The post Crypto Criminals are Exploiting Ethereum Pectra’s EIP-7702 appeared on BitcoinEthereumNews.com.

Ethereum’s recently introduced smart wallet feature, EIP-7702, is under scrutiny after blockchain security researchers uncovered cybercriminals’ misuse of it. Following the Pectra upgrade, several wallet providers have begun integrating EIP-7702 features. Analysts at Wintermute, a crypto trading firm, noted that attackers used 97% of EIP-7702 wallet delegations to deploy contracts designed to drain funds from unsuspecting users. Hackers Use Ethereum’s EIP-7702 to Automate Mass Wallet Drainings EIP-7702 temporarily allows externally owned accounts (EOAs) to operate as smart contract wallets. The upgrade enables features like transaction batching, spending limits, passkey integration, and wallet recovery—all without changing wallet addresses. While these upgrades aim to enhance usability, malicious actors are leveraging the standard to speed up fund extractions. Instead of moving ETH manually from each compromised wallet, attackers now authorize contracts that automatically forward any received ETH to their own addresses. “No doubt attackers are one of the early adopters of new capabilities. 7702 was never meant to be a silver bullet and it does have great use cases,” Rahul Rumalla, Chief Product Officer at Safe, said. Wintermute’s analysis shows that most of these wallet delegations point to identical codebases designed to “sweep” ETH from compromised wallets. Ethereum’s EIP-7702 Transactions Delegate Approval. Source: Dune These sweepers automatically transfer any incoming funds to attacker-controlled addresses. Out of nearly 190,000 delegated contracts examined, more than 105,000 were linked to illicit activity. Koffi, a senior data analyst at Base Network, explained that over a million wallets interacted with suspicious contracts last weekend. He clarified that attackers didn’t use EIP-7702 to hack the wallets but to streamline theft from wallets with already exposed private keys In case it wasn’t clear: These wallets were not hacked using 7702. The hacker obtained the private keys without doing anything related to 7702. And, since they have the keys, they could transfer…

---

Filed under: News - @ May 31, 2025 4:28 pm