On May 7, 2025, Ethereum implemented EIP-7702 as part of the broader Pectra upgrade, aiming to enhance transaction flexibility and streamline user experiences. While the update introduced meaningful improvements, it has also opened the door to new phishing schemes—already being exploited by cybercriminals.
Understanding EIP-7702 and Its Significance
EIP-7702 enables Externally Owned Accounts (EOAs)—the standard Ethereum wallet type—to temporarily operate as smart contract wallets by delegating control via a signed message. This functionality offers users greater flexibility and access to programmable features without permanently migrating to a contract-based wallet.
However, this technical advancement has introduced new vulnerabilities, particularly in the realm of user-delegated permissions, creating an attractive vector for fraud.
Emerging Threat: Malicious Delegators and Fund Redirection
Security firm GoPlus Security has reported a rise in scams involving malicious actors posing as legitimate delegators. When users unknowingly sign messages that grant delegation rights to these fraudulent contracts, any ETH transferred into their wallets can be automatically redirected to scam-controlled addresses.
One notable example is the wallet 0x930f...fd0b, which, once authorized, routes funds to a known scam destination—0x000085bad. These schemes rely heavily on social engineering, exploiting trust in Ethereum's development and the perceived legitimacy of delegation mechanisms.
