Highlights
- Researchers at Wintermute have pointed out a security glitch in EIP-7702 feature of Pectra upgrade in Ethereum.
- Scammers have been draining Eth from victims' wallets using smart contracts emerging from a suspicious wallet.
- The security flaw in Ethereum's upgrade has raised concerns in the crypto community.
Ethereum’s gold run, post its much anticipated Pectra upgrade and trillion dollar security initiative, has hit an abrupt halt, after security experts pointed out that its newly introduced ‘EIP-7702’ feature is being exploited by scammers with more than 80% usage linked to a single malicious script.
According to researchers at Wintermute, a leading market maker, exploiters have targeted several unsuspicious crypto wallets with “automated sweeper” attacks using “delegate contracts”– a new feature launched as Ethereum Improvement Proposal (EIP 7702), that forms a part of Pectra upgrade introduced in Ethereum on May 7 this year.
In a series of tweets made on their official X handle, Wintermute confirmed, “our research team found that over 80% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised addresses.”
The malicious attempts to drain Eth from wallets continue even as the Ethereum Foundation announced a one trillion dollar security program on May 14, that included introducing enhanced security features for its wallets.
How did scammers exploit Ethereum’s Pectra Upgrade?
According to security experts, over 80%of the delegations were authorized for multiple contracts by copy-pasting the same source code emerging from the malicious wallet address. The security glitch allowed exploiters to drain suspecting wallets of their Eth, emerging from the same suspicious wallet address named as “crime enjoyor” by Wintermute researchers.
The security glitch in Ethereum’s recent pectra upgrade had set the conversation rolling on social media as many questioned whether the upgrade enabled scammers.
Understand Ethereum’s EIP 7702 Pectra Upgrade Here
EIP 7702 has been introduced as part of Pectra hard fork in the Ethereum blockchain ecosystem. The novel feature allows externally owned accounts (EOA) to mimic smart contract-like behaviour by delegating its execution to the smart contract.
The feature helps users to mimic smart contracts without having the need to migrate to new wallet addresses and ensuring that the EOA remains controlled by the private key of users. EIP 7702 has been touted as a vision shared by Ethereum’s founder Vitalik Buterin.
- SEC Forms International Task Force to Crack Down on Pump-and-Dump Schemes
- Justin Sun Pledges $20M Buy Following WLFI Wallet Freeze
- Expert Blames ‘Secret Committee’ for Rejecting MSTR Stock Inclusion to S&P 500
- MARA Bitcoin Treasury Nears $6 Billion, Trails Only Strategy in Public Rankings
- Senate Banking Committee Releases Updated Draft Crypto Market Structure Bill
- Chainlink Price Eyes $55 as Reserve Holdings Jump With 43,937 LINK Addition
- Cardano Price Targets 30% Surge as Top Economist Calls for Fed Cut
- ETH Price Forecast as Grayscale’s Covered Call Ethereum ETF Spurs Optimism — Is $8,500 in Sight?
- Bitcoin Price Prediction as SEC Unveils Agenda for Crypto Regulation — Is $200K Next?
- ONDO Price Prediction Amid Bitget Collaboration on Tokenized Stocks and ETFs: Is $2 Next?