A new security advisory is urging developers and users in the Internet Computer ecosystem to take extra care with certain wallet login methods, after researchers flagged a phishing risk in IC-SIW implementations for Ethereum, Bitcoin and Solana.
The advisory focuses on the “Sign-In With” flows, often used to connect external wallets to decentralised applications running on the Internet Computer. These systems are designed to make onboarding easier by linking a familiar wallet address to an ICP principal, which acts as a user identity on the network.
However, the concern is that current implementations may not properly account for which website is requesting the sign-in.
According to the advisory, the mapping between a wallet address and an ICP principal can occur regardless of the domain initiating the request. That opens the door for phishing attacks, where a malicious actor could create a fake website that looks legitimate and prompt users to sign in.
In a potential scenario outlined by the advisory, an attacker could register a lookalike domain and trick a user into approving a sign-in request. If successful, the attacker may gain access to a delegation that could allow control over the user’s IC principal, including associated funds or permissions.
Phishing remains one of the most common attack methods across crypto, and login flows are often a key target because they sit at the entry point between users and applications. While the Internet Computer has built a reputation for strong identity infrastructure, the advisory highlights that cross-chain wallet connections introduce new layers of complexity.
The document suggests several ways the ecosystem could strengthen protections.
One option is verifying the origin of the application directly within the wallet interface, though this would require broader support across the SIW standards.
Another approach is using passkeys as an added layer of authentication, particularly for sensitive or high-value operations.
A third recommendation is adopting the ICRC-21 call consent messages standard, which would introduce clearer transaction-level authorisation so users can better understand what they are approving before signing.
The advisory does not suggest that exploitation is widespread, but it serves as an early warning for developers building on these sign-in systems and for users interacting with new or unfamiliar domains.
As multi-chain access becomes more common across decentralised networks, security researchers continue to stress that convenience must be matched with stronger safeguards, especially when identity and asset control are closely linked.
Dear Reader,
Ledger Life is an independent platform dedicated to covering the Internet Computer (ICP) ecosystem and beyond. We focus on real stories, builder updates, project launches, and the quiet innovations that often get missed.
We’re not backed by sponsors. We rely on readers like you.
If you find value in what we publish—whether it’s deep dives into dApps, explainers on decentralised tech, or just keeping track of what’s moving in Web3—please consider making a donation. It helps us cover costs, stay consistent, and remain truly independent.
Your support goes a long way.
🧠 ICP Principal: ins6i-d53ug-zxmgh-qvum3-r3pvl-ufcvu-bdyon-ovzdy-d26k3-lgq2v-3qe
🧾 ICP Address: f8deb966878f8b83204b251d5d799e0345ea72b8e62e8cf9da8d8830e1b3b05f
Every contribution helps keep the lights on, the stories flowing, and the crypto clutter out.
Thank you for reading, sharing, and being part of this experiment in decentralised media.
—Team Ledger Life
Community Discussion