Ethereum Pectra Upgrade Raises Security Concerns, Cryptocurrency Theft Gangs Abuse New Protocol
With the launch of the Ethereum Pectra upgrade, cybercriminals have begun to exploit the new protocol EIP-7702 to steal cryptocurrency from wallets with stolen private keys. This feature was intended to enhance wallet usability, but unexpectedly became a new avenue for criminals to manipulate victim wallets through malware.
EIP-7702 allows wallets to operate like smart contracts, enabling automatic transfers of stolen funds. Analysts at Wintermute found that attackers exploited 97% of EIP-7702 wallet delegations to deploy malicious contracts that siphon funds from users. These contracts automatically forward any ETH received to the attackers' own addresses, making theft easier and more discreet.
Rahul Rumalla, Chief Product Officer at Safe, stated that the attackers are likely early adopters. Wintermute's analysis indicates that most wallet delegations point to the same codebase designed to “clean out” ETH from compromised wallets. Meanwhile, over 105,000 of nearly 190,000 investigated delegated contracts are related to illegal activities.
Additionally, Koffi, a senior data analyst at Base Network, noted that over a million wallets interacted with suspicious contracts last weekend. He emphasized that attackers are not using EIP-7702 to hack wallets but are leveraging it to simplify the theft of wallets that have already exposed private keys.
At the same time, Yu Xian, founder of blockchain security company SlowMist, confirmed that the perpetrators are organized theft gangs, rather than typical phishing operators. He stated that the automation features of EIP-7702 make it particularly attractive for large-scale exploitation.
Despite the broad scale of the attackers' operations, no profits have been confirmed so far. A researcher at Wintermute pointed out that attackers have spent about 2.88 ETH authorizing over 79,000 addresses, but the target addresses generated from this exploit have not yet yielded substantial gains.
In summary, the abuse of the EIP-7702 protocol poses a threat to the security and reputation of the Ethereum network. To prevent similar incidents, the industry urgently needs deep reflection and effective solutions.
