Urgent security risk: Ethereum’s EIP-7702 Pectra already infected by phishing scammers

Source Cryptopolitan

Since the Pectra upgrade was activated on May 7, many users have scrambled to enable EIP-7702 smart accounts, unaware of the risks attached. 

The upgrade enables Externally Owned Accounts (EOAs) to briefly act as smart contract wallets by delegating control via a signed message. While the feature enhances user experience, the EIP-7702 has also exposed users to new security risks that require urgent attention.

Top 7702 delegator is allegedly a phishing scam

According to GoPlus Security, on-chain data from bundlebear.com has revealed over 10k addresses using smart accounts.

Urgent security risk: Ethereum's EIP-7702 Pectra already infected by phishing scammers
GoPlus found that once users authorize the malicious delegator address, any ETH transferred to their account gets automatically redirected to the scammer’s address. Source: GoPlus Security

Using contract code decompilation, GoPlus found that once users authorize the malicious delegator with the 0x930fcc37d6042c79211ee18a02857cb1fd7f0d0b address, any ETH transferred to their account gets automatically redirected to the scammer’s address.

After analyzing the code, it was revealed that after authorization, all ETH gets auto-redirected to scammer wallet 0x000085bad in what has been identified as a sophisticated theft mechanism.

Urgent security risk: Ethereum's EIP-7702 Pectra already infected by phishing scammers
Every ETH transferred to victims’ wallets get auto-redirected to scammer wallet 0x000085bad. Source: GoPlus Security

It is clear the scammer is exploiting the trust people have in the Pectra upgrade. While the threat is very real, some leading wallets like MetaMask have been able to safely integrate EIP-7702.

GoPlus Security has urged users who want to stay safe to only trust wallet interfaces for 7702 features and treat any external links or emails asking for smart account upgrades as scams.

It is agreed that the EIP-7702 will work wonders for Ethereum’s UX & transaction flexibility, but it is crucial to stay alert and never authorize through external links. GoPlus Security warns that if anyone pushes you to “upgrade” outside your wallet, then it’s 100% a scam.

Other recommended safety measures include never trusting email/URL links for 7702 authorization, always verifying contract source code, being extra cautious with non-open-source contracts and making sure to check authorization addresses carefully.

Hardware wallets are not safer either

Before the Pectra update, hardware wallets were deemed safer. But according to Yehor Rudytsia, on-chain researcher at Hacken, that is no longer the case.

Rudytsia says hardware wallets are now at the same risk as hot wallets from the perspective of signing malicious messages. “If done, all the funds are gone in a moment,” he said.

While there are ways to stay safe, they all require vigilance on the part of the users.

“Users should not sign the messages they do not understand,” Rudytsia advised. He also urged wallet developers to provide clear warnings when users are asked to sign a delegation message.

Users need to be especially cautious of the new delegation signature formats introduced by EIP-7702, as they are not compatible with the existing EIP-191 or EIP-712 standards. These messages often appear as simple 32-byte hashes and may bypass normal wallet warnings.

“If a message includes your account nonce, it’s probably affecting your account directly,” Usman warned. “Normal sign-in messages or offchain commitments don’t usually involve your nonce.”

Even worse, EIP-7702 allows signatures with chain_id = 0, meaning the signed message can be replayed on any Ethereum-compatible chain. This means it can be used anywhere.

Compared to hardware wallets, multisignature wallets remain more secure under the Pectra upgrade, thanks to their requirement for multiple signers. Single-key wallets — hardware or otherwise — will have to adopt new signature parsing and red-flagging tools to prevent potential exploitation.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Bitcoin volatility drops to third-lowest level since 2012 amid rise in BTC treasury companiesBitcoin (BTC) trades above $108,000 on Tuesday following a steady decline in its volatility in the first half of the year, marking the third-lowest H1 volatility since 2012.
Author  FXStreet
Yesterday 02: 11
Bitcoin (BTC) trades above $108,000 on Tuesday following a steady decline in its volatility in the first half of the year, marking the third-lowest H1 volatility since 2012.
placeholder
AUD/NZD inches higher to near 1.0900 as RBNZ maintains Official Cash Rate at 3.25%AUD/NZD holds ground after the Reserve Bank of New Zealand (RBNZ) decided to stand pat on the policy rate after six consecutive cuts, trading around 1.0890 during the Asian hours on Wednesday.
Author  FXStreet
Yesterday 03: 03
AUD/NZD holds ground after the Reserve Bank of New Zealand (RBNZ) decided to stand pat on the policy rate after six consecutive cuts, trading around 1.0890 during the Asian hours on Wednesday.
placeholder
Ethereum Price Turns Positive — More Upside Likely if Momentum HoldsETH is now consolidating gains and might aim for a fresh move above $2,620.
Author  NewsBTC
Yesterday 03: 26
ETH is now consolidating gains and might aim for a fresh move above $2,620.
placeholder
Jeff Bezos sold nearly 3 million Amazon shares for $665.8 million in early JulyJeff Bezos has sold nearly three million shares of Amazon in the first two days of July, offloading a total of $665.8 million.
Author  Cryptopolitan
23 hours ago
Jeff Bezos has sold nearly three million shares of Amazon in the first two days of July, offloading a total of $665.8 million.
placeholder
Gold price slides further below $3,300, over one-week low amid a firmer USDGold price (XAU/USD) trades with a negative bias below the $3,300 mark during the Asian session on Wednesday and drops to a one-and-a-half-week low in the last week.
Author  FXStreet
21 hours ago
Gold price (XAU/USD) trades with a negative bias below the $3,300 mark during the Asian session on Wednesday and drops to a one-and-a-half-week low in the last week.
goTop
quote