Recently, a new type of phishing scam targeting Ethereum wallets has shocked the blockchain community. Hackers successfully stole $146,551 worth of encryption assets by exploiting features in Ethereum's latest upgrade EIP-7702. According to a report from blockchain security company SlowMist, the attackers initiated malicious batch transactions through MetaMask's EIP-7702 Delegator, bypassing the wallet's traditional security mechanisms.
EIP-7702 was supposed to be an upgrade, but has it become a vulnerability?
EIP-7702 is a recent upgrade proposal launched by Ethereum that allows wallet users to perform batched transactions through "Delegator". This was originally intended to improve operational efficiency and programmability, but has now been exploited by hackers as a channel for stealing assets.
Through this new feature, scam groups are able to silently approve token transfers without fully authorizing the user, effectively opening a backdoor behind the user's back.
MetaMask users are the first to be targeted, hackers silently harvest.
In this incident, hackers deployed a malicious Delegator contract to lure users into interacting with it, thereby executing batch transactions to extract assets. A MetaMask user fell victim, suffering a loss of up to 146,551 dollars.
The founder of SlowMist, Yu Xian, stated that there are increasing cases of phishing attacks targeting new features. Hackers have quickly adapted to the upgrade pace of Ethereum and have begun deploying fraudulent strategies targeting new features.
The hidden hand reappears: Inferno Drainer
This attack has been attributed to the notorious hacking group Inferno Drainer. According to a report by Check Point Research on May 7, 2025, the group has been linked to over 30,000 wallet attack incidents in the past six months, resulting in a total loss of 9 million dollars.
Inferno Drainer is known for its specially designed phishing websites and fraudulent smart contracts, and it utilizes the latest Blockchain features to further upgrade its phishing techniques. This time, the EIP-7702 incident once again confirms their level of activity.
Security providers had already issued a warning: malicious addresses exposed.
In fact, on May 20, 2025, the blockchain security company GoPlus Security warned the community that a malicious Delegator address related to EIP-7702 was circulating. This warning became a precursor to the outbreak of this attack, but it also highlighted the insufficient response of users and the entire DeFi ecosystem when facing new upgrades.
April Fraud Wave: Over 7500 Wallets Affected, Losses Exceed 5.3 Million USD
This incident is not an isolated case. In April 2025, the entire encryption ecosystem faced a wave of large-scale phishing scams, with a total of 7,565 wallets compromised and asset losses reaching up to 5.3 million dollars. It is evident that scam techniques are constantly evolving, and users' risks are also increasing.
How can users protect themselves? Be wary of new features and avoid authorization traps.
In the face of fraud attacks implemented through new features, users must be particularly vigilant. The following suggestions can effectively enhance security:
Avoid clicking on links provided by unknown websites or DApps.
Verify the content and address of each transaction authorization.
Maintain a skeptical attitude towards smart contracts and functions that have not been widely verified.
Use blockchain security extension tools like Pocket Universe or ScamSniffer to assist in determining transaction safety.
The advancements of Ethereum bring more possibilities to the ecosystem, but it also means that hacker toolkits are being upgraded simultaneously. Only by staying vigilant can one protect their assets in this race of upgrades and confrontations.
This article discusses how hackers exploited the new Ethereum upgrade EIP-7702 to steal over $140,000! MetaMask Wallet has become the new target, first reported on Chain News ABMedia.
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Hackers used the new Ethereum upgrade EIP-7702 to steal over 140,000 USD! MetaMask Wallet has become the new target.
Recently, a new type of phishing scam targeting Ethereum wallets has shocked the blockchain community. Hackers successfully stole $146,551 worth of encryption assets by exploiting features in Ethereum's latest upgrade EIP-7702. According to a report from blockchain security company SlowMist, the attackers initiated malicious batch transactions through MetaMask's EIP-7702 Delegator, bypassing the wallet's traditional security mechanisms.
EIP-7702 was supposed to be an upgrade, but has it become a vulnerability?
EIP-7702 is a recent upgrade proposal launched by Ethereum that allows wallet users to perform batched transactions through "Delegator". This was originally intended to improve operational efficiency and programmability, but has now been exploited by hackers as a channel for stealing assets.
Through this new feature, scam groups are able to silently approve token transfers without fully authorizing the user, effectively opening a backdoor behind the user's back.
MetaMask users are the first to be targeted, hackers silently harvest.
In this incident, hackers deployed a malicious Delegator contract to lure users into interacting with it, thereby executing batch transactions to extract assets. A MetaMask user fell victim, suffering a loss of up to 146,551 dollars.
The founder of SlowMist, Yu Xian, stated that there are increasing cases of phishing attacks targeting new features. Hackers have quickly adapted to the upgrade pace of Ethereum and have begun deploying fraudulent strategies targeting new features.
The hidden hand reappears: Inferno Drainer
This attack has been attributed to the notorious hacking group Inferno Drainer. According to a report by Check Point Research on May 7, 2025, the group has been linked to over 30,000 wallet attack incidents in the past six months, resulting in a total loss of 9 million dollars.
Inferno Drainer is known for its specially designed phishing websites and fraudulent smart contracts, and it utilizes the latest Blockchain features to further upgrade its phishing techniques. This time, the EIP-7702 incident once again confirms their level of activity.
Security providers had already issued a warning: malicious addresses exposed.
In fact, on May 20, 2025, the blockchain security company GoPlus Security warned the community that a malicious Delegator address related to EIP-7702 was circulating. This warning became a precursor to the outbreak of this attack, but it also highlighted the insufficient response of users and the entire DeFi ecosystem when facing new upgrades.
April Fraud Wave: Over 7500 Wallets Affected, Losses Exceed 5.3 Million USD
This incident is not an isolated case. In April 2025, the entire encryption ecosystem faced a wave of large-scale phishing scams, with a total of 7,565 wallets compromised and asset losses reaching up to 5.3 million dollars. It is evident that scam techniques are constantly evolving, and users' risks are also increasing.
How can users protect themselves? Be wary of new features and avoid authorization traps.
In the face of fraud attacks implemented through new features, users must be particularly vigilant. The following suggestions can effectively enhance security:
Avoid clicking on links provided by unknown websites or DApps.
Verify the content and address of each transaction authorization.
Maintain a skeptical attitude towards smart contracts and functions that have not been widely verified.
Use blockchain security extension tools like Pocket Universe or ScamSniffer to assist in determining transaction safety.
The advancements of Ethereum bring more possibilities to the ecosystem, but it also means that hacker toolkits are being upgraded simultaneously. Only by staying vigilant can one protect their assets in this race of upgrades and confrontations.
This article discusses how hackers exploited the new Ethereum upgrade EIP-7702 to steal over $140,000! MetaMask Wallet has become the new target, first reported on Chain News ABMedia.