A phishing attack has caused a cryptocurrency investor to lose nearly 1 million USD after unintentionally signing a series of malicious transactions disguised as swaps on Uniswap, according to a report from the blockchain security company Scam Sniffer.
On August 22, Yu Xiang – the founder of SlowMist – stated that the incident involved 5 types of tokens stolen through the new EIP-7702 mining mechanism transaction of Ethereum.
He explained: “From the perspective of the attacked user, the process unfolds as follows: they open a phishing website, a wallet signing dialog appears, they click confirm, and with that one action, all valuable assets in the wallet disappear immediately.”
EIP-7702 and new risks
EIP-7702 was introduced in the Pectra upgrade to improve the Ethereum user experience. This feature allows wallets to function as temporary smart contracts, enabling multiple transactions to be executed simultaneously, allowing gas fees to be funded or setting spending limits in just one step.
In principle, this delegation right can be revoked and only applies to a specific network. However, in practice, the attacker has found a way to exploit this mechanism.
Warnings from the security community
Market maker Wintermute warns that the deployment of this standard is being widely exploited. Analysis from June by the company showed that over 90% of EIP-7702 delegations were related to malicious contracts. Many contracts are simply copy-paste code, automatically scanning and withdrawing assets from vulnerable wallets.
Scam Sniffer and Yu Xiang recommend that users be cautious before signing requests from wallets. Preventive measures include: carefully checking the domain name, not confirming hastily, and rejecting ambiguous signatures or those with overly broad scopes.
Some warning signs include: requests for unlimited spending permissions, contract upgrades under EIP-7702, or simulating transactions that do not meet expectations.