Wintermute has recently issued a warning that the EIP – 7702 feature in Ethereum’s Pectra upgrade is being maliciously exploited. Over 80% of authorizations are being used for automated attacks.
EIP – 7702, proposed by Ethereum founder Vitalik Buterin, aims to enhance user experience by enabling wallets to temporarily function as smart contracts. It allows for batch processing of multiple transactions, sponsoring gas fees, using biometric or social verification, and setting single – transaction limits. However, according to Wintermute’s Dune dashboard, the vast majority of EIP – 7702 authorizations are flowing to malicious contracts with identical functions. These contracts can automatically empty wallets with leaked private keys.
Blockchain security firm Scam Sniffer has detected that a user lost nearly $150,000 due to a phishing attack related to this. Security expert Taylor Monahan has pointed out that EIP – 7702 makes emptying addresses “cheaper and less labor – intensive”. In addition, SlowMist founder Cosine has stated that the main users of EIP – 7702 are coin – stealing gangs, not phishing organizations. EIP – 7702 allows for the automatic transfer of funds from wallets with leaked private keys or mnemonic phrases through authorization, and over 97% of EIP – 7702 delegations point to coin – stealing contracts.
Users are advised to ensure the security of their private keys, be vigilant against phishing attacks, and verify the legality of target contracts before authorizing or transacting. Wallet service providers should promptly support EIP – 7702 transactions and prominently display target contracts when users sign delegations to reduce the risk of phishing attacks. Developers are urged to update their codebases as soon as possible, avoid treating EOAs as passive accounts, and adopt industry – standard re – entry protection measures and more rigorous logical constraints to reduce potential attack surfaces.
Related topic:
