When a wallet UI is compromised, every signer is blind. Sign is the second channel: it decodes raw transaction bytes independently, compares them against the human-readable intent the UI claims, and produces a signed audit receipt. The Bybit attack would have been caught.
This decoder talks to the same POST /v1/decode endpoint exchanges integrate. It's free, keyless, runs every request through Sign's authority key, and — most importantly — never trusts your wallet's UI. Try the sample below or paste your own bytes.
https://sign-api.zoza.world/v1/decode
Every entry below is a documented incident — public post-mortems linked from each row. The pattern is identical: a UI lied, a signer trusted the UI, billions moved. Sign attacks the trust assumption directly.
upgradeToAndCall swapping the implementation contract to attacker-controlled bytecode. North Korea Lazarus Group attribution. Every signer used a hardware wallet — none could read the bytes.Each row is a category competitor. Each column is a property a custody team needs. We're being precise about where we win and where we don't — Sign isn't a hardware-wallet replacement, and we don't pretend to be.
| Solution | Independent decode | Intent comparison | Signed audit receipt | Multi-chain | UI-MITM resistant |
|---|---|---|---|---|---|
| Ledger / Trezor / GridPlus Hardware wallet displays |
partial | no | no | yes | screen-only |
| MetaMask / Rabby / Frame Wallet UI decoders |
no — same UI | no | no | yes | no |
| Tenderly / BlockSec / Phalcon Simulation services |
yes | effects, not intent | no | EVM-mostly | if separate channel |
| Blockaid / Wallet Guard Risk-scoring services |
policy match | no | no | EVM-mostly | if separate channel |
| Zoza Sign This product |
yes — second channel | field-by-field | Ed25519 receipt | EVM (today) · roadmap below | yes — out-of-band |
No "we win every column" theatre. Sign is built for one job: catch UI-vs-bytes lies before $1B+ moves. Hardware wallets, simulators, and risk-scorers solve adjacent problems and Sign is happy to run alongside them.
Tests pass on green. Production is on fire. Every claim below is what Sign does under degraded conditions — not what it does in a unit test.
Receipts are idempotent by verification_id. Client retries the same intent + raw_tx pair and gets the same signed receipt — no double-billing, no duplicate alerts. Backed off-line in browser local storage so a flaky link doesn't lose the audit trail.
Free /v1/decode endpoint runs in any browser including iOS Safari. QR-paste workflow: scan raw bytes from your air-gapped signer, decode on a phone, eyeball the diff before approving on the cold device.
Sign deliberately reads bytes from the broadcast channel (what the chain will actually receive), not the UI's representation. Even if the wallet UI is owned, the bytes-on-the-wire path is what Sign checks. Bybit-class attacks lose.
Receipt records exact intent + outcome with timestamp + Ed25519 signature. Visible in any post-incident audit — not after-the-fact deniable. Doesn't prevent coercion (no wallet-level product can) but eliminates "I thought I was signing X" as a defence.
Signer pubkey is pinned in every receipt + published at /v1/authority. Quarterly rotation procedure documented. If the active key leaks, all receipts signed by that key flip from "valid" to "rotated — verify out-of-band" until the rotation log entry is public. Historical-pubkey lookup endpoint not yet shipped — see gap analysis below.
Receipts include sender, recipient, amount, timestamp, signature — exactly the fields FATF Travel Rule requires for VASP-to-VASP transfers ≥ $1,000. India RBI's 2025 draft custody framework asks for "independent transaction verification" without naming a method; Sign's receipt format is one valid implementation. Formal SOC 2 / ISO 27001 audit not yet completed — roadmap.
These are the real attacks that cost $3.025B+ since 2022. Each row is a transaction Sign's decoder + comparator processes today — we reconstruct the attack calldata in products/zoza-sign/benchmark_test.go and assert Sign returns risk_level: "critical" on every one. The test runs in CI and fails the build if any detection regresses.
| Incident | Loss | Attack class | Chain | Sign v0.3 |
|---|---|---|---|---|
| Bybit Feb 2025 · Safe UI compromise |
$1.46B | upgradeToAndCall (0x4f1ef286) |
Ethereum | ✓ critical · method |
| Ronin Bridge Mar 2022 · multisig key theft |
$625M | ERC-20 transfer, destination swap | Ethereum | ✓ critical · to |
| WazirX / Liminal Jul 2024 · multisig UI compromise |
$235M | Unlimited approve(MAX_UINT) |
Ethereum | ✓ critical · approval |
| DMM Bitcoin May 2024 · withdrawal UI compromise |
$305M | Destination swap | BTC (represented as EVM transfer in corpus) | ✓ critical · to |
| NFT drain aggregate 2023–2024 · fake mint pages |
$400M+ | setApprovalForAll (0xa22cb465) |
Ethereum | ✓ critical · approval_all |
Detection rate: 5/5 (100%). Each attack is retriggered against Sign in Go CI via TestBenchmarkCorpus_AllAttacksDetected. When the next Bybit-class heist happens, we publish its bytes here within 72 hours + a failing assertion if Sign didn't catch it.
Following the same posture as Zoza Shield: every gap on this page is a public commitment. If you're considering Sign for a regulated environment, read this section twice before the marketing.
Every item below is a known limitation. Each has an owner and a target. The list shrinks — git history on products/zoza-sign/ is authoritative. Items moved into ✓ shipped since the last revision:
GET /v1/authority/history) — shipped@zoza/sign v0.2.0 — shippedFive surfaces a security team can independently inspect — every claim above is backed by code, an endpoint, or a public log entry, not a marketing line.
Every receipt pins the Ed25519 pubkey used to sign it. The current authority key is published at sign-api.zoza.world/v1/authority — fetch it, save it, verify any receipt offline.
The live decoder above accepts a receipt JSON in addition to raw bytes. Signature verification runs in WASM in the browser — no Sign server involved in the verify path.
Sign-class miss (a Bybit-equivalent that decoder failed to flag) = $5K – $50K depending on dollar exposure. Scope and disclosure SLA published alongside Zoza Shield's program — see Shield bounty page; Sign mirrors the same rules.
The client SDK is open-source MIT (@zoza/sign on npm, github.com/CoreCogitAI/sign-js-sdk). Server-side decoder + receipt-signing code is source-available under NDA for paying customers and external auditors — broader release queued behind compliance review.
Critical bug fixed → disclosed publicly within 72h. Mirrors the Shield + Vault commitment. Quarterly transparency report (issuances, rotations, audits) published alongside.
Every change to the decoder (new method signature, new chain) ships behind a versioned endpoint (/v1/decode never breaks; new behaviour goes to /v2/decode). Old receipts stay verifiable forever.
Reads raw broadcast bytes — not what the wallet UI says. Parses chain ID, nonce, gas, destination, value, calldata, method signature. Recognizes ERC-20 transfer, approve, infinite-allowance, and contract upgrade calls.
Field-by-field diff between claimed UI intent and decoded reality. Critical-severity flag on destination address mismatch (Bybit class) and amount mismatch (skim class). Warning on type mismatch (transfer claimed, approval signed).
Ed25519 signature over {verification_id, exchange_id, status, timestamp}. Tamper-evident: change any field and signature invalidates. Customers store receipts for FATF Travel Rule + post-incident audit.
Sign runs on different infrastructure (sign-api.zoza.world) from the wallet UI. Even if the wallet stack is fully compromised, the bytes Sign sees are the bytes the chain will see. The compromise can't reach Sign's read path.
REST API, signed receipts, free decoder for end-users. Apply for an API key — we review within 24h.