Inferno Drainer Exploits Ethereum EIP-7702 in Evolving Phishing Tactics Targeting Crypto Wallets
The post Inferno Drainer Exploits Ethereum EIP-7702 in Evolving Phishing Tactics Targeting Crypto Wallets appeared on BitcoinEthereumNews.com.
Inferno Drainer, a known phishing group, is leveraging Ethereum’s EIP-7702 to silently drain wallets. The malicious attackers used a delegated MetaMask wallet and batch authorizations to steal $150,000. This marks a shift in phishing tactics as scammers begin integrating new features into their schemes. A notorious phishing group exploits Ethereum’s EIP-7702, uncovering a new dimension of wallet-draining tactics that demands user vigilance. Sophisticated Crypto Phishing Scam Exploits Ethereum’s Smart Wallet Flexibility On May 24, Scam Sniffer, a web3 anti-scam platform, flagged a case where a wallet recently upgraded to EIP-7702 lost nearly $150,000. According to Yu Xian, founder of blockchain security firm SlowMist, Inferno Drainer carried out the theft using a more sophisticated version of traditional phishing methods. Unlike previous scams that hijack user wallets directly, Xian explained that Inferno Drainer utilized a delegated MetaMask wallet—one already authorized under EIP-7702. This innovative approach allowed the hackers to approve token transfers silently through a batch authorization process. Xian further noted that the victim unknowingly triggered an “execute” command within MetaMask, which processed the malicious batch data in the background. The result was a silent but effective token drain. “The phishing gang uses this mechanism to complete batch authorization operations on tokens related to the victim’s address,” Xian stated. The security expert emphasized that this incident signifies a **shift** in scam tactics. According to him, it illustrates that attackers are no longer relying solely on old strategies; they are actively integrating new Ethereum updates into their operations to stay ahead. “As we predicted, the phishing gangs have caught up… Everyone should be vigilant, be careful that the assets in your wallet will be taken away,” Xian cautioned. In light of this, he urged users to review token authorizations regularly and check whether their wallet addresses have been delegated to phishing accounts via…
Filed under: News - @ May 25, 2025 4:17 pm