Article Hub

New Ethereum ‘Pectra’ upgrade feature ‘exploited by automated wallet drainers’

A new feature within Ethereum’s recently deployed ‘Pectra’ upgrade, designed to enhance user experience, has inadvertently become a potent tool for malicious “sweeper” attacks, according to a stark analysis by crypto trading firm Wintermute. The update, specifically Ethereum Improvement Proposal (EIP) 7702, which aims to provide users with smart contract-like capabilities for their regular wallets, has seen over 80% of its initial use dedicated to a single, malicious script designed to drain unsuspecting wallets.

EIP-7702 was introduced as part of the Pectra upgrade to enable Externally Owned Accounts (EOAs – the standard Ethereum wallets) to temporarily delegate certain actions to smart contracts. This was intended to streamline user interactions, allowing for features like transaction batching, gas fee sponsorship, and more flexible authentication methods. The vision was to bridge the gap between simple EOAs and more versatile smart contract accounts, improving overall user experience without requiring users to migrate funds or deploy new contracts.

However, the reality, as uncovered by Wintermute, paints a concerning picture. Their analysis reveals that a significant majority of EIP-7702 delegations are directed towards “CrimeEnjoyor,” a simple, widely reused malicious bytecode. This script automatically “sweeps” or drains funds from wallets where users have inadvertently compromised their private keys or mnemonic phrases.

“It’s both absurd and brutal that the same copied bytecode occupies most of the EIP-7702 authorizations,” Wintermute commented on their findings. This highlights a critical vulnerability where a feature designed for convenience has been swiftly weaponized by bad actors.

The immediate consequences are already evident. Blockchain security firm Scam Sniffer reported a single instance where a user lost nearly $150,000 to a phishing attack enabled by this script. This incident underscores the urgent need for enhanced security measures and heightened user vigilance.

Security experts are weighing in, emphasizing that while EIP-7702 introduces a new vector for automated attacks, the fundamental issue often lies with compromised private keys. “It’s not actually a 7702 issue, it’s the same issue crypto has had since day one: end users struggle to secure their private keys,” stated Taylor Monahan, a security expert. “7702 just unlocks a bunch of cool abilities that make sweeping addresses more cost efficient and less tedious.”

SlowMist, another prominent blockchain security firm, also detailed the risks associated with EIP-7702 adoption, urging immediate action from wallet service providers. “Wallet service providers should quickly support EIP-7702 transactions and, when users sign delegations, should prominently display the target contract to reduce the risk of phishing attacks,” SlowMist recommended. Their founder, Yu Xian, added, “As we predicted, the phishing gangs have caught up. Everyone should be vigilant, be careful that the assets in your wallet will be taken away.”

The situation serves as a stark reminder of the ongoing cat-and-mouse game between blockchain innovation and malicious exploits. While upgrades like Pectra aim to push the boundaries of usability and functionality, they also create new attack surfaces that criminals are quick to exploit. For Ethereum users, the message is clear: exercise extreme caution when signing transactions, thoroughly vet any delegation requests, and prioritize the absolute security of your private keys.

Most Read

Article At A Glance

Article At A Glance

    Related Stories