- EIP-7702 Delegations: They have been delegated to multiple contracts using the same precise code, and are used to automatically drain ETH from hacked addresses, according to Wintermute.
- CrimeEnjoyor Contract: Short and simple, widely reused, comprising most of the EIP-7702 delegations. The market maker described it as funny, dark, and interesting.
- Notable Attacks: One wallet lost approximately $150,000 through malicious transactions in a phishing attack, according to fraud tracker Scam Sniffer.
- Limited Profitability: Draining funds has not been profitable for the attackers, as members of CrimeEnjoyors spent around 2.88 ETH to license about 79,000 addresses.
- Main Address: The address `0x8938...e704` handled more than half of the permissions (52,000 approvals).
- Money Tracking: The stolen ETH can be tracked through contract code analysis, as it is expected to flow to the address `0x6f6B...0428`, but no transfers have been recorded as of Friday.
- Recurring Pattern: This pattern seems common among other CrimeEnjoyors users.#SecurityAlert