Key Takeaways

• Ethereum’s EIP-7702 upgrade, designed to allow regular addresses to act like smart contracts, is being exploited by hackers in a string of sophisticated phishing attacks.

• The exploit has led to at least three major incidents this month, with a single victim losing over $1.5 million in a “sweeper” scam where tokens and NFTs were drained from their wallet in seconds.

• Security experts had previously warned about the new attack surface created by EIP-7702’s delegation mechanism, advising users to be extra cautious with unfamiliar batch transactions.

A new security vulnerability is emerging within the Ethereum ecosystem following the implementation of Ethereum Improvement Proposal 7702 (EIP-7702).

Cybercriminals have already exploited it in a series of phishing attacks.

The New Attack Surface Explained

EIP-7702 allows traditional Ethereum wallets to perform complex actions like batching transactions or delegating tasks to a specific smart contract.

This is done when a user signs an “authorization tuple signature” that gives a “sweeper” contract temporary control of their wallet. Hackers are now using this feature to execute highly convincing phishing scams.

In a recent incident, a victim was lured to a fake website and prompted to sign what seemed like a routine transaction.

In reality, they were signing a malicious delegation that gave the attacker full access to their wallet, enabling the hacker to drain over $1.5 million in tokens and NFTs within seconds.

Another user lost $1 million in a similar trap just days earlier, demonstrating the increasing frequency of these attacks.

Warnings Ignored, Dangers Escalated

The security risks of EIP-7702 were not unforeseen. Prior to its implementation, security researchers from firms like Wintermute had already flagged the potential for abuse and warned that the new delegation mechanism could be used to create contracts designed to “sweep” funds.

Security firms like Scam Sniffer are now tracking a growing number of these scams, with many of the malicious delegations pointing to identical “sweeper” contracts.

The incidents serve as a critical reminder that while protocol upgrades can bring exciting new features, they can also introduce new vulnerabilities.

Final Thoughts

EIP-7702 is a significant step toward a more user-friendly Ethereum, but it comes with a steep learning curve that hackers are eager to take advantage of. While developers work to create more secure and intuitive interfaces, the responsibility to protect funds ultimately falls on the user.

The convenience of new features should never outweigh the paramount importance of security.

Frequently Asked Questions

What is EIP-7702?
EIP-7702 is an Ethereum upgrade that allows a regular wallet to temporarily act like a smart contract, enabling it to perform advanced actions like batch transactions.

How are hackers exploiting this upgrade?
Hackers are using phishing sites to trick users into signing a malicious delegation that gives a “sweeper” smart contract permission to instantly drain all funds and NFTs from their wallet.

How can users protect themselves from this type of scam?
Users should be extremely cautious and double-check every permission request. It is advised to avoid interacting with unfamiliar interfaces and to stick to well-known and audited decentralized applications.