TechFlow news, June 2 — According to TheBlock, Wintermute recently issued a warning that the EIP-7702 feature (an account abstraction improvement) in Ethereum's Pectra upgrade is being maliciously abused, with over 80% of authorizations used for automated attacks. Blockchain security firm Scam Sniffer recently detected a user losing nearly $150,000 due to a phishing attack, where the attacker deployed a copy-paste contract named "CrimeEnjoyor" capable of automatically draining wallets with leaked private keys. EIP-7702, proposed by Ethereum founder Vitalik Buterin, enhances user experience by temporarily granting wallet smart contract functionality, enabling batch transaction processing, gas fee sponsorship, biometric/social recovery, and setting per-transaction spending limits.
Wintermute's Dune dashboard shows that the vast majority of EIP-7702 authorizations are directed toward identical malicious contracts. Security expert Taylor Monahan noted that EIP-7702 makes draining addresses "cheaper and easier." Wintermute commented, "It’s both absurd and brutal—identical copied bytecode dominates most EIP-7702 authorizations."
Previously reported by BlockBeats, Yu Xian, founder of SlowMist, stated that the biggest users of Ethereum's new mechanism EIP-7702 are cryptocurrency theft groups (rather than phishing organizations). EIP-7702 enables automatic fund transfers from wallets with leaked private keys or seed phrases, with over 97% of EIP-7702 delegations pointing to theft contracts.
