Crypto market maker Wintermute has warned that Ethereum’s Pectra upgrade — specifically the implementation of the EIP-7702 account-abstraction feature — leaves users at higher risk of automated attacks.
EIP-7702 was designed to improve the user experience by allowing wallets to temporarily act like smart contracts, enabling features such as transaction batching, gas sponsorship, and spending limits in a single transaction.
But Wintermute’s analysis suggests that more than 90% of EIP-7702 delegations are being used by malicious actors deploying copy-pasted contracts dubbed “CrimeEnjoyor,” which automatically scan for wallets with compromised private keys and drain them.
This story is an excerpt from the Unchained Daily newsletter
To get these updates in your email for free, subscribe here.
Blockchain security firm Scam Snigger highlighted one such instance of an EIP-7702 upgraded address that was targeted by malicious actors, in which the victim lost $146,551.
SlowMist, another blockchain security firm, said that if EIP-7702 users unintentionally delegate their accounts to malicious contracts, they could become more susceptible to phishing risks.
“In case it wasn’t clear: These wallets were not hacked using 7702,” pseudonymous Base engineer 0xKofi wrote on X. “The hacker obtained the private keys without doing anything related to 7702.”
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Ethereum EIP-7702 Brings New Risks, Wintermute Says - Unchained
Crypto market maker Wintermute has warned that Ethereum’s Pectra upgrade — specifically the implementation of the EIP-7702 account-abstraction feature — leaves users at higher risk of automated attacks.
EIP-7702 was designed to improve the user experience by allowing wallets to temporarily act like smart contracts, enabling features such as transaction batching, gas sponsorship, and spending limits in a single transaction.
But Wintermute’s analysis suggests that more than 90% of EIP-7702 delegations are being used by malicious actors deploying copy-pasted contracts dubbed “CrimeEnjoyor,” which automatically scan for wallets with compromised private keys and drain them.
This story is an excerpt from the Unchained Daily newsletter
To get these updates in your email for free, subscribe here.
Blockchain security firm Scam Snigger highlighted one such instance of an EIP-7702 upgraded address that was targeted by malicious actors, in which the victim lost $146,551.
SlowMist, another blockchain security firm, said that if EIP-7702 users unintentionally delegate their accounts to malicious contracts, they could become more susceptible to phishing risks.
“In case it wasn’t clear: These wallets were not hacked using 7702,” pseudonymous Base engineer 0xKofi wrote on X. “The hacker obtained the private keys without doing anything related to 7702.”