Tl;dr: Zengo is proud to introduce ClearSign – a new and safe way to sign Web3 Dapp transactions. In a world where investing and transacting are as simple as sending an email and where crypto wallets facilitate increasingly diverse interactions, our purpose at Zengo is to take care of user security at each and every transaction.
Web3 unlocked new amazing abilities: Introducing new types of assets (tokens and NFTs) and blockchain-based financial instruments to interact with. To support this new plethora of interactions, a new user interface was required to craft the relevant messages for the user to sign: the Dapp (decentralized app) interface.
When it works as intended, a Dapp sends messages to users, users sign these messages with their wallets, and the Dapp reflects the blockchain’s state based on the messages users signed. However, if the Dapp is malicious, hacked, or just buggy, it can present the user a message to sign that doesn’t appear to be asking what it actually is: e.g. “send your most precious rubber duck” appears as “sign to confirm you own this wallet”. Clearly, users need another layer of security to keep Dapps honest.
Web3 expanded the horizons of what can be done with crypto, but this expressiveness can be abused by scammers. The chance of human error is just too high and it is too easy today for malicious actors to gain abusive permissions from users by impersonating legitimate services and scamming users to blindly sign transactions that can make them lose their most valuable NFTs and crypto assets.
There is a reason millions of dollars have been lost in NFT hacks in the past few months.
Zengo already protects hundreds of thousands of user assets by leveraging state-of-the-art MPC cryptography. MPC eliminates the security risks associated with seed phrases that can be lost or stolen and passwords that can be cracked. However, users don’t just want to lock up their assets in a vault that can’t be broken into, they want to feel safe and be able to use those assets in the real (or virtual) world.
Yes, you can have your Moonbird, and eat it too (though we do not recommend it – it can be expensive 😉).
ClearSign leverages Zengo’s unique client-server architecture (that has no single point of failure), analyzes every transaction, reacts to unexpected and unauthorized requests, and blocks them if necessary. In other words: The first “Web 3 Wallet Firewall”.
Our announcement today highlights Zengo’s partnership with Collab.Land! ClearSign will greenlight legitimate Collab.Land signatures and block certain types of phishing attacks as a highly relevant initial display of its power.
Analyzing transactions to identify suspicious patterns, or scoring the reputation of various types of signatures & smart contracts is not enough. We know that, in Web2, the majority of cybersecurity breaches involve a human point of failure, hence the importance of focusing not just on logic, but on the human element as well. ClearSign introduces a UX paradigm that makes the message visible, human-readable, and easy to understand. This helps users assess the implications of signing a Dapp’s message, and forces them to think twice before signing high risk transactions, all while blocking malicious takeovers entirely.
Building the smartest security primitives (MPC and ClearSign) and integrating them into an experience that puts user’s security at the forefront is the only way to build a Web 3 that can support the next billion users. This is important because it is the goal at the very heart of Zengo’s mission.
Security directly impacts the utility of all other features in a wallet. This will continue to be a crucial value and will always matter to users. Security is user experience and user experience is security.
ClearSign requires no integration on the Dapp side and no change of behavior on the user side, and we continue to incorporate increasingly subtle signals to the ClearSign logic.
We are partnering with more Web3 communities interested in boosting user security. Want to get started? Email us at [email protected].
Q: How does ClearSign work?
A: ClearSign 1) Presents a clear, readable, and verified message screen, 2) Presents informative alerts in the case of high-risk transactions, 3) Enables signing a transaction without the need for a private key or seed phrase, 4) Acts as a firewall by blocking unwanted actions related to supported Dapps.
Q: Do Dapps need to do something to integrate ClearSign?
A: No. Everything is intelligently handled by Zengo thanks to its MPC and client/server architecture. Dapps simply need to reach out to our team to get the process started.
Q: When and where will ClearSign be available?
A: ClearSign launched on June 22, 2022 at NFT NYC and is available on iOS and Android for any Zengo User. The popular Web3 Dapp Collab.Land will be the first supported Dapp, followed by TokenProof. Other Dapps and protections (ex: high-risk warnings) will be launched in the coming weeks.
Q: Where can I learn more about ClearSign in Zengo?
A: You can learn more about ClearSign inside of Zengo here.