Following Ethereum's$ETH recent Pectra upgrade, which introduced Ethereum Improvement Proposal 7702 (EIP-7702), malicious actors have been exploiting the new feature to target vulnerable wallets. EIP-7702 allows externally owned accounts (EOAs) to temporarily function as smart contracts, enabling advanced functionalities like batched transactions and spending limits. However, this flexibility has also opened doors for potential misuse.
Crypto trading firm Wintermute has identified a prevalent malicious contract pattern dubbed "CrimeEnjoyor." These contracts are designed to automatically sweep funds from wallets, particularly those with compromised private keys. Alarmingly, over 97% of EIP-7702 delegations have been linked to such copy-pasted malicious contracts. Despite the widespread deployment, these contracts have not been profitable, indicating that while the threat is significant, the actual impact has been limited so far.
In response, Wintermute has developed a proactive measure by creating code that injects warnings into these malicious contracts. The warning explicitly states that the contract is used by bad actors to automatically sweep incoming ETH$ETH and advises users not to send any ETH$ETH . This initiative aims to alert users and prevent inadvertent interactions with harmful contracts.
Security firms like Scam Sniffer and SlowMist have also raised concerns. Scam Sniffer reported an incident where a user lost nearly $150,000 due to malicious batched transactions linked to a phishing attack. SlowMist has urged wallet providers to implement safeguards for EIP-7702 transactions, emphasizing the need for clear displays of target contracts during user delegations to mitigate phishing risks.
While EIP-7702 offers enhanced user experience features, the current exploitation underscores the importance of robust security measures and user vigilance. Users are advised to exercise caution, especially when interacting with new contract functionalities, and to ensure the security of their private keys to protect against potential threats.
