Wintermute

Wintermute warns that EIP-7702 is subject to malicious abuse, and users may be affected by automated attacks

ChainCatcher news, according to TheBlock, Wintermute recently issued a warning that the Ethereum Pectra upgrade may expose users to automated attacks. The EIP-7702 feature (account abstraction improvement) in the Ethereum Pectra upgrade is being maliciously exploited, with over 80% of authorizations being used for automated attacks. Blockchain security company Scam Sniffer recently monitored a user who lost nearly $150,000 due to a phishing attack, where the attacker deployed a copy-paste contract named "CrimeEnjoyor" that can automatically drain wallets with leaked private keys. EIP-7702, proposed by Ethereum founder Vitalik Buterin, aims to enhance user experience by temporarily granting wallets smart contract functionality, including batch processing multiple transactions, sponsoring gas fees, using biometric/social verification, and setting single transaction limits.According to Wintermute's Dune dashboard, the vast majority of EIP-7702 authorizations flow to malicious contracts with similar functions. Security expert Taylor Monahan pointed out that EIP-7702 makes draining addresses "cheaper and easier." Wintermute commented, "It's both absurd and cruel that the same copied bytecode occupies most of the EIP-7702 authorizations."BlockBeats previously reported that SlowMist founder Yu Xian stated that the biggest users of the new Ethereum mechanism EIP-7702 are theft gangs (rather than phishing organizations). EIP-7702 allows for the automatic transfer of funds from wallets with leaked private keys or mnemonic phrases through authorizations, with over 97% of EIP-7702 delegations pointing to theft contracts.
ChainCatcher Building the Web3 world with innovators