Is it safe to sign a message?

17 replies 410 views
Posts: 3 · Reputation: 91
#1Apr 16, 2025, 05:09 AM
Hey everyone, So, I need to prove I have funds in my wallet for a business deal. I feel like the person I'm dealing with is legit, but I wanna make sure my wallet is safe. They want me to sign a message using the sign/verify feature. Is there any risk involved with this if I'm using a Trezor wallet? All they want is for me to send something like "hi, 3/17/2024". I came across a few threads about people getting scammed by signing messages, but the situations seemed a bit different from mine. I’m curious about what exactly signing a message does. I thought it was just a way to send a message to the network without affecting transactions. But if I mess up the message or accidentally sign it with a transaction hash, could that lead to any issues or even a transaction being sent from my wallet? If they ask me to sign something with a transaction hash, is that a big risk? And what about signing a message with just the date? Is that risky? Also, is there any difference between signing messages for Bitcoin versus ERC20 tokens like USDT?
4 Reply Quote Share
sam_walletFull Member
Posts: 104 · Reputation: 365
#2Apr 16, 2025, 11:09 AM
No, there is no inherent danger in this that they can steal your coins. It's just a way of proving that you indeed have ownership of the Bitcoin wallet's private keys, and allows others to verify that information without giving them any more access. There is even a thread on the forum for users to sign messages with addresses that have been posted by an account to prove they own the address and account - https://bitcointalk.org/index.php?topic=996318.0 You didn't give us more information, so we cannot know if the other party should be knowing exactly how much bitcoins you have and the reason for the need to sign a message. These were cases of users being sent a raw transaction which was created with the public key of the address and they verified it, effectively signing that transaction and sending the coins/tokens out of it. If they send you a transaction hash, DO NOT SIGN IT. You do not need anyone to send you anything when signing a message or a txid.
0 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#3Apr 18, 2025, 04:06 AM
Transactions have a signature that ensures that the inputs can be spent and is valid. You should not sign any transactions that you cannot trust; but the way that the signature is generated is quite different. Bitcoin signed message has a very specific syntax, so long as you are using the message signing function (not transaction signing) then it would be fine. No and yes. Nothing would happen if you sign a transaction ID using the message signing tool**, though there is really no reason why you should be doing so. Using the signed message tool for Bitcoin Core would guarantee an invalid signature if used. The transaction data isn't just the transaction hash and since the message prepends "Bitcoin Signed Message:", it wouldn't be valid for a transaction signature regardless. I recommend including more details like the purpose and for whom, just to ensure that it can't be reused or otherwise misconstrued. ** I'm not familiar about the implementation of Ethereum's wallet but it is not an issue with Bitcoin wallets to my knowledge because the message signing is distinctively different from transaction signing.
3 Reply Quote Share
Posts: 3 · Reputation: 91
#4Apr 18, 2025, 09:12 AM
[/quote] No and yes. Nothing would happen if you sign a transaction ID using the message signing tool**, though there is really no reason why you should be doing so. Using the signed message tool for Bitcoin Core would guarantee an invalid signature if used. The transaction data isn't just the transaction hash and since the message prepends "Bitcoin Signed Message:", it wouldn't be valid for a transaction signature regardless. I recommend including more details like the purpose and for whom, just to ensure that it can't be reused or otherwise misconstrued. ** I'm not familiar about the implementation of Ethereum's wallet but it is not an issue with Bitcoin wallets to my knowledge because the message signing is distinctively different from transaction signing. [/quote] Maybe this is a distinction I wasn't aware of.  I'd just be using the message signing tool from Trezor as seen here https://blog.trezor.io/featurefriday-sign-verify-2c657af39b0c#:~:text=Click%20%E2%80%9CSign.%E2%80%9D,box%20on%20your%20computer%20screen. and (hopefully) not using any kind of transaction signing.  Maybe in the case of these hacks people were signing transactions rather than messages?  I guess I was just trying to make sure I could type anything into the "message" section using the sign message feature shown above on Trezor and it would be safe.  At the very least though I can avoid typing any kind of transaction hashes or programming language as it shouldn't be necessary and would raise red flags if they asked something like that to be the message.
0 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#5Apr 20, 2025, 01:02 AM
A signed message proves that you're the owner of a public key, because the only way to sign a message of a public key is to own its private key. This is how coin ownership is retained without disclosing the private key. You simply sign a message that says what you want to spend etc. Signing a message shouldn't be a trouble, but after reading the reddit post, I wouldn't feel as comfortable as I do with Bitcoin signed messages. I have no idea how Ethereum works, but as it turns out from the first reply, signing transaction hash can grant ETH ownership. Signing a simple "hi, this is <date>" would never harm you in Bitcoin, but I wouldn't cross my fingers it will neither harm in crazy-Etherland.
