Ethereum ETH upgrade backfires, Sweeper attack steals $150,000!

Ethereum [ETH]'s latest upgrade Pectra promised to make wallets smarter and more user-friendly. Instead, it became a gift for attackers.

Just weeks after its launch, attackers began exploiting the new feature named EIP-7702 to carry out mass automated 'sweep' attacks.

They stole nearly $150,000 from a stolen wallet, raising urgent questions about how Ethereum balances usability and security.

A promised upgrade or a playground for phishers?

Ethereum's Pectra upgrade introduced EIP-7702, allowing wallets to temporarily act as smart contracts for a better user experience.

This feature was proposed by Vitalik Buterin and supports account abstraction, allowing users to batch transactions, sponsor gas fees, and implement stricter spending controls.

Although this innovation improves the usability and security of wallets, it has also become a potential target for attacks.

Analysis from Wintermute shows that over 80% of EIP-7702 delegations were exploited by a malicious contract named 'CrimeEnjoyor'. The contract code is short and can be copied and pasted, yet it is remarkably effective.

Once it gains access to a compromised wallet (often through phishing), it immediately transfers the funds to the attacker's address.

This is large-scale automation and comes at a high cost.

Blockchain security company Scam Sniffer highlighted an incident where a victim lost nearly $150,000 in a single batch transaction related to the notorious Inferno Drainer service.

As thousands of similar transactions have been recorded, the effort to simplify Ethereum's functionality may also be accelerating the increase of its vulnerabilities.

Perhaps not the code

The core issue behind the recent wave of wallet theft attacks is not EIP-7702, but the ongoing problem of private key leaks or theft.

This new feature only allows attackers to exploit compromised wallets faster and cheaper. Security firms like SlowMist are urging wallet providers to increase visibility of contract interactions and strengthen user protections.

As Ethereum evolves, priorities must shift towards smarter wallet designs, clearer signature prompts, and better user education.

Because when basic security fails, even the most promising features can backfire.