With the launch of the Ethereum Pectra upgrade, cybercriminals have started to exploit the new protocol EIP-7702 to steal crypto assets from wallets that contain stolen private keys. This feature was originally intended to enhance wallet usability, but it has inadvertently become a new avenue for criminals to manipulate victims' wallets through malware.
EIP-7702 allows wallets to operate like smart contracts, automatically transferring stolen funds. Analysts at Wintermute found that attackers exploited 97% of EIP-7702 wallet delegations to deploy malicious contracts that siphoned funds from users. These contracts automatically forward any received ETH to the attacker’s own address, making the theft of funds easier and more discreet.
Safe's Chief Product Officer Rahul Rumalla stated that the attacker is likely one of the early adopters. Analysis by Wintermute shows that most wallet delegations point to the same codebase, aimed at "clearing" ETH from compromised wallets. At the same time, in a survey of nearly 190,000 delegation contracts, over 105,000 are associated with illegal activities.
According to Koffi, a senior data analyst at Base Network, over one million wallets interacted with suspicious contracts last weekend. He emphasized that the attackers did not use EIP-7702 to hack wallets but rather to simplify the theft of wallets that already had exposed private keys.
At the same time, Yu Xian, the founder of the blockchain security company SlowMist, confirmed that the perpetrators were an organized theft gang rather than typical phishing operators. He stated that the automation features of EIP-7702 make it particularly attractive for large-scale exploitation.
Despite the broad scale of the attacker's operations, profitability has not been confirmed to date. A researcher from Wintermute pointed out that the attacker has spent about 2.88 Ether authorizing over 79,000 addresses, but the target addresses generated by the attacker exploiting this vulnerability have not yielded substantial gains.
In summary, the EIP-7702 protocol has been abused, posing a threat to the security and reputation of the Ethereum network. To prevent similar incidents from occurring, the industry urgently needs to reflect and find effective solutions.
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Ethereum Pectra upgrade raises security concerns, Crypto Assets theft gangs exploit new protocol
With the launch of the Ethereum Pectra upgrade, cybercriminals have started to exploit the new protocol EIP-7702 to steal crypto assets from wallets that contain stolen private keys. This feature was originally intended to enhance wallet usability, but it has inadvertently become a new avenue for criminals to manipulate victims' wallets through malware.
EIP-7702 allows wallets to operate like smart contracts, automatically transferring stolen funds. Analysts at Wintermute found that attackers exploited 97% of EIP-7702 wallet delegations to deploy malicious contracts that siphoned funds from users. These contracts automatically forward any received ETH to the attacker’s own address, making the theft of funds easier and more discreet.
Safe's Chief Product Officer Rahul Rumalla stated that the attacker is likely one of the early adopters. Analysis by Wintermute shows that most wallet delegations point to the same codebase, aimed at "clearing" ETH from compromised wallets. At the same time, in a survey of nearly 190,000 delegation contracts, over 105,000 are associated with illegal activities.
According to Koffi, a senior data analyst at Base Network, over one million wallets interacted with suspicious contracts last weekend. He emphasized that the attackers did not use EIP-7702 to hack wallets but rather to simplify the theft of wallets that already had exposed private keys.
At the same time, Yu Xian, the founder of the blockchain security company SlowMist, confirmed that the perpetrators were an organized theft gang rather than typical phishing operators. He stated that the automation features of EIP-7702 make it particularly attractive for large-scale exploitation.
Despite the broad scale of the attacker's operations, profitability has not been confirmed to date. A researcher from Wintermute pointed out that the attacker has spent about 2.88 Ether authorizing over 79,000 addresses, but the target addresses generated by the attacker exploiting this vulnerability have not yielded substantial gains.
In summary, the EIP-7702 protocol has been abused, posing a threat to the security and reputation of the Ethereum network. To prevent similar incidents from occurring, the industry urgently needs to reflect and find effective solutions.
#以太坊安全 # Crypto Assets theft #协议漏洞 # EIP7702