2 Reply Quote Share
john.cobraHero Member
Posts: 408 · Reputation: 2145
#6Apr 20, 2025, 07:03 AM
@Speedoguy, I would just add that perhaps you should take privacy into account when you sign a message as proof that you own a certain amount of BTC. What I want to say is that maybe it would be smart to send the amount you want to prove that you own to a new address in a new wallet - and it would be ideal to break the link between the main storage and the new wallet (using a mixer). I don't know what it is specifically about in your case, but it is possible that there are scammers who are trying to find out how many coins you actually own in order to try to scam you in some way. Think about it, if someone has $1000 worth of BTC, they are not as valuable a target as someone who has $10 000 or maybe ten times as much.
3 Reply Quote Share
RogueDegenFull Member
Posts: 74 · Reputation: 309
#7Apr 20, 2025, 11:35 AM
Please take note of what is said there. Imagine this scenario: I have no bitcoins at all. I pretend to be you.  I contact John Smith and tell them that I have some number of bitcoins that I want to send to them in exchange for something.  They ask me to send a signed message proving that I'm you. Meanwhile, I've been talking to you about a "business deal" with you, and I get you to send me a signed a message that just says "Hi, 2024-03-17". I then take the exact signed message that you've provided to me, and send it on to John Smith.  John Smith is now convinced that I'm Speedoguy. I get John smith to provide me whatever he's selling.  Next, I disappear. John Smith now contacts YOU demanding the Bitcoins that he says YOU owe him. You claim that you never received anything from him. You claim you've never even talked to or heard of him.  He shows the message where he asked me (pretending to be Speedoguy) for a signed message, and then he shows YOUR signed message saying that it PROVES that YOU did talk to him and that you agreed to send him bitcoins. What a mess. All that could have been avoided, if you were just a bit more careful about what you had signed.  Instead of just "Hi".  Make sure that The message is very clear about details such as who it's from, who it's to, why it's being sent, when it was requested, what it's intended to prove. That will make it much more difficult for the message to be reused. If instead of "Hi, 2024-03-17" you had signed a message that said: "This message was requested of Speedoguy by DannyHamilton in an email sent from notDannyHamiltonsEmail@gmail.com at 17:25 UTC on 2024-03-17 to notSpeedoGuysEmail@gmail.com. This message is intended to prove that address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh contains exactly 0.30834147 as of 17:42 UTC on 2024-03-17. This message was requested as part of a business deal where Speedoguy would put up 0.2 BTC as collateral for a loan of $5,000 from DannyHamilton, to be paid back by SpeedoGuy (with interest) in payments of $1,100 on the first day of five consecutive months beginning with the first payment due on 2024-05-01". It's going to be a lot harder for me to forward that message on to John Smith and convince him that I'm Speedoguy and that I'm providing him 0.30834147 bitcoins to him in exchange for $20,000 of his Monero.
1 Reply Quote Share
Posts: 3 · Reputation: 91
#8Apr 20, 2025, 05:26 PM
Ya good point about making the message specific.  I thought this sort of man in the middle thing was a very real possibility and the most likely scam angle, but I generally think the person is pretty legit, met them, they're using real name verifiable by social media etc and vouched for by others.  It's obviously not foolproof though and just trying to make sure the wallet is as secure as possible.  They've supposedly done similar deals in the past and acted like signing a message was very standard for showing ownership of funds on a blockchain (which I kind of assume is the main purpose behind the signing feature)  but just wanted to make sure there wasn't some possible attack vector
3 Reply Quote Share
HumbleBullFull Member
Posts: 54 · Reputation: 378
#9Apr 20, 2025, 09:19 PM
To sign the message you need the address's private key, and that is where the risk comes from. If you know how to do it and use your own wallet to sign a message, then it's fine. But if the guy asks you to use his software to sign the message then you are risking your coins because they could use malware where they get a copy of the Private key while you sign the message. Personally, i have used online wallets to sign messages and never had a risk or a problem while doing that. For it I used blockchain.com, i had to import the PK, and after that signing a message was simple. But not many people would agree about this method, if you are looking for security, then use your own node.
