Ethereum Pectra upgrade "Hacker Delight", Wintermute warns: EIP-7702 automates attacks on a large number of contract deployments.

Ethereum's EIP-7702 was maliciously abused, and Wintermute revealed that hackers used it to automatically empty customer wallets, increasing security risks. (Synopsis: Vitalik Ethereum Expansion New Proposal: Gas Limit Increases Reduce Node Requirements and Create Some Stateless Nodes) (Background Supplement: Vitalik Publishes Ethereum Rollup Transition Mathematical Model: Towards "Full Decentralization" in Three Phases) Account abstraction features such as EIP-7702 in Ethereum's recent Pectra upgrade were originally intended to improve the user experience, but security companies and traders have warned that malicious attackers are currently exploiting them on a large scale. Cryptocurrency trading company Wintermute has warned that the feature is being used to automate the emptying of users' wallets, posing a serious threat to users' assets. EIP-7702 Design Abused, Hacker Automation Stealing Ethereum The Pectra upgrade was launched on May 7, 2025, where EIP-7702 allows externally owned accounts (EOAs) to temporarily gain smart contract functionality. However, according to T, Wintermute warned on June 1 that more than 80 percent of EIP-7702 delegates were locked to the malicious script "CrimeEnjoyor." The attacker tricks the user into signing a malicious off-chain entrustment, and all funds in the wallet can be automatically transferred. Scam Sniffer reported that users have lost nearly $150,000 as a result of such phishing attacks, more than 100,000 malicious contracts and more than 1 million wallets. Experts call on users to be vigilant and the industry urgently promotes protection mechanisms Blockchain security company SlowMist also pointed out that if the signature is 'chain_id = 0', it may trigger cross-chain replay attacks and expand the scope of risk. Security expert Taylor Monahan said: "Although EIP-7702 introduces new attack vectors, the fundamental problem is still the protection of users' private keys." Wintermute has launched a warning system to help users identify risks and work with SlowMist to suggest that wallet service providers should prominently indicate the objectives of the trust contract. According to Mitrade's analysis, wallets and decentralized applications (dApps) are actively integrating new warning mechanisms. In summary, Ethereum's EIP-7702 functionality, while convenient, also opens the door to automated attacks. Users must be vigilant, authorize only through official channels, and strengthen private key management. The industry is striving to improve security measures, but users' own careful operation remains a critical line of defense for asset security. Related reports The US SEC issued "Ethereum pledge" :P oS Stating non-securities trading, participants do not need to register No more dumping ETH? Ethereum Foundation borrows $2 million with Aave $GHO V God comments on the collapse of Nordic "cashless society": Ethereum can be used as a digital backup "Ethereum Pectra upgrade "hacker flip", Wintermute warns: EIP-7702 automates the deployment of a large number of contracts" This article was first published in BlockTempo "Dynamic Trends - The Most Influential Blockchain News Media".