Ethereum’s EIP-7702 Upgrade Exploited by Attackers: What You Need to Know

$150K Stolen in Ethereum EIP-7702 Attack Linked to Infamous Inferno Drainer Scam

Ethereum’s recent EIP-7702 upgrade, part of the “Pectra” hard fork, was designed to enhance user experience by enabling wallets to act temporarily like smart contracts. This allows for batching multiple actions, sponsoring gas fees, using passkeys or social authentication, and setting spending limits within a single transaction. Originally proposed by Ethereum co-founder Vitalik Buterin, the upgrade promised greater flexibility and efficiency for users.

Widespread Exploitation of EIP-7702 Delegations

However, according to crypto trading firm Wintermute’s analysis, over 80% of EIP-7702 delegations have been exploited by attackers. These delegations authorize contracts running nearly identical copy-pasted code, which automatically “sweep” wallets with leaked private keys, funneling stolen assets directly to the attacker-controlled contract. Wintermute dubbed this malicious contract “CrimeEnjoyor” due to its simple yet widely reused bytecode.

Wintermute commented on X, “The CrimeEnjoyor contract is short, simple, and widely reused. This one copy-pasted bytecode now accounts for the majority of all EIP-7702 delegations. It’s funny, bleak, and fascinating at the same time.”

High-Profile Theft and Security Concerns

Security firm Scam Sniffer recently uncovered a wallet that lost nearly $150,000 in a single malicious batched transaction linked to the infamous Inferno Drainer scam-as-a-service, a persistent threat in the crypto space. Additionally, blockchain security company SlowMist warned about the risks of EIP-7702, urging wallet providers to support the upgrade quickly while ensuring that users are made fully aware of which contracts they are delegating to, in order to reduce phishing risks.

SlowMist’s founder, Yu Xian, tweeted, “As we predicted, the phishing gangs have caught up. Everyone should be vigilant, be careful that the assets in your wallet will be taken away.”

The Root Issue: Compromised Private Keys

Despite the new attack vector introduced by EIP-7702, security expert Taylor Monahan emphasized that the fundamental problem remains the same: compromised private keys. She told The Block, “It’s not actually a 7702 issue, it’s the same issue crypto has had since day one: end users struggle to secure their private keys. 7702 just unlocks a bunch of cool abilities that make sweeping addresses more cost efficient and less tedious.”

Disclaimer: This article is for informational purposes only and does not constitute investment advice. Cryptocurrencies and stocks, particularly in micro-cap companies, are subject to significant volatility and risk. Please conduct thorough research before making any investment decisions.