Blockchain Security Platform Discovers New Phishing Attack Exploiting Ethereum Update
The blockchain security platform Scam Sniffer has revealed that the phishing group Inferno Drainer has recently exploited Ethereum's EIP-7702 update feature to carry out a new type of attack, resulting in a unique loss of $150,000. EIP-7702 is a crucial part of the Pectra update, allowing externally owned accounts (EOA) to temporarily act as smart contract wallets during transactions. The attackers have used authorized MetaMask wallets to perform mass token transfer operations.
Yu Xian, founder of SlowMist Technology, emphasized that this attack signifies an improvement in phishing strategies. Instead of directly hijacking wallets, attackers are now using the "execute" command to perform malicious mass authorizations in the background. Security experts recommend that users regularly check the status of their token authorizations and verify if their wallets have been maliciously delegated using tools like Etherscan.
