Hacker stole $1 million from user using Ethereum’s EIP-7702
A single phishing attack resulted in a crypto investor losing almost $1 million in tokens, according to cybersecurity expert Scam Sniffer. He is believed to have unknowingly signed several malicious transactions disguised as Uniswap swaps.
According to the founder of SlowMist, the incident resulted in the victim’s crypto assets being withdrawn through a transaction using the new EIP-7702 mechanism in the blockchain. Ethereum.
From the point of view of the user who has landed on a phishing site, everything happens as follows: he opens a fake site, a request appears to confirm the signature in the wallet, the user clicks «Confirm», and after this single action, all valuable assets in the wallet instantly disappear, the expert wrote.
EIP-7702 function in Ethereum was introduced in the Pectra update to make it easier for users to use the network. It helps the wallet act as a temporary smart contract, which allows you to bundle multiple transactions, enable gas sponsorship, or set spending limits in one step. In principle, delegation can be reversed, but it depends on the specific network. However, attackers have found ways to exploit this feature.
Back in July, cryptocurrency market maker Wintermute warned that over 90% of EIP-7702 delegation was linked to malicious contracts. Many of these are simple copy-paste scripts that scan for vulnerable wallets and automatically empty them.
