Original article: https://blog.kchr.de/one-metadata-to-rule-them-all-or-how-to-implement-offline-signers/

By Bastian Köcher, Parity Developer

Compiled by: OneBlock+

On the evening of February 21, 2025, the decentralized trading platform Bybit suffered the largest attack in financial history, with digital assets worth $1.46 billion stolen. This security incident has once again triggered the industry's in-depth thinking on the security architecture of digital assets. Despite adopting the industry-recognized high security standards - 3/3 multi-signature and hardware cold wallets, Bybit still suffered losses due to the inherent risks of "blind signing".

This article will analyze the technical details of the Bybit incident, explore how the Polkadot ecosystem can fundamentally solve the blind signature problem through innovative metadata solutions, and provide useful reference for the entire blockchain industry.

Bybit incident analysis: social engineering attacks and blind signature vulnerabilities

Event review: The process of the cold wallet being hacked

Bybit uses a highly secure asset custody solution recognized by the cryptocurrency industry, which is a combination of Safe multi-signature wallet and cold wallet. Bybit has set a 3/3 signature threshold, which means that three private key holders must authorize at the same time before asset transfer operations can be performed. Despite these strict security measures, hackers still broke through the defense line through social engineering attacks.

The attacker first successfully hacked into the computer systems of the three signatories, and then conducted long-term observations, recording in detail the signatories' operating habits, internal communication content, and transfer processes. After a period of sufficient observation, the hacker targeted the cyclical process of transferring funds from cold wallets to hot wallets, and deployed malicious contracts with backdoors in advance. When the signers were performing daily operations, the attackers quietly replaced normal transaction requests with malicious contracts they had deployed in advance. The signers did not notice this when signing, because they saw an ordinary transfer transaction, but in fact, they signed a transaction that allowed the hacker to take over control of the wallet.

The essence of the incident: the blind signature problem

The core problem of the incident is the blind signature: the signer cannot actually see the transaction content they actually signed on the offline signing device. The hacker controlled the signer's computer so that they saw fake transaction information, but the signature was used for real malicious transactions. Analysis shows that the attacker obtained the owner's rights of the wallet with only one forged signature attack. This strongly suggests that more than one device was compromised, and the hacker may have been lurking in the Bybit intranet for a long time and has enough internal intelligence to accurately simulate the normal transaction process and timing.

The danger of blind signatures is that they provide attackers with a way to bypass traditional security measures. It completely separates user intentions from actual transactions, creating an imperceptible space for deception, which urgently needs to be fundamentally resolved.

Polkadot Ecosystem’s Secure Signature Mechanism: Solving the Blind Signature Problem

The Polkadot ecosystem has made in-depth technical innovations in solving the blind signature problem and proposed a complete set of security mechanisms to ensure that the core security issue of "what you see is what you sign" is effectively solved. Through the application of metadata, offline signature verification, and on-chain security mechanisms, Polkadot can effectively avoid the risk of attacks similar to the Bybit incident and provide users with a safe and transparent signing process.

For detailed technical documentation on metadata, please refer to:

👉https://polkadot-fellows.github.io/RFCs/approved/0078-merkleized-metadata.html

What is metadata?

The Polkadot ecosystem provides a software development kit (SDK) for implementing parachains/aggregation layers that separates business logic (runtime) from the node side. Since each chain has different functions, these runtimes are also different, exposing different transactions, events, and storage items, and using different data types for balances. In order to enable decentralized application (DApp) developers to interact with these different chains, the runtime exposes metadata about itself.

These metadata contain rich information and can even be used to train AI to automatically generate user interfaces and interact with the blockchain. Metadata is essentially a detailed description of on-chain functions, which allows the system to decode complex transaction data into a human-readable form, so that users can understand what they are approving. This solves the fundamental problem of blind signatures, that is, users sign without knowing what they are actually signing.

Technical Challenges of Metadata Application

Applying metadata to offline signing devices faces a series of technical challenges, the most prominent of which is the size of the metadata. As blockchain functionality continues to expand, the metadata for each chain can easily grow to several megabytes. In contrast, offline signing devices like Ledger only have a few thousand bytes of main memory and cannot load the entire metadata to decode transactions. Other solutions such as Polkadot Vault require the entire metadata to be transferred to the device via a QR code, which may take several minutes and the user experience is not ideal.

To address this, the Polkadot ecosystem streamlines and chunks metadata. First, information about storage entries, events, etc. is removed to reduce the size of the metadata. The metadata is then chunked at the transaction level, since metadata for transaction X is not needed to decode transaction Y. This chunking makes it possible to stream data block by block to decode transactions, present them to the user, and then proceed to the next block until the entire transaction is decoded and presented to the user. This is particularly important for batch transactions in Polkadot, which can become quite large.

