Over the past year, we have seen many users lose their wallet assets instantly with little apparent warning.

What's even more surprising is that the attacker doesn't even need to initiate a normal transfer first.

What they need may just be a transaction signature with "hex data".

It may look like a simple operation: claim an NFT, join an airdrop, connect to a DApp or the sign in website.

Seems harmless: ​0 ETH, sent to the smart contract address.

But the real threat is hidden in the "hex data".

An attacker would encode malicious function calls here, for example:

· approve()

· increaseAllowance()

· transferFrom()

· setApprovalForAll()

· sweepToken()(Customized malicious contract function)

Once these functions are missigned, control of assets may be handed over to attackers.

Once the signature is completed, the other party may transfer your ERC-20 token or NFT without confirming again.

Many on-chain transactions may be one-time transactions in nature even if they do not transfer assets Smart contract call.

The so-called "hexadecimal data" is usually "method + parameters" encoded by ABI.

Example:

0xa9059cbb00000000000000000000000008e8...000000000000000000000000000000000000000000000000000000005f5e100

· First 4 bytes 0xa9059cbb: function selector, in this case transfer(address,uint256)

· The rest: encoded parameters, such as token address, receiving address, numerical value, etc.

For an attacker, it can become an entry point to execute malicious logic.

To a user who doesn't understand the technical details, it just looks like a meaningless string of characters.

This is where the trap lies: blind signature.

In the eyes of users, it may be just a 0-amount transaction; in the contract designed by the attacker, it may be a group of high-risk approval.

Such risky transactions tend to have some common characteristics:

· 💸 0 ETH or small transactions: Lower your guard.

· 🧬 Hex data hiding high-risk calls: Disguised as a simple operation.

· 🧠 The receiver is a smart contract: It is not an ordinary personal address, it may be a malicious contract.

· ⚠️ Signature = Execute: A single confirmation may trigger approval or asset transfer.

Even more troublesome is: ​These types of attacks can be highly automated.

Attackers will use scripts to deploy malicious contracts on a large scale, launch the phishing website, generate high-risk links, and promote through the following methods:

· Search engine advertising

· Discord group

· Twitter/X Reply

· Fake giveaways and NFT airdrops

When the user clicks to confirm, a single signature may put the assets under the control of the other party.

Security should not be solely the responsibility of the user. UKey is being built Multiple layers of defense, to help identify these hidden risks.

At present, we will continue to strengthen protection from the following aspects:

When the user selects the "Show Hex Data" option in the transaction Enabled, UKey will immediately display a clear reminder:

⚠️ This transaction contains hexadecimal data and may involve smart contract interaction or tokenapproval. Please confirm carefully.

This is not an afterthought, but before signing. Active protection.

We ask users to pause and confirm before signing: Hexadecimal data is a powerful tool in its own right, but it can also be an entry point to risk in malicious scenarios.

For EVM chains, UKey provides Real-time ABI decoding + function risk analysis:

· Clearly show the method being called

· before signing Flag high-risk behaviors, including:

o 🧾 Target address identification: Is this a known security contract or a suspicious address?

o 🕵️ historical interaction:Have you interacted with this address before?

o 💰 token and amount: What do you actually want approval or send?

In this way, users can see the real context before signing, instead of just facing a string of indecipherable hexadecimal data.

Use UKey Pro You don't have to just stare at the raw hex string.

You can see on your device screen Real, readable information:

· 🔍 function name — Know what you're actually signing.

· 💵 token type and amount: Are you deducting your entire balance from approval?

· 📍 destination address: Is this a familiar address or a risk signal?

Each piece of information can help you make clearer judgment, Reduce mislabeling and misjudgment.

on-chain transactions generally cannot be "undone". Every signature needs to be carefully confirmed.

We also understand that it is easy for users to think like this:

"I thought I was just connecting my wallet..."

Therefore, we design every layer of UKey True user protection Put it in an important position.

Every signature is a judgment of trust. UKey will help you see more risk information before confirming.