Scam Sniffer: Inferno Drainer Abused EIP-7702 for Background Token Authorization Attack
According to PANews, blockchain security firm Scam Sniffer has uncovered a targeted phishing attack by the group Inferno Drainer, which exploited Ethereum’s EIP-7702 to steal $150,000 in a single transaction.
The attacker utilized Ethereum’s “execute” command to initiate a malicious batch token authorization in the background, bypassing user awareness and enabling unauthorized access to wallet assets.
What Happened: Exploiting EIP-7702 for Hidden Batch Approval
Inferno Drainer’s method involved manipulating wallet interactions to obtain stealth approval for token transfers, capitalizing on user trust and smart contract complexity. The EIP-7702 feature, introduced to enhance wallet programmability, was used to silently grant permissions to attacker-controlled contracts.
This incident highlights the evolving sophistication of phishing attacks, particularly those targeting wallet authorization flows.
Security Experts Issue Warning to Ethereum Users
Blockchain security analysts advise users to take the following precautions:
Regularly check token approvals via trusted tools like Etherscan Token Approvals or Revoke.cash
Be cautious of unsolicited wallet interactions or suspicious dApps
Revoke unnecessary permissions from smart contracts not in use
“This type of attack bypasses front-end warnings by embedding malicious logic in the background,” Scam Sniffer noted. “Users must remain proactive in monitoring their wallet activity.”
