Ethereum's latest protocol enhancement, EIP-7702, introduced as part of the Pectra upgrade on May 7, was intended to streamline user interactions and enhance the flexibility of transactions on the network. However, it has also inadvertently created a new opportunity for phishing scams—one that cybercriminals are already exploiting.

What Is EIP-7702 and Why Is It Important?

EIP-7702 allows Externally Owned Accounts (EOAs)—the most common type of Ethereum wallet—to temporarily operate like smart contract wallets by delegating control through a signed message. This innovation offers greater utility, as users can benefit from the programmability of smart contracts without converting their wallet type.

However, while technically impressive, the upgrade introduces new risks. Specifically, it opens a novel attack vector that fraudsters are actively leveraging to deceive users.

The Threat: Malicious Delegators Redirecting Funds

According to GoPlus Security, attackers are masquerading as legitimate “delegators.” When a user unknowingly grants delegation rights to a malicious contract, any ETH transferred to the user's wallet is immediately and automatically redirected to a scam address.

One prominent case involves the wallet 0x930f...fd0b, which, once authorized, forwards funds to a known scam destination—0x000085bad. This method effectively allows scammers to siphon ETH from victims without their further involvement or awareness.

These attacks rely heavily on social engineering, preying on users' trust in Ethereum's upgrades and the perceived legitimacy of delegation requests.

Recommendations to Stay Safe

Security experts urge users to take the following precautions:

Avoid clicking links in unsolicited emails or messages that promote EIP-7702 features or upgrades.

Only use trusted wallet applications (such as MetaMask) to access or experiment with new Ethereum functionality.

Carefully verify delegation addresses before authorizing any actions.

Never sign messages you do not fully understand.

A New Challenge for Hardware Wallets

Previously regarded as the most secure option, hardware wallets are not immune to this threat. As noted by Yehor Rudytsia from cybersecurity firm Hacken, hardware wallets can still sign malicious delegation messages if the user is tricked into doing so.

Moreover, EIP-7702 introduces a technical vulnerability by allowing signatures with chain_id = 0, enabling replay attacks across multiple EVM-compatible chains. This significantly increases the potential impact of a single compromised signature.

Multisig Wallets Offer Greater Protection

Unlike single-signature wallets, multisignature wallets remain more resilient under this new threat landscape. By requiring multiple approvals for each transaction, multisig setups help mitigate the risk posed by fraudulent delegations or message signatures.

Conclusion: Promise and Risk of EIP-7702

While EIP-7702 presents a powerful step forward in Ethereum's evolution, the early wave of exploits highlights the importance of cautious adoption. As with any transformative upgrade, new capabilities must be matched by rigorous security awareness.

Key Takeaways:

Do not authorize delegation unless you are fully confident in the source.

Ignore upgrade prompts via email or social media links—they are likely scams.

Stay informed and vigilant—the evolving Ethereum ecosystem demands it.

In the world of crypto, one click can cost everything. Proceed carefully, and prioritize security.

$ETH #EthereumSecurityInitiative #DinnerWithTrump #GENIUSAct #MerlinTradingCompetition