clear Signing, an open standard designed to make Ethereum transaction approvals readable. In the announcement, blind signing was described as a structural flaw that has been linked to billions in user losses, including the Bybit hack.

Security analyses of the Bybit case outlined a workflow in which signers believed they were approving a routine transfer. The underlying transaction, however, redirected control of a wallet proxy to an attacker contract. The private keys remained protected, but the approved instruction allowed assets to be drained. This distinction highlights that key protection alone does not prevent losses if transaction details are not clearly visible.

Why DeFi Transactions Increase Approval Complexity

In simple transfers, users expect to confirm a recipient address and an amount. DeFi transactions are more complex. A single approval may involve a function call, token permission, spend limit, destination address, swap path, staking action, lending operation, or even a contract upgrade.

Hardware wallets became widely used because they isolate private keys from internet-connected devices. This protects against malware and phishing attempts aimed at extracting seed phrases or signing transactions from compromised computers. However, DeFi interactions introduced a separate risk layer. Even when keys are stored offline, the signing device may display only encoded calldata.

In practice, a front end such as a browser extension or mobile application can show a clean and familiar transaction summary. The hardware device may receive a different payload that the user cannot interpret. If the device screen shows only a hash or fragment of data, the user cannot independently verify what the transaction will actually do.

Clear signing attempts to address this by turning raw transaction data into readable fields such as function name, token amount, recipient address, and protocol. The effectiveness of this approach depends on ecosystem support. Developers must create and submit metadata for smart contract functions so compatible wallets can display transactions in plain language. Because DeFi evolves quickly, new contracts and interfaces constantly appear, making consistent coverage a challenge.

ERA Wallet Integrates On-Device Transaction Parsing

ERA Wallet positions its approach within this broader move toward readable approvals. Its core component, ERA Lens, is an on-device transaction parsing engine that translates complex smart contract calldata into plain language before a transaction can be signed.

According to the company, ERA Lens runs fully offline on the device. It displays the function being called, token amounts involved, and destination addresses. If a transaction cannot be decoded or does not match a known interface, the signing flow is stopped and flagged for manual review.

The wallet’s founder, Alexey Devyatkin, described the device as operating as a “Security Island” because it does not rely on an internet connection to interpret transaction data. The underlying idea is that if the device cannot recognize or decode a transaction, users have a clear signal to reassess before approving it.

Air-Gapped QR Model Based on EIP-4527

ERA Wallet also adopts a QR-only air-gapped signing model built on EIP-4527. The device signs transactions without Bluetooth, Wi-Fi, or cable connections. Instead, data is transmitted through QR codes between the wallet and the offline signer.

EIP-4527 describes a QR code data transmission protocol between wallets and offline signing devices. The standard notes that QR transmission can increase transparency because users are able to decode the data with available tools. It also states that USB and Bluetooth connections present a larger attack surface compared to QR codes.

This design introduces two layers of separation. First, the device signs transactions offline without direct connectivity. Second, ERA Lens interprets the transaction payload locally before approval. For users interacting with smart contracts, routers, bridges, staking platforms, or lending markets, this combination addresses both key isolation and transaction visibility.

Seed Phrase Backup Replaced by Encrypted NFC Recovery Cards

In addition to transaction visibility, ERA Wallet changes the recovery process. Instead of requiring users to write down a paper seed phrase, the wallet uses encrypted NFC Recovery Cards.

The Recovery Card stores seed phrase backup data in encrypted form and is protected by a PIN with limited attempts. The company states that the card is designed to protect stored information for more than 50 years and is built to be dustproof and waterproof. It also supports single and multi-share backups.

The device can manage up to 10 independent wallets, each with its own seed phrase and optional passphrase. This allows users to separate long-term holdings, active DeFi funds, testing wallets, or business-related assets within one hardware environment.

Clear Signing Emerges as Baseline Requirement

The launch of the Clear Signing standard by the Ethereum Foundation and industry participants signals a shift in how self-custody security is defined. Earlier hardware wallet development focused primarily on protecting private keys from extraction. As DeFi usage expanded, transaction approval quality has become a central issue.

Readable transaction approvals are increasingly treated as a baseline requirement when interacting with smart contracts. The combination of offline key storage and on-device transaction decoding reflects this change in threat modeling.

Our Assessment

The introduction of Clear Signing by the Ethereum Foundation and related industry groups formalizes efforts to address blind signing as a systemic issue. ERA Wallet’s integration of on-device transaction parsing, QR-based air-gapped communication under EIP-4527, and encrypted NFC recovery cards reflects this broader shift toward improving transaction transparency alongside key protection. For users engaging with complex DeFi protocols, the focus is moving from custody alone to verifiable transaction intent before approval.