Highlights
The recent "Pectra upgrade", meant to ease user experience, has been hijacked by automated attacks that drain wallets, says Wintermute.
Wintermute discovered that over 80% of EIP-7702 delegations, a feature introduced in Ethereum's recent upgrade, were linked to a single malicious script.
Scam Sniffer reports a single user lost close to $150,000 in a phishing attack facilitated by the script.
Wintermute, a well-known trading firm in the cryptocurrency markets, has issued an important security warning regarding Ethereum’s recent “Pectra” hard fork.
According to the company, the feature called EIP-7702, which was introduced as part of the update, is mainly abused by malicious people and user wallets are at risk.
EIP-7702 introduces an “account abstraction” feature pioneered by Ethereum co-founder Vitalik Buterin that allows wallets to temporarily act as smart contracts, allowing users to perform functions such as batching multiple transactions, having gas fees paid by someone else, and social authentication in a single transaction. However, according to data published by Wintermute via Dune Analytics, this ability is being used by malicious attackers to drain wallets.
According to Wintermute’s analysis, more than 80% of EIP-7702 delegations serve attacks called “CrimeEnjoyor,” where a simple and short smart contract is copied and reused across different addresses. This contract automatically transfers assets from wallets with leaked private keys to an address controlled by the attacker.
“The CrimeEnjoyor contract is short, simple, and widely used,” Wintermute said. “This copied bytecode now makes up the majority of all EIP-7702 delegations. It’s both ironic and dark.”
Blockchain security firm Scam Sniffer also recently announced that it had detected a malicious transaction linked to a long-known scam service called Inferno Drainer, which caused a loss of approximately $150,000. Meanwhile, another security firm, SlowMist, in its analysis of EIP-7702’s vulnerabilities, emphasized that wallet service providers should support such transactions and that it is important for users to clearly indicate the destination addresses in the contracts they sign.
Security expert Taylor Monahan believes the real problem isn't the EIP-7702 feature itself, but rather users' struggles to secure their private keys. 'The issue isn't EIP-7702, it's the same old problem of users not protecting their keys,' Monahan said."
"It's not actually a 7702 issue, its the same issue crypto has had since day one: end users struggle to secure their private keys," Monahan told the Block. "7702 just unlocks a bunch of cool abilities that make sweeping addresses more cost efficient and less tedious."
👉This is not investment advice.
