Cointelegraph reported that Ethereum’s latest update introduced a serious vulnerability: it’s now possible to authorize spending from your wallet using just an off-chain signature.
Off-chain signatures are widely used in Web3 for signing messages when logging into sites or dApps. They cost nothing and aren’t recorded on the blockchain - which is why many users sign messages without thinking twice. But now, a signed message could potentially grant permission to move your funds later.
Yes, that’s a critical vulnerability.
No, it’s not a new one.
Do most Ethereum users really understand what they’re signing when they log in somewhere?
Be honest - do you always know whether a signature you're providing gives a smart contract access to your funds? Probably not. And verifying every detail every time is just not practical.
The real problem is deeper:
Web3 turned the wallet into an authentication tool.
Imagine if, in the real world, you had to open your physical wallet every time you wanted to open a door. Sooner or later, something valuable would fall out. That’s exactly how things work in Web3. Ethereum’s latest update just made it slightly worse.
🔐 My advice:
Use empty wallets to log in to dApps.
Even better - use your wallet only for its original purpose: sending and receiving crypto.
At rabbit.io, we never ask you to connect a wallet.
Just give us an address to receive your crypto - and we’ll give you one to send it to. Simple as that.