Ethereum’s Pectra Upgrade leaves massive loophole for scammers

Highlights
- Researchers at Wintermute have pointed out a security glitch in EIP-7702 feature of Pectra upgrade in Ethereum.
- Scammers have been draining Eth from victims' wallets using smart contracts emerging from a suspicious wallet.
- The security flaw in Ethereum's upgrade has raised concerns in the crypto community.
Ethereum’s gold run, post its much anticipated Pectra upgrade and trillion dollar security initiative, has hit an abrupt halt, after security experts pointed out that its newly introduced ‘EIP-7702’ feature is being exploited by scammers with more than 80% usage linked to a single malicious script.
According to researchers at Wintermute, a leading market maker, exploiters have targeted several unsuspicious crypto wallets with “automated sweeper” attacks using “delegate contracts”– a new feature launched as Ethereum Improvement Proposal (EIP 7702), that forms a part of Pectra upgrade introduced in Ethereum on May 7 this year.
In a series of tweets made on their official X handle, Wintermute confirmed, “our research team found that over 80% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised addresses.”
The malicious attempts to drain Eth from wallets continue even as the Ethereum Foundation announced a one trillion dollar security program on May 14, that included introducing enhanced security features for its wallets.
How did scammers exploit Ethereum’s Pectra Upgrade?
According to security experts, over 80%of the delegations were authorized for multiple contracts by copy-pasting the same source code emerging from the malicious wallet address. The security glitch allowed exploiters to drain suspecting wallets of their Eth, emerging from the same suspicious wallet address named as “crime enjoyor” by Wintermute researchers.
The security glitch in Ethereum’s recent pectra upgrade had set the conversation rolling on social media as many questioned whether the upgrade enabled scammers.
Understand Ethereum’s EIP 7702 Pectra Upgrade Here
EIP 7702 has been introduced as part of Pectra hard fork in the Ethereum blockchain ecosystem. The novel feature allows externally owned accounts (EOA) to mimic smart contract-like behaviour by delegating its execution to the smart contract.
The feature helps users to mimic smart contracts without having the need to migrate to new wallet addresses and ensuring that the EOA remains controlled by the private key of users. EIP 7702 has been touted as a vision shared by Ethereum’s founder Vitalik Buterin.
- Cathie Wood’s Ark Invest Eyes Stake in Tether as USDT Issuer Targets $500B Valuation
- Kraken Secures $500M at $15B Valuation, Eyes IPO in 2026
- Bybit Lists Ripple’s RLUSD Following BlackRock and VanEck Integration
- SWIFT Plans Stablecoin and On-Chain Messaging Pilot on Linea, Challenging Ripple
- Breaking: U.S. PCE Inflation Rises To 2.7% YoY, Bitcoin Bounces
- Solana Price Set for Q4 Surge as Canary Capital ETF Filing Meets Wyckoff Accumulation
- Avalanche Price Could Surge to $50 as Transactions Jump 200%
- CHMPZ Price Prediction:Will This Net-Zero Community Token be the Next Gem?
- Ethereum (ETH) Price Set for a rebound as Whales Accumulate $1.6B ETH and Outflows Hit $622M
- HYPE Price Prediction As Bitwise Files For Hyperliquid ETF – Is $55 In Sight?
- Shiba Inu Price Eyes Recovery From Demand Zone With Burn Rate Soaring Nearly 400%