The Final Word for
Multisig Signing.

Stop crossing your fingers before every $1M signature. Safe OpenSig eliminates blind signing for signers who can't afford a mistake.

Download App Read the story

Free and open source.

Trusted by professional treasury managers and foundations

World

"OpenSig makes hardware wallet signing with Safe actually usable. We need more shots on target for the blind signing problem, and this one lands."

Jan

Jan

Safe Foundation

// the problem

Your Ledger shows a hash.
Not what it means.

Every Safe multisig transaction ends the same way. You review a hash on a small screen and press confirm. You trust the interface showed you the truth. You hope nothing was tampered with between the browser and your device.

What the interface shows

USDC

Send 100.00 USDC

to 0xAb92...3f1d

Network Ethereum
Signers 2 of 3 confirmed
Nonce #47
Confirm
Reject
The Gap

What your Ledger shows

Review transaction

0x7f4e8d2a9c1b...

Reject

Approve

No visibility into actual consequences

Blind signing is how treasuries lose funds. The Bybit treasury lost $1.4B because signers confirmed a hash without verifying its consequences. The frontend showed one transaction. The contract executed another.

// how opensig closes the gap

End Blind Signing.
Verify Every Consequence.

Four independent verification mechanisms. Each one catches what the others miss.

Safe OpenSig Transaction Preview showing balance changes, allowances, and warnings
01 / Simulate

Reveal the truth.

Raw transaction data is just bytes and hex. You trust your wallet to decode it, but that trust can be exploited.

Safe OpenSig runs a local EVM simulation. See what tokens will transfer, what approvals will be granted, whether the transaction is malicious.

Know before you commit.

Ledger device showing Review Transaction alongside OpenSig phone app with matching data
02 / Mirror

Zero discrepancy.

Safe OpenSig shows a pixel perfect mirror of your Ledger Nano S, S+, or X before you sign.

Works with the Ledger you already own.

Consensus Verification panel showing three nodes verified and Ground Truth Confirmed
03 / Prove

Trust math, not providers.

Most wallets trust a single RPC provider. If it's compromised, you're signing based on lies.

Safe OpenSig verifies against multiple independent nodes using cryptographic proofs. All nodes must agree, or the simulation is rejected.

Mathematical certainty. Not hope.

Confirm tx...

Compromised?

Safe OpenSig app showing verified transaction preview

Isolated

04 / Isolate

Independent. Isolated. Secure.

OpenSig runs on your phone, completely separate from the browser where you use Safe. A compromised browser can't reach it.

Your verification channel is physically isolated from your signing environment.

No shared execution context.

// how it works

Four steps. One verification.

Construct

Build your transaction in the Safe UI as usual. Nothing changes.

Simulate

OpenSig runs a local EVM simulation. See a human-readable summary of what will happen.

Verify

Results are validated against independent nodes with cryptographic proofs.

Preview

See a 1:1 mirror of your Ledger screen before you commit. Then sign with confidence.

// the difference

Current workflow vs. OpenSig.

Verification
Today

Confirm hash on Ledger. Hope it matches.

With OpenSig

Full simulation with exact asset movements.

Screen preview
Today

Small screen, truncated addresses.

With OpenSig

Full display with complete breakdown.

Compromised UI
Today

No defense. Interface lies, you sign.

With OpenSig

Independent verification on a separate device.

Audit trail
Today

No record of what signers verified.

With OpenSig

Cryptographic proof of what was shown.

// community

What people are saying

Blind signing must die. The Safe ecosystem is working to solve this problem and Candide's OpenSig does exactly this.

Safe
Safe
@safe

Blind signing has been a weak point in onchain security for far too long. Today, @candidelabs is releasing Safe OpenSig, a verification instrument for Safe multisig signers. Proud to have supported the team building this.

World Foundation
World Foundation
@worldcoinfnd

It is kind of crazy that blind signing was ever treated as an acceptable default. Good to see @candidelabs ship Safe OpenSig for Safe multisig signers. Useful product. Real problem.

George Serntedakis
George Serntedakis · World
@0xgioser

OpenSig is amazing; it shows you all kinds of warnings like: balance, approvals, allowances, owner changes, contract implementation changes and a final byte by byte comparison for your ledger device. Blind signing is a real problem and @candidelabs are solving it.

Borislav Itskov
Borislav Itskov · Ambire Wallet
@borislavItskovv

certified banger

dcbuilder.eth
dcbuilder.eth · World
@dcbuilder

I tried the app and was really impressed with the UX. I just loved it.

Nitish
Nitish
@Nekotish
// pricing

Verify, Don't Trust.

Others charge 0.05% per signature. On $5M, that's $2,500 every time.

OpenSig has no fees per transaction. No markup on gas. No variable fee on transfers. No third-parties, period.

Pro is free for a limited time during launch.

Community

$0

forever

Safe tx Hash Decoding
Reconstruct the Safe transaction hash locally to ensure the data on your screen matches exactly what you see on Safe UI
Ledger Mirror
Perform physical to digital hash matching in an isolated environment to prevent blind signing errors
Bring Your Own Node
Bring your own node for total sovereignty
Simulation (via BYO Node)
Use your own nodes to run a pre-flight of transactions and preview state changes
MPT Proofs (via BYO Node)
Use your own node connection to run Merkle Patricia Trie proofs for cryptographic state validation
FREE AT LAUNCH

Pro

$49 $0

per seat / month

Everything in Community
Simulation (zero-config)
Automatically decodes complex hexadecimal data into a clear summary of asset inflows, outflows, and contract interactions
MPT Proofs (zero-config)
Uses independent nodes to fetch eth_getProof data, cryptographically proving the blockchain state is real and unmanipulated
Managed infrastructure
Access managed security that automates the entire verification process without the need to manage your nodes or technical setup

Institution

$10k

per team / year

Everything in Pro
Signed local audit logs
Automatically generates a cryptographically signed Proof of Diligence for every transaction, ready for board level audits
Multi-signer oversight
Standardize a high integrity signing workflow across your entire team with shared security policies
Phone call support
Get a direct line to our security engineering team for custom contract decoders and priority infrastructure assistance
Talk to us
// sign with certainty

A clarity layer. Not a wallet.

Sign with certainty.

OpenSig doesn't replace Safe. It gives every signer the verification they deserve. Free and open source.

Download App What blind signing means

iOS and Android. Works with Ledger Nano S, S+, and X.

Support us with your Donation

Safe is a trademark of the Safe Ecosystem Foundation. Ledger, Nano S, Nano X, and Nano Plus are trademarks of Ledger SAS. Safe OpenSig is an independent verification instrument developed by Candide Labs and is not affiliated with, sponsored by, or endorsed by Safe or Ledger.