{"id":1732,"date":"2025-06-02T14:23:10","date_gmt":"2025-06-02T14:23:10","guid":{"rendered":"https:\/\/bitunikey.com\/news\/ethereums-pectra-upgrade-facing-mounting-exploit-concerns\/"},"modified":"2025-06-02T14:23:10","modified_gmt":"2025-06-02T14:23:10","slug":"ethereums-pectra-upgrade-facing-mounting-exploit-concerns","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/ethereums-pectra-upgrade-facing-mounting-exploit-concerns\/","title":{"rendered":"Ethereum\u2019s Pectra upgrade facing mounting exploit concerns"},"content":{"rendered":"

<\/p>\n

\n

Concerns continue to mount over Ethereum\u2019s latest protocol upgrade as security risks attract malicious actors aiming to drain user wallets.<\/p>\n

The Ethereum Improvement Proposal EIP-7702, part of the Pectra upgrade introduced earlier this year, is drawing scrutiny across the crypto industry after numerous exploits have been observed on chain. <\/p>\n

Proposed by co-founder Vitalik Buterin, the upgrade was originally designed to enhance wallet functionality by allowing standard Ethereum wallets to temporarily behave like smart contracts.<\/p>\n

However, the feature has attracted significant attention from malicious actors exploiting its capabilities.\u00a0<\/p>\n

Ethereum EIP-7702 Exploits on the Rise<\/h2>\n

Security researchers have identified that multiple EIP-7702 delegations are linked to malicious wallet-draining bots began on May 30, 2025, after crypto market maker Wintermute flagged a surge in malicious smart contracts abusing the new delegation feature.\u00a0<\/p>\n

\n
\n
\n

While EIP-7702 brings new convenience, it also introduces new risks<\/p>\n

Our Research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised\u2026 pic.twitter.com\/xHp7zr4hC9<\/a><\/p>\n

\u2014 Wintermute (@wintermute_t) May 30, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Nicknamed \u201cCrimeEnjoyors,\u201d the contracts are short, reusable snippets of code that automatically scan delegated wallets for vulnerabilities and attempt to sweep funds to attacker-controlled addresses. These malicious scripts automate fund theft from compromised wallets by silently batching fraudulent token approvals in undetectable patterns.\u00a0<\/p>\n

<\/p>\n

While Wintermute added that many of the malicious contracts have yet to successfully extract funds, some users have already fallen victim. On May 24, 2025, crypto anti-scam platform Scam Sniffer revealed that one user lost approximately $150,000 in ETH to a phishing attack that leveraged a malicious contract using EIP-7702 delegation.<\/p>\n

\n
\n
\n

\ud83d\udea8 ALERT: An address upgraded to EIP-7702 lost $146,551 through malicious batched transactions in phishing attack. pic.twitter.com\/7GbamqOZVI<\/a><\/p>\n

\u2014 Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 24, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

The root issue often stems from compromised private keys, which EIP-7702\u2019s functionality exacerbates by enabling rapid, automated theft. Blockchain security firm SlowMist founder Yu stressed<\/a> the potential impact of the vulnerability, echoing broader calls for users to exercise vigilance.<\/p>\n

How to Stay Safe<\/h2>\n

According to a March 2025 analysis<\/a> by SlowMist, cautious signing, verified contracts, and smart development practices are key to staying safe with EIP-7702. Users are advised to verify target contracts before delegating access, and avoid interacting with suspicious DApps.<\/p>\n

Wallet providers are also urged to display clear warnings during the delegation process, which could serve as an extra layer of protection for users against phishing attempts.<\/p>\n

<\/p><\/div>\n