24/7 Cryptocurrency News

Ethereum’s Pectra Upgrade leaves massive loophole for scammers

Security experts have pointed out a flaw in EIP 7702 feature in pectra upgrade of Ethereum that allows exploiters to drain Eth from wallets.
Published by
Ethereum’s Pectra Upgrade leaves massive loophole for scammers

Highlights

  • Researchers at Wintermute have pointed out a security glitch in EIP-7702 feature of Pectra upgrade in Ethereum.
  • Scammers have been draining Eth from victims' wallets using smart contracts emerging from a suspicious wallet.
  • The security flaw in Ethereum's upgrade has raised concerns in the crypto community.

Ethereum’s gold run, post its much anticipated Pectra upgrade and trillion dollar security initiative, has hit an abrupt halt, after security experts pointed out that its newly introduced ‘EIP-7702’ feature is being exploited by scammers with more than 80% usage linked to a single malicious script.

According to researchers at Wintermute, a leading market maker, exploiters have targeted several unsuspicious crypto wallets with “automated sweeper” attacks using “delegate contracts”– a new feature launched as Ethereum Improvement Proposal (EIP 7702), that forms a part of Pectra upgrade introduced in Ethereum on May 7 this year.

In a series of tweets made on their official X handle, Wintermute confirmed, “our research team found that over 80% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised addresses.”

The malicious attempts to drain Eth from wallets continue even as the Ethereum Foundation announced a one trillion dollar security program on May 14, that included introducing enhanced security features for its wallets.

How did scammers exploit Ethereum’s Pectra Upgrade?

According to security experts, over 80%of the delegations were authorized for multiple contracts by copy-pasting the same source code emerging from the malicious wallet address. The security glitch allowed exploiters to drain suspecting wallets of their Eth, emerging from the same suspicious wallet address named as “crime enjoyor” by Wintermute researchers.

The security glitch in Ethereum’s recent pectra upgrade had set the conversation rolling on social media as many questioned whether the upgrade enabled scammers.

Understand Ethereum’s EIP 7702 Pectra Upgrade Here

EIP 7702 has been introduced as part of Pectra hard fork in the Ethereum blockchain ecosystem. The novel feature allows externally owned accounts (EOA) to mimic smart contract-like behaviour by delegating its execution to the smart contract.

The feature helps users to mimic smart contracts without having the need to migrate to new wallet addresses and ensuring that the EOA remains controlled by the private key of users. EIP 7702 has been touted as a vision shared by Ethereum’s founder Vitalik Buterin.

Share
Vaibhav Jha

Vaibhav Jha is a seasoned journalist with a decade long experience working for national and international media organizations. His passion is writing and he has a penchant for research and storytelling. As a crypto news editor, Vaibhav comes on board with his journalistic skills and editorial wisdom to ensure every story is vetted, fact checked and reviewed to ensure highest editorial standards.

Published by
Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Recent Posts

  • 24/7 Cryptocurrency News

Ethena Labs Secures Fresh Funding From ArkStream Capital, ENA Price Spikes

Ethena Labs has secured fresh funding from ArkStream Capital as it expands its ecosystem in…

September 6, 2025
  • 24/7 Cryptocurrency News

SEC Forms International Task Force to Crack Down on Pump-and-Dump Schemes

The U.S. Securities and Exchange Commission has launched a task force designed to tackle cross-border…

September 6, 2025
  • 24/7 Cryptocurrency News

Justin Sun Pledges $20M Buy Following WLFI Wallet Freeze

Justin Sun Justin Justin Sun responded to World Liberty Financial freezing his wallet by promising…

September 6, 2025
  • 24/7 Cryptocurrency News

Expert Blames ‘Secret Committee’ for Rejecting MSTR Stock Inclusion to S&P 500

Michael Saylor's Strategy (NASDAQ: MSTR) missed the inclusion in the S&P 500 index on Friday,…

September 6, 2025
  • 24/7 Cryptocurrency News

MARA Bitcoin Treasury Nears $6 Billion, Trails Only Strategy in Public Rankings

MARA announced that it now holds $5.9 billion worth of Bitcoin. This cements its position…

September 6, 2025
  • 24/7 Cryptocurrency News

Senate Banking Committee Releases Updated Draft Crypto Market Structure Bill

The U.S. Senate Banking Committee has released an updated version of the draft Crypto Market…

September 6, 2025