For a long time, when we talked about wallet security, users were most often reminded of two things: keep your mnemonic phrase safe, and do not click phishing links.
This is because in a self-custodial wallet, the mnemonic phrase or private key always represents control over assets. Its importance cannot be overstated.
However, as AI Agents begin to enter wallets, trading, payments, and on-chain execution, a new issue is becoming increasingly important: even if your private key is never exposed, your assets may still be transferred because of an incorrect approval, a misleading signature, or a compromised automated instruction.
In other words, wallet security is moving beyond “who controls the assets” toward more specific questions: why are the assets moving, how are they being moved, and does the action truly match the user’s intent?
This is also why Clear Signing was further advanced into Ethereum’s open standardization process on May 12. To be clear, it is not trying to solve a new problem, but a long-standing one in crypto: many users are not careless about security. They simply cannot understand what they are signing before clicking “Confirm.”
1. In the AI Agent Era, Web3’s Security Boundary Is Quietly Stretching
With the rise of AI Agents, Web3 on-chain interactions are also moving closer to natural-language experiences.
In the past, if you wanted to complete an on-chain action, you had to open a DApp, connect your wallet, choose a route, approve permissions, initiate a transaction, and confirm every step yourself through wallet pop-ups. In the future, this process may be greatly simplified into a single sentence: “Help me find a stablecoin pool with higher yield,” or “Claim this airdrop and swap it into ETH.”
From a user experience perspective, this is clearly progress. AI Agents can help users understand information, break down steps, generate transactions, improve efficiency, and even complete certain actions automatically within defined permissions.
But the other side of improved efficiency is an expanded security boundary.
At that point, what determines where funds go is no longer just the user. It may also involve the Agent’s interpretation, external data sources, and several other steps in the execution chain. If any one of these steps is compromised, what the user sees as “help me execute this” may become what the attacker wants: “transfer funds on my behalf.”
Recently, attackers used prompt injection on X to induce AI Agent systems to execute suspicious transfers involving 3 billion DRB tokens, valued at roughly $150,000 to $200,000. The core issue in incidents like this is not traditional private key leakage, but how AI systems interpret inputs, how they obtain permissions, and how instructions are passed to the on-chain execution layer.
This also shows that attackers do not necessarily need to break into a wallet directly. If they can make an Agent operating with excessive permissions mistake malicious input for a valid command, real financial losses may follow.
After all, in traditional internet scenarios, prompt injection may only cause an AI system to give a wrong answer, leak context, or call the wrong API. But in crypto, once an Agent is connected to a wallet, has permissions, and can initiate transactions, a wrong instruction may directly become an on-chain transfer. Since on-chain transactions are irreversible, AI Agent security is no longer just about “model security”; it is asset security.
Therefore, wallet security in the AI Agent era cannot rely only on making AI “a little smarter.” The real key is that between the transaction generated by the Agent and the signature confirmed by the user, there must be a security interface that is clear, verifiable, and understandable.
That interface is the wallet.
2. Does Clicking “Confirm” Really Mean the User Understands?
For most users, the most familiar wallet action is probably “Confirm.”
Connecting to a DApp requires confirmation. Swapping requires confirmation. Token approvals require confirmation. Bridging requires confirmation. Claiming an airdrop requires confirmation. Staking, lending, or minting an NFT also requires confirmation.
The problem is that many confirmation pages do not truly tell users what will happen after they confirm.
In many cases, users only see a function name. Sometimes they see a block of unreadable hexadecimal data. Sometimes they only see a vague “Approve” or “Sign Message.” Technically, this information may not be wrong. But for most users, it is not enough to make an informed decision.
This is the danger of blind signing.
Blind signing does not mean the user did not look at anything at all. It means the information shown is not enough for the user to make an informed decision. It is like signing a contract written in a language you do not understand, with only an “Agree” button visible at the end. You know you are signing, but you do not know what consequences the signature will bring.
In its Clear Signing announcement, the Ethereum Foundation also emphasized that the final step in many major attacks is not a code vulnerability, but a user approving a transaction they cannot truly understand. If transaction confirmation is supposed to be the final line of defense for user control over assets, then blind signing makes that line of defense ineffective.
