Wintermute Warning: Ethereum Pectra Upgrade EIP-7702 Misused, Users Face Risk of Automated Attacks

Wintermute analysis indicates that the EIP-7702 proposal in Ethereum's recent Pectra upgrade has been widely used for malicious activities. This proposal was originally intended to enhance user experience, such as supporting batch transactions, social verification, and setting spending limits, but currently over 80% of EIP-7702 authorizations have flowed to multiple contracts deploying the same 'automatic sweeping' code.

Wintermute has named these types of contracts 'CrimeEnjoyor', which automatically transfers wallet assets after a private key leak.

Security companies Scam Sniffer and SlowMist both pointed out that this proposal has been exploited by the scam service Inferno Drainer, with users losing nearly $150,000 due to malicious batch transactions. SlowMist founder Yu Sen reminded wallet service providers to quickly support and clearly display authorization contract information to prevent phishing attacks.

Security expert Taylor Monahan pointed out that the root of the problem still lies in user private key security, 'EIP-7702 is not a vulnerability, it just makes attacks more efficient.' $ETH