Signature phishing for tired humans: what you’re actually signing

Most “wallet hacks” don’t start with someone breaking cryptography. They start with someone who’s tired, distracted, a bit rushed, and thinks they’re doing something harmless like “logging in”. And then they sign. Not a transaction. Not a transfer. Just a “message”. That’s the trap: signatures feel like consent with no consequences. In reality, they can be the entire heist.

The uncomfortable truth

If a site can get you to sign the right thing, it can often take something you didn’t mean to give. Sometimes it’s obvious (an approval that lets a contract spend your tokens). Sometimes it’s sneakier (a signature that lets someone impersonate you, drain a session, or set up a later move when you’re not watching).

You don’t need to understand every byte to stay safe. You just need one mental model: Signing is authorising: Not “verifying you’re you”. Not “connecting your wallet”. Not “unlocking features”. Authorising.

The two signatures people confuse

Wallets ask you to sign two broad kinds of things:

1. A transaction (on-chain)

   This is the one people expect. It moves funds or changes state on-chain. You usually see:

   • a network (Ethereum, Arbitrum, Solana, etc.)

   • a fee

   • an address or contract

   • an amount or action

   If you sign it, it happens.

1. A message (off-chain, but still powerful)

   This is where people get mugged. A message signature can be used for things like:

   • proving wallet ownership for a login

   • authorising a marketplace action

   • linking accounts across apps

   • granting permissions that don’t look like “spend money” in the prompt

   Some of these are legit. The problem is you can’t tell by vibes.

The three anchors (the bit to remember when you’re tired)

1. Anchor 1 – If you can’t explain what you’re signing, don’t sign it

   If the prompt looks like a magic spell, treat it like malware. A legit app can usually explain, in plain language, what the signature does and why it’s needed. If it can’t, or it’s pressuring you to click quickly, that’s information.

2. Anchor 2 – Watch for “stop words”

   These are phrases that should instantly slow you down because they’re frequently used in scams or dark patterns:

   • “verify/sync/unlock/upgrade”

   • “security check”

   • “fix stuck funds”

   • “prove you own this wallet”

   • “reconnect wallet to restore access”

   • “sign to continue” with no explanation of what continues

   None of these prove it’s a scam. They just mean you’re in the danger zone where scams live.

3. Anchor 3 – When in doubt, switch to a boring path

   If something feels off, don’t keep clicking inside the scary tab.

   Do this instead:

   • close the tab

   • open a new tab and go to the project’s official site the slow way (bookmark, official socials, official GitHub)

   • try again from there

   • if it still asks for the same sketchy signature, stop and ask in public comments

   The goal is to break the “momentum” scammers rely on.

The classic own goals

This is where good people lose money while believing they’re being careful:

• You assume “it’s only a signature, not a transaction”.

• You assume “it’s from a link my mate sent”.

• You assume “the wallet would warn me if it was dangerous”.

• You assume “I’ll just do it once”.

Wallet UX is improving, but it’s not psychic. If you sign the wrong thing, the wallet may happily help you do it.

A safer default setup

You don’t need a bunker. You need separation. Use two wallets if you do dApps:

• one small “active” wallet for connecting/signing things day to day

• one boring “savings” wallet that basically never connects to anything

That way, when tired you makes a mistake, the blast radius is smaller.

The boring rule that saves money

If you’re not 100% sure what a signature does, treat it like a transaction. Slow down. Read it. If it still doesn’t make sense, walk away and come back when you’re not tired. The chain will still be there. Your funds should be too.