New EIP712 Messages in Blur Protocol Expose Users to Phishing Attacks


  • Blend Protocol introduces risky EIP712 messages, raising phishing concerns.
  • Malicious actors exploit Seller message to deceive users and steal assets.
  • LoanOffer message enables fake sale offers, putting NFTs at risk.

In a concerning development, the popular decentralized finance protocol, @blur_io’s Blend Protocol, has recently introduced two new EIP712 messages called “Seller” and “LoanOffer.” While these additions were intended to enhance the functionality of the protocol, security experts have discovered potential phishing exploits that could lead to significant financial losses for unsuspecting users.

The newfound vulnerabilities arise from the ability of bad actors to exploit these messages by constructing malicious loan offers or suspicious sale offers. By leveraging the seller message, an attacker could create a deceptive loan offer tied to a worthless NFT. If a user unsuspectingly signs this malicious loan offer, they will unknowingly part with their Blur ETH, resulting in the loss of their valuable assets.

Similarly, through the LoanOffer message, a malevolent actor can construct a malicious sale offer with an artificially inflated price. If an unsuspecting user signs this nefarious offer, they risk losing the NFT they had lent, falling victim to the attacker’s scheme.

These phishing exploits pose a significant threat to users of the Blur Protocol, especially those who may not be well-versed in the intricacies of decentralized finance and smart contract interactions. It is crucial for all users to exercise extreme caution and remain vigilant when engaging with these new features.

Security experts and the development team at @blur_io are working diligently to address and mitigate these vulnerabilities. They are actively investigating potential solutions, including the implementation of additional security measures, audits, and user education initiatives.

As a precautionary measure, the Blur Protocol team advises users to carefully review and verify the details of any loan or sale offers before signing any transactions. Double-checking the terms, prices, and involved assets is essential to avoid falling victim to phishing attempts.

In light of these developments, the broader decentralized finance community should take note of the risks associated with new protocol features and remain proactive in identifying and addressing potential security loopholes. Collaborative efforts between developers, auditors, and users are crucial to maintaining the integrity and security of the rapidly evolving DeFi ecosystem.

While the potential phishing exploits discovered in the Blend Protocol’s new EIP712 messages are concerning, it is essential to remember that with proper caution and awareness, users can navigate the decentralized finance landscape securely. Nonetheless, it is incumbent upon all stakeholders to prioritize security measures and promote responsible use of DeFi protocols to safeguard the community as a whole.