BlockBeats ke mutabiq, blockchain security company Wintermute ne Ethereum ke naye upgrade "Pectra" ke aik feature EIP-7702 ke ghalat istemal ke bare mein warning di hai. Ye feature asal mein user experience ko behtar banane ke liye banaya gaya tha, lekin hackers is ka misuse kar rahe hain.
Wintermute ne bataya ke EIP-7702 ka ziada tar use (80% se bhi zyada) automatic attacks ke liye ho raha hai. Scam Sniffer naam ki ek aur security firm ne recently aik phishing attack detect kiya jisme aik user ka takreeban $150,000 ka nuqsan hua. Is attack mein hacker ne aik contract banaya jiska naam ‘CrimeEnjoyor’ tha, jo automatically un wallets ko khaali kar deta hai jinke private keys leak ho chuki hoti hain.
EIP-7702, jo Ethereum ke founder Vitalik Buterin ne propose kiya tha, ka maqsad ye tha ke wallets ko temporarily smart contract jese features mil jayein. Iska matlab tha ke users aik waqt mein multiple transactions kar saken, gas fee kisi aur se pay karwa saken, biometric ya social verification istemal kar saken, aur har transaction par limit laga saken.
Lekin ab Wintermute ne apne Dune dashboard pe dikhaya ke zyadatar authorizations (permissions) isi feature ke zariye un contracts ko ja rahe hain jo malicious (nuksan pohchane wale) hain. Security expert Taylor Monahan ne bhi kaha ke EIP-7702 ne ab addresses ko khaali karna asaan aur sasta bana diya hai.
Wintermute ne is baat par hairani ka izhar kiya ke aik hi jese (copy paste) codes ka ziada tar authorizations mein istemal ho raha hai – jo is feature ka misuse dikhata hai.
BlockBeats ki pehle ki report ke mutabiq, SlowMist ke founder Yu Jian ne bhi kaha ke is naye mechanism ka sab se ziada faida coin churaane wale log utha rahe hain, phishing attackers nahi. EIP-7702 ka use un wallets se paise nikalne ke liye ho raha hai jinke private keys ya mnemonic phrases leak ho chuke hote hain. Ab tak 97% se zyada authorizations isi tarah ke coin-stealing contracts ko diye ja chuke hain.
Nateeja:
EIP-7702 ka maksad user experience ko improve karna tha, lekin ab ye hackers ke haath mein aik naya tool ban gaya hai. Isliye crypto users ko zyada ehtiyaat aur security steps lena zaroori hai.
