Human Wallet announces public alpha test to prevent blind signing attacks

Human Wallet, a secure, free and universal protocol that uses multi-party computation to secure users’ funds, announced the launch of its alpha test Web3 wallet to the public, aiming to prevent blind signing attacks. Following the launch, the public can participate in alpha testing to help solve the issues that the Wallet-as-a-service (WaaS) industry faces, such as security and composability.

The alpha testing phase aims to verify the wallet’s impregnability to the sort of blind signing risks that affected the Bybit exchange in February.

Human Wallet allows users to sign transactions directly in their preferred Dapp with their own biometry. This transforms how users interact with any Dapp, allowing them to bypass expensive gas fees and evolve wallets from simple addresses to smart contracts. Additionally, users can access their wallets effortlessly without the hassle of complex seed phrases

Following the alpha launch, the Web3 wallet will accelerate its roadmap to deliver a secure, user-friendly alternative to traditional wallet setups.

Starting today, users can participate in the alpha tests and explore the wallet’s security capabilities by downloading the Human Wallet browser extension in the Chrome web store. According to Nanak Nihal Khalsa, co-founder and CTSO of Holonym Foundation, which developed the Human Wallet, the alpha tests represents the first step to preventing huge hacks – such as the Bybit $1.5 billion hack – and enhance security across the crypto universe.

“Given the urgency of recent events and the concern this has caused within the crypto community, we’ve expedited internal testing to make Human Wallet available now,” Nanak added. “As an alpha release, we encourage users to experiment within their security workflows rather than rely on it for major assets at this point in time.”

Human Wallet builds on Holonym Foundation’s mission to enhance Web3 usability. Its TEE and 2PC framework aims to replace the trade-offs plaguing DeFi security, offering a middle ground between ease of use and robust protection.

Beyond the financial damage, the  Bybit exchange attack exposed weaknesses beyond blockchain security. It revealed how hackers can bypass smart contract protections by targeting external systems. It highlighted the dangers of blind signing, which refers to users approving transactions without fully understanding the contents of the smart contract.

Human Wallet is working to prevent these types of attacks with its new revelation. The company counters blind signing attacks via a novel combination of two-party computation (2PC), trusted execution environments (TEEs), transaction simulation, and hardware wallets.

Instead of directly allowing users to sign smart contracts, the wallet generates human-readable summaries for users to review before signing. What makes this unique is that the transaction preview is seen on the secure hardware wallet instead of on the website or device the hardware wallet connects to. Additionally, the wallet allows seamless access that enable easy sign-ons across dApps and chains.

This solution would probably have prevented the Bybit attack since the compromised front end would not be the place transaction simulations are viewed. Unlike centralized systems, the setup requires user consent, cryptographically verified through the decentralized Human Network to sign transactions.

As alluded to, Human Wallet requires biometry, which integrates directly into the user’s OS device. To set up their wallets, users need to download the extension on their Chrome browser, create an account, and link a hardware wallet as a two-factor authentication (2FA) device. This confirms transactions in plain language rather than hexadecimal code.

Using Human Wallet as a signer in a multisig setup adds a layer of security. This means that should an unlikely issue affect key recovery, a backup hardware wallet maintains access. This approach reflects Human Wallet’s desire to balance convenience and security, avoiding cumbersome methods requiring dedicated laptops or command-line verification often used to avoid blind signing.