- Over 80% of EIP-7702 delegations are linked to malicious wallet-draining bots.
- Ethereum’s Pectra upgrade enables smart contract-like wallet behavior.
- Experts call for stronger private key security and user interface improvement.
Scammers are exploiting Ethereum’s new EIP-7702 feature to drain funds from wallets with compromised private keys. The upgrade, introduced on May 7 as part of Ethereum’s Pectra update, has already been linked to over 12,000 transactions involving suspicious contracts.
EIP-7702: Wallet Flexibility Feature Now an Attack Vector
EIP-7702 was developed to improve Ethereum wallet usability. It allows standard wallets to temporarily function like smart contracts, enabling features such as gas sponsorship, spending limits, and transaction batching. While the EIP-7702 feature is optional for users to activate, it has seen rapid adoption, unfortunately, by malicious actors.
Related: Ethereum’s EIP-7702 Brings Native Abstraction to Wallets With Caveats
Wintermute, a blockchain security firm, reports that more than 80% of EIP-7702 delegations are being used to enable “sweeper” contracts. These automated contracts target wallets with leaked private keys and move funds instantly to the attacker’s wallet.
The ‘CrimeEnjoyor’ Contract Behind Most Attacks
According to Wintermute’s research, a single contract, nicknamed “CrimeEnjoyor”, is responsible for the majority of wallet-draining activity. The contract’s code is simple and widely copied, making it easy for scammers to replicate.
Wintermute publicly decoded the contract’s bytecode to help wallet developers and users identify suspicious delegations. They aim to raise awareness and prompt faster community response in flagging malicious activity.
One Exploit Drained $150,000 in One Click
In one incident highlighted by the security firm Scam Sniffer, a user lost nearly $150,000 in a single batched transaction. The theft was linked to the “Inferno Drainer” scam—a well-known toolkit used by phishing groups.
Wintermute says 97% of all EIP-7702 delegations so far use nearly identical code, indicating widespread misuse of the feature.
Experts: Private Key Leaks Remain Core Vulnerability
While EIP-7702’s design is not inherently flawed, experts agree that it enables faster, cheaper automated attacks once a wallet’s private key is compromised. Taylor Monahan, a well-known crypto security advocate, stressed that the core issue is ongoing private key leakage across the ecosystem.
Security researchers are urging wallet providers to clearly display delegation targets to users. Without this transparency, users may unknowingly authorize malicious contracts.
Blockchain security firm SlowMist warned that phishing gangs have already adapted to exploit EIP-7702. As a result, wallet providers and users must remain vigilant.
Related: Can the Biggest Ethereum Upgrade Since the Merge Spark an ETH Price Rally?
Wintermute has called on the Ethereum community to report known malicious contracts and increase visibility into delegation mechanics. Their findings suggest that stronger safeguards and more transparent wallet interfaces are now critical to user safety.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
