Table of Contents
Exploitation of Ethereum’s EIP-7702 Feature Raises Alarm
Recent research by crypto trading firm Wintermute has highlighted alarming abuses of Ethereum’s latest feature, EIP-7702. Over 80% of the new delegations facilitated by this upgrade are being manipulated by attackers deploying cloned contracts, often referred to as "CrimeEnjoyor", which efficiently drain compromised wallets.
The EIP-7702 feature, introduced as part of Ethereum’s Pectra upgrade and designed to enhance user experience, enables wallets to temporarily operate like smart contracts. This functionality aims to streamline transactions by allowing batched processing, gas sponsorship, spending limits, and varied authentication methods, all consolidated within a single delegation.
Rising Threats from Malicious Automatisms
Wintermute’s analysis reveals that these new functionalities have become a double-edged sword. Attackers have taken advantage of the streamlined processes to deploy automated scripts that siphon funds from unsuspecting users. The prevalence of the “CrimeEnjoyor” contracting method, characterised by its brevity and widespread replication, has paved the way for substantial financial losses. One example cited involved a wallet losing nearly $150,000 (approximately AU$232,000) due to a malicious bundled transaction orchestrated by the "Inferno Drainer" scam service that targets EVM-compatible networks.
Cybersecurity firms such as Scam Sniffer and SlowMist are sounding the alarm on the risks associated with EIP-7702. They have stressed the importance of implementing robust security measures for both users and wallet services to mitigate the threat posed by these attacks.
"The CrimeEnjoyor contract is short, simple, and widely reused. This one copy-pasted bytecode now accounts for the majority of all EIP-7702 delegations. It’s funny, bleak, and fascinating at the same time." – Wintermute
Recommendations for User Safety
In light of these developments, Scam Sniffer has advised users to thoroughly scrutinise all transaction requests, particularly those involving signature approvals. Users are urged not to rush into signing transactions without verifying their legitimacy.
Additionally, SlowMist has called upon wallet providers to urgently adopt safeguards related to EIP-7702 transactions. Their recommendations include making the target contract clearly visible when users are prompted to sign delegations to help prevent phishing attacks.
"Wallet service providers should quickly support EIP-7702 transactions and, when users sign delegations, should prominently display the target contract to reduce the risk of phishing attacks." – SlowMist
This situation underscores the critical need for heightened vigilance among users operating in the Ethereum ecosystem. As the flexibility of Ethereum’s features continues to attract both innovation and exploitation, the responsibility falls upon both users and providers to ensure adequate security measures are in place to safeguard assets.
Conclusion
The swift ascent of EIP-7702 is a landmark advancement in Ethereum’s ongoing development, but it has also revealed vulnerabilities that can be exploited by malicious actors. Stakeholders within the crypto space are encouraged to stay informed about these security concerns, enhance their transaction verification practices, and remain alert to potential threats as they navigate this rapidly evolving landscape.