How to sign securely offline?

How can an offline device ensure that the metadata block received from an online wallet is correct? If the offline device cannot verify this, the online wallet may construct a fraudulent data block that the offline device displays as transaction Y to the user, but is actually executed as transaction X on the chain. This is exactly the security vulnerability that occurred in the Bybit incident.

The Polkadot ecosystem solves this problem by putting all metadata blocks into a Merkle tree. The root hash of each block (metadata root hash) represents the entire metadata, and the offline signer ensures that the received data is correct by verifying the proof of each block. In addition, the offline signer includes the metadata root hash in the signature data of the transaction, so that not only the transaction itself is signed, but also the hash of the metadata. Before the transaction is submitted, it will be compared with the known metadata root hash at runtime to ensure the legitimacy of the transaction.

This approach enables offline devices to independently verify the accuracy of transaction data without trusting online wallets. Transactions are only executed when the metadata root hash matches, ensuring the core security principle of "what you see is what you sign".

Comparing the Bybit incident: How does the Polkadot solution prevent similar attacks?

If Bybit adopts Polkadot’s security mechanism, hackers’ attacks will not succeed. First, Polkadot’s offline signature system can clearly present the true content of the transaction, even if the hacker controls the signer’s computer. The signer can clearly see the true intention of the transaction, such as “granting contract control authority” instead of the misleading “normal transfer” transaction type, thus effectively avoiding the signing of malicious contracts.

Secondly, Polkadot’s solution effectively prevents metadata fraud. Hackers cannot provide false metadata decoding information because the on-chain verification mechanism ensures the integrity and accuracy of the metadata. This mechanism effectively prevents hackers from using forged metadata to carry out attacks.

Ultimately, Polkadot’s full-process security architecture forms a solid line of defense, with each link from transaction initiation to on-chain execution undergoing strict security verification. Any anomaly in any link will be automatically detected and prevented, fundamentally eliminating the possibility of attacks similar to what Bybit encountered.

Other ecosystem solutions

The Cosmos ecosystem uses a transaction text representation method to solve the blind signature problem. They standardize some print functions so that users can view the transaction content in clear text form. However, the disadvantage of this method is that each network node needs to generate a text representation when processing a transaction. Considering the large number of nodes in the blockchain network, all nodes must repeat this operation, which is undoubtedly a waste of resources.

In contrast, Sovereign SDK has borrowed solutions from the Polkadot ecosystem to develop a universal wallet that allows any Sovereign SDK application to automatically display well-formatted and easy-to-understand transaction content without any additional work by the application developer. Since the API set (i.e. "call messages") of a specific application chain is limited, they generate a specific human-readable format for each call message. In this way, Sovereign SDK's Snaps, wallets, and hardware wallets (as trusted binaries) can display transaction content provided by untrusted front-ends.

In addition, the wallet includes a pattern hash for displaying transactions in the signature data, and each chain verifies the hash before accepting the transaction. This means that the chain itself can reject transactions that are not displayed correctly to the user, fundamentally ensuring the security of the transaction.

Future improvement plan: Improve user experience

Although the current implementation of the Polkadot ecosystem has effectively solved the core security issues of blind signatures, the team still plans to further optimize the user experience to make the system more user-friendly.

The current limitation is that the information displayed by the offline signing device is named using the same technology as the on-chain function, and does not provide the necessary context information. This makes it difficult for ordinary users to understand the transaction content - for example, users cannot intuitively tell whether a certain value represents a balance or another type of integer. To correctly interpret these transaction information, users need to have a certain technical background.

To address this issue, the Polkadot team is discussing future upgrades that will include richer contextual information. This means that developers will be able to clearly express the specific meaning of parameters to offline signing devices, such as "parameter_a is a Balance type", "parameter_b is another data type", etc.

In addition, the ideal user experience should include explanatory text attached to each function to help users understand the specific effects of the operation. Although there are documentation functions in the current system, these documents are mainly designed for developers rather than ordinary users. Future improvements will focus more on providing clear and easy-to-understand instructions for end users, so that non-technical personnel can easily understand the transaction content they are authorizing.

Conclusion

The metadata solution of the Polkadot ecosystem fundamentally solves the blind signature problem and provides a more secure and transparent signature mechanism for blockchain transactions. This innovation not only effectively prevents attacks similar to Bybit, but also provides users with an easy-to-understand operation interface to ensure that the transactions signed by users are consistent with the actual execution content. By integrating metadata verification into the transaction signing and execution process, Polkadot has established an end-to-end security system and set a new benchmark for blockchain asset security.

With the implementation of more user-friendly improvements in the future, Polkadot's solution will further lower the usage threshold, allowing non-technical users to safely participate in blockchain transactions, thereby better preventing the risk of social engineering attacks.