So if account abstraction over the past few years has focused on “how to execute more conveniently,” then Clear Signing focuses on “how to verify more clearly before execution.” These two are two sides of the same coin. Without better signature interpretation, more complex automation and more powerful account capabilities may also create more room for user error.
This is where ERC-7730 comes in. According to the EIP-7730 proposal, it defines a structured data format for Clear Signing. By using JSON files to supplement information beyond ABI and message types, it transforms raw transaction data into content that is easier for humans to verify, while also allowing machine systems such as transaction simulation tools to use it directly.
Put more simply, ERC-7730 does not change the on-chain transaction itself. Instead, it adds a standardized explanatory layer between the transaction and the user. For example, as shown below, a wallet may previously have only been able to display function selectors and parameters. With ERC-7730, it can present the action in a way users can actually understand.
With this standard, any wallet that supports ERC-7730 can display raw function selectors and numeric parameters as human-readable content such as “Swap 1,000 USDC for at least 0.42 WETH.” This may look like a UI improvement, but in reality, it is a fundamental upgrade to wallet security.
Only when users can understand the transaction does confirmation have real meaning. And only when wallets can present transaction intent in a structured way do users have a chance to identify problems before signing.
3. Verifiable UI: Making What Users See Match What Will Actually Happen
This brings us back to the Verifiable UI concept we have been emphasizing recently.
If Clear Signing aims to help users understand what they are signing, Verifiable UI goes one step further: can the content users see be reliably mapped to actual on-chain execution?
This is critical in Web3.
Many users are used to trusting DApp frontends. If the page says “claim rewards,” they assume they are claiming rewards. If the page says “stake,” they assume they are staking. If the page says “security verification,” they assume it is only identity verification.
But what can actually move assets is not the button on the webpage. It is the transaction ultimately signed inside the wallet.
A DApp frontend may be attacked. A domain may be spoofed. Page copy may be disguised. Even the information read by an AI Agent may come from a compromised webpage or social post. If the wallet simply shows a generic confirmation prompt, users are still in a state of “trusting the frontend.”
This is also why imToken’s plan to support ERC-7730 and advance Verifiable UI + Clear Signing is important.
It is not simply about showing a few more lines of text on the confirmation page. It is about turning the wallet from “the last click in a transaction flow” into “the final layer of verification before signing.” When a user or AI Agent is about to initiate a transaction, the wallet should tell the user as clearly as possible which contract the transaction actually calls, which asset is being transferred, who the approval is granted to, how broad the approval scope is, and whether the final result matches what the page displays.
This capability will become even more important in the AI Agent era.
Agents can help users do many things, but Agents can also make mistakes. Users cannot hand all judgment over to Agents, and wallets should not simply pass Agent-generated transactions to users for confirmation without interpretation. A more reasonable division of responsibilities is this: Agents improve efficiency, while wallets guard the boundary.
This is the value of Verifiable UI + Clear Signing. It is not meant to prevent users from using new technologies. It is meant to let new technologies operate within more verifiable boundaries. As smart accounts, AI Agents, automated trading, and cross-chain execution become more common, wallet confirmation pages should no longer remain in a low-information state of “Confirm / Approve.” They should become a key interface through which users understand on-chain actions.
Further reading: “From Kelp DAO to Verifiable UI: The Next Security Baseline for Decentralization”
Final Thoughts
The crypto industry has always pursued a better user experience.
From mnemonic phrases to smart accounts, from manual operations to AI Agents, and from single transactions to batch execution, wallets are becoming more powerful and more similar to everyday internet products in how they are used. But the more this happens, the more we must not ignore one basic fact: on-chain transactions are irreversible, and signatures remain the most critical step before user assets move.
In the past, we often said: “Do not leak your mnemonic phrase.” In the future, as AI Agent capabilities become widely embedded in Web3 and on-chain execution, we may need to add another reminder: do not sign transactions you cannot understand, and do not let Agents execute instructions you cannot verify.
Ultimately, whether it is the Ethereum Foundation promoting the standardization of Clear Signing, or imToken planning to support ERC-7730 and advance Verifiable UI + Clear Signing, both point in the same direction:
In the new era, wallets should not only be easier to use. They should also be more trustworthy — becoming a reliable guide that helps users understand what is happening on-chain.