According to Cointelegraph, Wintermute developed code called 'CrimeEnjoyor' to inject warnings into malicious Ethereum contracts, alerting users not to send ETH.
This code targets malicious contracts that exploit the EIP-7702 feature in the Ethereum Pectra upgrade, which can automatically drain wallets that leak private keys.
Wintermute found that 97% of EIP-7702 authorizations used the same code, leading to a large amount of ETH being automatically transferred.
EIP-7702 is an optional feature, but the lack of verification makes it difficult to distinguish between legitimate and malicious contracts, especially for new users.
The Pectra upgrade also introduced EIP-725 and EIP-7691, which respectively increase the validator staking cap and improve scalability for Ethereum layer 2.
