Regarding SHIB scam – it’s unacceptable that you can lose your entire wallet simply by signing a signature.

https://slowmist.medium.com/slow-mist-blank-check-eth-sign-phishing-analysis-741115bd0b1f

“When we connect our wallets and click Claim, MetaMask will display a signature request with red letters. This is a warning, since it’s almost impossible to determine what the signature request is for. This is actually a very dangerous type of signature request. It’s basically like signing a “blank check” for Ethereum. Once you sign the transaction, scammers can use your private key to sign any transaction.”

Apologies if this is not exactly the same mechanism the SHIB scammers used, but the idea is the same, anyway. Why does the Ethereum protocol allow for something like this to happen? Doing self-custody safely and managing your own crypto in general demands extreme responsibility already, but people are AT LEAST used to looking at the prompt on their ledger, for example “you’re about to send 5 Eth to this address, proceed?” If you see something funny on the ledger, you deny the transaction.

However, on ETH, when you get a request to sign a message, you are essentially told jack and shit. You have damn near no IDEA what you’re agreeing to, and if you sign a malicious enough message, congratulations, everything you own on that wallet is gone. You were never asked to confirm a transaction, all you did was sign a cryptic message because you didn’t think about it too much.

I know for damn sure that such a hustle would never be possible on Cardano, for example. Apologies for name-dropping a competitor, I just don’t own many alts, but I’m sure this is true for most other smart contract platforms as well. Probably all of them except the ETH clones. To me this is just such a massive flaw in the protocol that I can’t get over it. If Eth had gone mainstream this would be an insane attack vector against normies, my head is spinning just thinking about the amount of scams there would be.

Am I overreacting, or what do you guys think? Is there any way to “plug the hole” in ETH’s code, or do we just have to build the counter-measures into wallets and different UI’s and stuff?