Ethereum News Today: EIP-7702’s Power Turned Weapon in Million-Dollar Phishing Scandal

A recent phishing attack exploiting Ethereum’s EIP-7702 mechanism has left an investor with a staggering $1.54 million loss, raising significant concerns about the security implications of the protocol upgrade. The attack, which involved a batch of malicious transactions disguised as routine

Security experts, including teams at Wintermute, had previously warned that EIP-7702 delegations were being exploited at scale, with over 90% of such delegations reportedly linked to malicious contracts. These contracts, often simple copy-paste scripts, scan for vulnerable wallets and automatically siphon assets upon approval. The phishing scam that drained $1.54 million involved a fake decentralized finance (DeFi) interface that mimicked legitimate platforms, tricking the victim into authorizing what appeared to be a routine transaction. In reality, the approval unlocked hidden transfers, allowing attackers to drain the wallet almost instantly [2].

The vulnerabilities introduced by EIP-7702 have been highlighted in multiple incidents. Earlier in the summer, another investor lost $1 million in tokens and NFTs through a similar scheme. In June, a separate victim lost $66,000. These cases demonstrate a growing trend in phishing attacks that leverage the new

Security researchers and anti-fraud services, including Scam Sniffer, have urged users to exercise heightened caution when approving batch transactions. Key red flags include requests for unlimited token approvals, contract upgrades under EIP-7702, and transaction simulations that do not align with expectations. Experts stress that the malicious nature of many EIP-7702 transactions lies in their ability to appear legitimate, making them particularly dangerous for inexperienced users. They recommend verifying domain names, avoiding rushed confirmations, and using only trusted platforms to mitigate the risk of falling victim to such scams [4].

The Ethereum Foundation has yet to implement specific countermeasures to address EIP-7702-related threats, despite ongoing concerns from the security community. Analysts have called for clearer guidelines on how users should handle batch transactions and for potential updates to wallet interfaces to highlight the risks more visibly. As the use of EIP-7702 continues to grow, so does the likelihood of more sophisticated attacks. The incident serves as a stark reminder of the evolving nature of crypto threats and the importance of user education in preventing large-scale losses.

Source: [1] Ethereum’s EIP-7702 Sparks Security Concerns After Multi-Million Losses (https://cryptodnes.bg/en/ethereums-eip-7702-sparks-security-concerns-after-multi-million-losses/) [2] Crypto Investor Loses $1M in Uniswap Scam Exploiting EIP-7702 (https://finance.yahoo.com/news/crypto-investor-loses-1m-uniswap-183021483.html) [3] Analysts Warn of $1.5M Phishing Exploit Tied to Ethereum’s New EIP-7702 Feature (https://www.mitrade.com/insights/news/live-news/article-3-1064883-20250825) [4] How EIP-7702 Opens Doors to Security Vulnerabilities (https://www.onesafe.io/blog/eip-7702-ethereum-scam-security-risks) [5] User Defrauded of $1.54 Million in EIP-7702 Phishing Scam (https://intellectia.ai/news/crypto/user-loses-154-million-to-eip7702-phishing)