ERA Wallet adds on-device parser and QR-only signing

ERA Wallet launched ERA Lens, an on-device transaction parser, and a QR-only signing workflow based on EIP-4527 to decode calldata before transactions are signed.

ERA Lens runs on the hardware device and converts raw calldata into plain-language fields such as the function called, token amounts, destination addresses and protocol names. If the parser cannot decode a transaction or the payload does not match a known interface, the device halts the signing flow and flags the transaction for manual review. ERA says the parser operates fully offline to prevent remote modification of decoding metadata.

Alexey Devyatkin, ERA Wallet’s founder, described ERA Lens as “a fully offline engine” and added that without an internet connection no one can alter the data stored on the device. He noted that an unrecognized transaction is a reason to verify the payload before signing.

The signing workflow requires users to scan QR codes to transmit the transaction payload between the connected app and the offline signer. ERA’s implementation excludes Bluetooth, Wi-Fi and USB connections. ERA says QR transmission allows users and independent tools to decode the same data and reduces some attack vectors tied to direct connections.

On May 12, the Ethereum Foundation and an industry working group published the Clear Signing standard to make Ethereum transaction approvals human-readable. The standard encourages developers to publish JSON metadata describing contract functions to a registry so compatible wallets can render readable approvals. ERA Wallet says its on-device parser is designed to present readable fields even when registry coverage is incomplete or when users interact with new or third-party contracts.

ERA also offers an encrypted NFC Recovery Card as an alternative to a paper seed backup. The card stores encrypted recovery data, uses PIN protection with a limited number of attempts, and is built on a chip ERA says is designed for long-term durability. The card supports single and multi-share backups. The hardware device can manage up to 10 independent wallets, each with its own seed and optional passphrase.

Industry discussion and security research identify blind signing as a recurring risk in decentralized finance. Blind signing happens when users approve transactions without readable intent, for example when a front end shows a simple summary while sending encoded calldata the signer cannot translate. The Bybit incident has been cited as an example where signers approved transactions they could not read while private keys remained protected.

ERA Wallet describes on-device decoding and QR-only signing as two protections that address both the interpretive gap in approvals and risks tied to direct connectivity.