Community Trust ScoreLikely Real
Ethereum’s latest technical upgrade, dubbed Pectra, was hailed as a major step forward for wallet usability and transaction efficiency. But just weeks after its implementation, the feature-packed update is drawing intense scrutiny following its apparent exploitation. One of the central components of the upgrade, EIP-7702, intended to enhance wallet flexibility and user convenience, has now been exploited in a phishing attack that drained $150,000 from an unsuspecting user — marking the first high-profile incident connected to the new protocol.
EIP-7702: From Innovation to Exploit Target
Proposed by Ethereum co-founder Vitalik Buterin, EIP-7702 was meant to enhance wallet functionality by briefly allowing user wallets to behave like smart contracts. This feature enables users to authorize advanced transaction patterns, including sponsored gas fees, custom spending limits, passkey security, and improved UX design for decentralized applications. However, the same functionality has also opened the door to more complex attack vectors.
By allowing temporary delegation to smart contracts, attackers now have a new way to gain control of user wallets, particularly if private keys are exposed. What was intended as a convenience has quickly turned into a vulnerability being actively exploited across the Ethereum ecosystem.
“CrimeEnjoyor”: The Code Behind the Attacks
The security firm Wintermute recently revealed that the overwhelming majority of wallet delegations tied to EIP-7702 are linked to a malicious smart contract nicknamed “CrimeEnjoyor.” This single, simple contract has been reused across thousands of attacks and is designed to act as a ‘sweeper’ — draining ETH from compromised wallets as soon as they receive any funds.
Wintermute reported that 97% of EIP-7702 delegations it analyzed pointed back to variations of this one script. The firm described the code as “short, simple, and widely reused,” noting that this single contract has become the dominant method attackers are using to abuse the EIP-7702 system.
In one widely reported incident, blockchain monitoring service Scam Sniffer confirmed a loss of nearly $150,000 from a single wallet. The funds were drained through a phishing campaign tied to Inferno Drainer, another notorious tool often linked to scam operations.
Security Flaws Point to Key Mismanagement, Not Just EIP-7702
While EIP-7702 is being scrutinized, experts emphasize that the protocol itself is not inherently flawed. Instead, the bigger issue appears to be ongoing weaknesses in private key management. Once a malicious actor gets access to a user’s keys, EIP-7702’s features only make exploitation easier and faster.
This has prompted security firms like SlowMist to call on wallet developers to step up their game. Their recommendation is clear: wallet providers must implement stricter safeguards and clearer visibility around permissions and contract delegations. Without this, new features aimed at improving usability could continue to be exploited for malicious purposes.
Low Financial Gains for Hackers — So Far
Despite the growing number of compromised wallets, it appears that attackers haven’t profited significantly from these EIP-7702-based exploits. Wintermute estimated that the scammers spent approximately 2.88 ETH to target around 79,000 wallets. One specific address handled over 52,000 of these contract authorizations alone.
Interestingly, the main wallets receiving stolen funds have not been actively distributing or laundering the assets. This could suggest either operational delays, difficulty in moving traceable ETH, or that the attack campaigns are still in early stages.
The Bigger Picture: Innovation vs. Risk
Ethereum’s ongoing evolution through upgrades like Pectra is a natural part of the network’s development. However, this latest incident highlights the tightrope that must be walked between innovation and security. While features like EIP-7702 offer the potential for seamless user experiences and smarter wallet capabilities, they also come with added risk — particularly when user education and security practices lag behind technological advancements.
As Ethereum continues to push forward with new capabilities, the responsibility falls not only on developers but also on wallet providers, users, and the broader community to ensure that progress doesn’t come at the expense of security. This early breach linked to EIP-7702 may be a warning sign that future innovations must be paired with equally advanced defense mechanisms.
