Since the Pectra Upgrade was activated in May with EIP‑7702, several automated attacks have been unleashed. We tell you how the situation is going, what is being done, and what you need to know to protect yourself.
🧩 1. What is EIP‑7702?
It is a strategic improvement so that EOAs (externally owned accounts) can, temporarily, act as smart wallets, allowing:
delegated execution of code (batch of transactions)
gas payment in alternative tokens (e.g., USDC)
social recovery, spending limits, etc.
🚨 2. The current problem: widespread abuse
Massive malicious use: more than 80-90% of EIP‑7702 delegations are directed to "CrimeEnjoyor" contracts that scrape funds from vulnerable wallets.
Documented cyberattacks: thefts exceeding $146K in a single episode; vulnerable wallets emptied automatically.
Low economic impact of Scammers: although they have stolen large sums, Wintermute points out that their attacks have not been very profitable, pointing to a lack of sophistication.
🛡️ 3. Warnings and countermeasures
SlowMist (Yu Jian): warns that more than 97% of delegations point to thief contracts. Urges wallets to show authorized contracts before signing.
MetaMask already alerts: it implemented controls so that only official contracts are approved and not through external links.
Wintermute / Scam Sniffer / GoPlus Security: provide recommendations:
Do not sign delegations outside of the wallet
Revoke suspicious authorizations
Verify sources before interacting.
🧭 4. What comes next?
Monitoring by SlowMist and security firms: will review functionality throughout the year; if no legitimate useful use arises, they could recommend modifying or eliminating EIP‑7702.
Ecosystem validation tests: alerts of errors in chain_id delegation are already circulating. Future fixes to correct that omission are under discussion.
Planned expansion: other EVM networks are testing Pascal-style upgrades that include EIP‑7702. E.g.: experimental BNB Chain.
📝 5. Key recommendations
Never sign upgrades from links or messages — only from the official wallet (e.g., MetaMask).
Revoke permissions regularly with tools like Revoke.cash or directly from the app.
Monitor active authorizations, especially if you use smart wallets.
Avoid delegating to unknown or unaudited contracts.
🧠 A summary to date of maximum alert
EIP‑7702 opens a powerful door to improve UX in Ethereum, but it has been exploited by attackers. Today, the ecosystem is on high alert, not to dismiss progress, but to reinforce it without compromising user security.
