Ethereum Phishing Scams Drain $12M in August Amid EIP-7702 Exploits

Phishing scams targeting Ethereum users surged in August 2025, leading to losses exceeding $12 million across more than 15,000 wallets. Experts warn that even experienced investors are falling victim to attacks exploiting Ethereum’s EIP-7702 standard, highlighting growing risks in the cryptocurrency ecosystem.

According to blockchain security firm Scam Sniffer, August’s losses marked a dramatic 72% increase from July, while the number of affected wallets rose by 67% month-over-month. The attacks reveal how quickly scammers adapt to new blockchain features, transforming legitimate upgrades into potential threats for unsuspecting users.

EIP-7702 Exploits Behind the Surge

Ethereum’s EIP-7702 upgrade, introduced to enhance wallet functionality, has inadvertently become a focal point for attackers. The standard allows externally owned accounts (EOAs) to temporarily operate like smart contract wallets, offering features such as batching transactions, setting spending limits, integrating passkeys, and recovering wallets without changing addresses.

While these features were designed to improve usability and security, attackers have exploited them to accelerate thefts. Scam Sniffer reports that three whale wallets alone accounted for nearly 46% of the total $12 million losses in August, with one wallet losing over $3 million in a single incident.

Security analysts explain that the convenience of EIP-7702 can backfire if users are tricked into approving malicious contract interactions. By granting unrestricted permissions or signing misleading transactions, victims unknowingly provide scammers with access to their funds.

How the Attacks Worked

Wintermute’s Dune Analytics dashboard revealed that more than 80% of delegate contracts tied to EIP-7702 displayed malicious behavior, affecting over 450,000 wallet addresses since the standard’s introduction. Organized criminal groups have leveraged these vulnerabilities across Ethereum Virtual Machine (EVM) networks, extending the reach of attacks beyond the Ethereum mainnet.

The scams often involve cleverly disguised transaction prompts, convincing users to approve seemingly routine actions. Once signed, these malicious approvals allow attackers to drain wallets, often in seconds. Even high-profile tokens like Trump’s WLFI have been targeted, proving that no project is immune to exploitation.

Expert Warnings and Recommendations

Yu Xian, founder of blockchain security firm SlowMist, emphasized that the sophistication of these attacks has grown rapidly. He noted that organized groups are continuously evolving their methods, exploiting both human error and technical loopholes.

Security firms urge Ethereum users to adopt proactive measures to protect their wallets. Key recommendations include:

• Carefully verifying domain names and contract addresses before interacting with wallet prompts.

• Avoiding rushed approvals, especially for transactions requesting broad permissions.

• Rejecting signatures that allow unlimited or excessive access to funds.

• Using hardware wallets where possible to minimize exposure to online scams.

Experts also stress the importance of education. Many victims fall prey to phishing schemes despite understanding basic security practices, illustrating that even advanced users must remain vigilant.

Broader Implications for Ethereum Users

The rise in Ethereum phishing scams underscores a growing tension between technological innovation and user security. Features like EIP-7702 are designed to enhance functionality, yet their misuse shows how quickly attackers can weaponize new tools.

Investors are reminded that the rapid pace of blockchain development requires ongoing vigilance. Wallet prompts, smart contract approvals, and new transaction capabilities should always be approached with caution, particularly when dealing with large sums or high-value assets.

The surge in phishing scams also highlights the role of whale wallets in both risk and vulnerability. Large holdings attract targeted attacks, and compromised wallets can exacerbate losses in the broader market. As more capital flows into Ethereum and EVM ecosystems, users must remain alert to evolving threats.

Conclusion

August 2025 has proven a challenging month for Ethereum users, with phishing scams exploiting EIP-7702 draining over $12 million from more than 15,000 wallets. While the upgrade enhances wallet functionality, it has also provided new avenues for attackers, emphasizing the importance of vigilance, education, and secure wallet practices.

As Ethereum continues to evolve, investors must balance the benefits of new features with the potential risks, adopting proactive measures to safeguard assets. The rise of EIP-7702 exploits serves as a cautionary reminder that in the fast-moving world of cryptocurrency, security remains as critical as innovation.