Key management
To interact with Ethereum safely, users must manage cryptographic keys through software and hardware wallets.
STRENGTHS
Diverse wallet security models
A mature, diverse wallet ecosystem—often open source—supports multiple security models, while enabling users to move between providers.
Wallet security benchmarking
Wallet security practices are being independently compared via a 1TS-funded initiative (Walletbeat).
Multi-approval security models
Wallets offer security models that require approval from multiple devices or parties, helping prevent a single mistake or compromise from causing loss.
Industry-standard protocol-level cryptography
Industry-standard cryptography is supported directly at the protocol level, including hardware-backed signatures such as those produced by passkeys.
Account abstraction at scale
On-chain smart contract accounts (ERC−4337) are used at scale, enabling recovery and safer transaction handling.
Smart contracts for EOAs
Smart contract functionality can be added to externally owned accounts, enabling new safety features without risky migrations or address changes.
RISKS
Compromised keys and account takeovers remain a leading cause of user fund loss, including phishing, malware, and operational signer misuse.
MPC and multisig custody solutions show vulnerability to sophisticated state-sponsored attacks, as demonstrated by the DPRK-attributed Bybit exploit.
Blind signing & transaction uncertainty
Users often approve transactions “blindly” without understanding or verifying the outcome of their transaction. This leaves users vulnerable to malicious smart contracts, phishing, scams, compromised or spoofed interfaces, or basic user error.
STRENGTHS
Transaction simulation availability
Transaction simulation and previews are widely available across wallets and tooling, allowing users to understand effects before signing and reduce unintended asset loss.
Verified-contract decoding at scale
Large verified-contract datasets enable wallets to warn users when interacting with unverified or deceptive code.
RISKS
Insufficient transaction-intent transparency causes users to unknowingly authorize malicious or broader-than-intended actions. Wallet simulation has improved, but adoption remains inconsistent.
Ambiguous signature scope (e.g., permits, meta-transactions) allows approvals with unintended persistence or authority. Scoped-signature standards are emerging, but not yet widely enforced.
Approval and permission management
Broad, long-lived token approvals remain common and significantly increase loss severity when keys are compromised or users are deceived, making approval scope and revocation a recurring contributor to user losses.
STRENGTHS
Standardized permit-based approvals
Permit2 enables scoped and time-limited approvals, reducing exposure from long-lived unlimited token allowances.
Allowance inspection and revocation tooling
Users can inspect and revoke token allowances across chains, reducing standing approval risk.
RISKS
Overly broad or persistent token approvals allow attackers to transfer assets beyond a user’s intended scope. Revocation tooling exists, but default unlimited approvals remain common.
Poor visibility into active approvals and permissions prevents timely detection of malicious spenders. Dashboards and alerts are improving, but are not universal.
Compromised web interfaces
DNS hijacks and supply chain attacks remain potent. Even perfectly audited contracts fail when users interact through compromised frontends.
STRENGTHS
Decentralized frontend hosting patterns
Major dapps serve frontends via IPFS or Arweave with ENS, reducing DNS registrar and CDN compromise risk.
RISKS
Compromised or spoofed web interfaces can manipulate transaction construction or signing flows, leading users or admins to authorize malicious actions.
Privacy
Ethereum’s transparency and reliance on off-chain access infrastructure inherently expose metadata about user behavior. Even when transactions are cryptographically secure, network access patterns and address linkage can enable surveillance, profiling, and targeted exploitation.
STRENGTHS
Practical on-chain privacy protocols
Users can transact without linking sender and receiver using mature, deployed privacy protocols.
Open measurement of mempool propagation and visibility
Tools like ETHp2p Observatory make transaction dissemination observable, enabling accountability and mitigation research.
RISKS
Reliance on centralized or opaque RPC providers exposes wallet and transaction metadata, enabling surveillance, profiling, and targeted attacks that undermine user privacy.
Mapping compliance requirements to privacy tech remains unsolved—Europe has specific rules while US interpretations vary, and no standard exists for privately verifying attestations.
Opaque order-flow infrastructure exposes transaction intent prior to execution, enabling surveillance, strategy inference, and targeted exploitation of users.
Fragmentation
Wallets handle core behaviors inconsistently—displaying transactions, managing approvals, and labeling contracts all work differently—so users cannot form reliable expectations about safe Ethereum use.
STRENGTHS
Wallet signing standard coordination
Major wallets coordinate on shared signing standards to reduce fragmentation and blind signing risk.
RISKS
Fragmented wallet standards and inconsistent application UX increase user error rates and reduce the effectiveness of security controls.
Competitive dynamics and paywalled security features block collaboration—few wallets actively engage in standards work, and coordination is hosted by a single vendor rather than neutral ground.