On May 26, according to the blockchain security platform Scam Sniffer, the phishing organization Inferno Drainer recently implemented a new type of attack using the Ethereum EIP-7702 upgrade feature, resulting in a single loss of approximately $150,000. EIP-7702 is a key feature in the Pectra upgrade that allows externally owned accounts (EOA) to temporarily have smart contract functionality during transactions. Attackers utilized an authorized MetaMask wallet to initiate bulk token transfer operations. Yuxian, the founder of Slow Mist, pointed out that this incident marks an upgrade in phishing strategies: attackers no longer directly hijack wallets but instead lure users into triggering the MetaMask 'execute' command, quietly executing malicious bulk authorizations in the background to complete asset transfers. (Beincrypto)

#ETH