The Pectra upgrade of Ethereum introduced EIP-7702, so that portfolios can temporarily function as smart contracts for a better user experience.
Proped by Vitalik Buterin, this function supports account abstraction, allowing users to batch transactions, sponsor gas costs and enforce stricter control controls.
Although this innovation improves the usability and security of wallet, it has also become a potential target for exploitation.
Source: X
Winter mute’s analysis It appears that more than 80% of the EIP-7702 delegations are used by a single malignant contract, called ‘CrimeJoyor’. The code of the contract is short, copy-adapted and alarmingly effective.
As soon as it gets access to a compromised wallet – often through phishing – it immediately leads the funds to the address of an attacker.
It is automation on a scale and it turns out to be expensive.
Source: X
Blockchain security company SCAM Sherffer marked Such an incident in which a victim lost nearly $ 150,000 in a single batch transaction linked to the infamous Inferno Drainerservice.
With thousands of comparable transactions that have already been included, it may be that functions that are intended to simplify Ethereum also accelerate the vulnerabilities.
Maybe it’s not the code
The core problem behind the recent wave of wallet-permeable attacks is not EIP-7702. It is the constant problem of leaked or stolen private keys.
The new function simply makes it faster and cheaper for attackers to exploit already compromised portfolios. Security companies like it Slow insist on portfolio providers to improve visibility in contract interactions and to strengthen user protection.
Source: X
As Ethereum evolves, the priority has to shift to a smarter wallet design, clearer signing prompts and better user education.
Because even the most promising functions can be counterproductive when the basic security fails.
Credit : ambcrypto.com