3 Reply Quote Share
w0lf404Hero Member
Posts: 801 · Reputation: 2381
#10Apr 21, 2025, 12:06 AM
Using you own node for a signing a message? Signing a message has nothing to do with nodes. Signing a message is mathematical process in which you create a digital signature for a message. When you sign a message, you don't need any connection to nodes and you don't broadcast anything.
0 Reply Quote Share
HumbleBullFull Member
Posts: 54 · Reputation: 378
#11Apr 22, 2025, 03:30 PM
With node i mean a Bitcoin core wallet, but you are right for this process we don't need a wallet, but is important to mention how most of the wallets let us sign a message. With bitcoin core qt version users can sign messages with the next steps: →Go to the "File" menu, then select "Sign Message". →In the dialog that appears, enter the Bitcoin address you want to sign the message with. →Enter the message you want to sign in the "Message" field. →Click on "Sign Message". And if you want to do it from the command line, there is a command for this purpose. I will leave some sources: https://en.bitcoin.it/wiki/Message_signing https://medium.com/coinmonks/bitcoin-cryptography-signing-and-verifying-messages-with-node-js-645d05013f4f https://coinguides.org/sign-verify-bitcoin-address/
2 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#12Apr 22, 2025, 07:39 PM
Yeah, it's fine. Ethereum works quite differently from Bitcoin. With Bitcoin, the message signing function is solely used for the message signing/verification purpose. It is very different from signing a transaction, you cannot just sign a transaction using the transaction ID. It's just common sense for people to not sign messages with content that they don't fully understand.
1 Reply Quote Share
w0lf404Hero Member
Posts: 801 · Reputation: 2381
#13Apr 22, 2025, 09:50 PM
But it's not that you would have more security, if you sign your message with bitcoin core. If you want to sign a message and be sure that your private key is kept secure, you should sign your message on an air-gapped device. It doesn't matter whether you sign your message using bitcoin core or electrum.
2 Reply Quote Share
sage_moonSenior Member
Posts: 273 · Reputation: 1371
#14Apr 23, 2025, 01:26 AM
The only way for your signature to be compromised is to sign 2 messages using the same nonce K, which must be random between 1 and N-1 (where N is the order of the curve), as long as you do the signing in a secure environment. There will be problems, if they ask you to sign using their website or software provided by them, run away, it's probably a signature scam. If you make 2 signatures using the same nonce, they can derive your private key.
1 Reply Quote Share
omega_bearFull Member
Posts: 116 · Reputation: 780
#15Apr 23, 2025, 02:36 AM
diffinitelly you can be scamed, but with not only one message, but any sighnet message can leaks some part om privkey: " What is special about the ECDH is that your peer's pubkey defines the curve being used, not your secret key! So if an attacker provides a pubkey from a weaker curve, and you respond with the product of their weak pubkey * your secret, they can use brute-force to factor out and reveal your secret." https://stacker.news/items/361797 Reciver of your message mast send you message first, abd you see what his pubkey is not pubkey for scam... Scam pubkeys cant send  any messages [moderator's note: consecutive posts merged]
2 Reply Quote Share
RogueDegenFull Member
Posts: 74 · Reputation: 309
#16Apr 23, 2025, 03:40 AM
That doesn't make any sense. Why would you respond with "the product of their weak pubkey * your secret" ?? When signing a message, you generate a hash of the message, then you generate a signature using your private key and the hash that you generated. The other person's public key isn't used at all. You only use their public key to verify a signature that they send you.
0 Reply Quote Share
omega_bearFull Member
Posts: 116 · Reputation: 780
#17Apr 23, 2025, 08:39 AM
and then used pubkey of attacker ?
4 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#18Apr 23, 2025, 08:47 AM
If your signing software is working properly (at minimum using a random non-predictable nonce) your message with signature doesn't leak anything about the used private key. You would need to be able to break ECDSA completely and apparently no-one is able to do this. You should probably read and understand more of the context of a cited piece of text. I understood, I certainly could be wrong too, the pieces behind your cited source that it's about issues of naive implementations of secp256k1 curve being susceptible to twist attacks when the implementation naively accepts wrong pubkeys which are not on the curve (because they fail to detect this). I can't quite believe that something like this could be foisted on mature implementations of secp256k1 curve like Bitcoin Core or Electrum use. Read again and try to understand, also in context of usage with proper software. As far as I understand it, a Twist attack isn't possible with proper implementations. A twisted pubkey of an attacker should and would be rejected, his signature should fail to be verified. By checking yourself, you don't reveal anything of your private key. Do you understand what DannyHamilton explained to you?
0 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics