EIP-7702 Vulnerabilities Exploited for $5.3M—GoPlus Now Detects Attacks in Real Time

Generated by AI AgentCoin World
Tuesday, Sep 23, 2025 2:15 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- GoPlus adds EIP-7702 attack detection to its browser plugin, enhancing Ethereum wallet security against phishing and exploitation.

- EIP-7702 vulnerabilities enabled $5.3M in losses via signature phishing and unauthorized contract interactions, targeting MetaMask users.

- The plugin uses real-time transaction simulation to detect malicious delegator contracts, blocking unauthorized EIP-7702 transactions.

- Recent attacks on DeFi platforms like QuickConverter highlight the urgency of GoPlus's solution to prevent $1M+ asset drains.

GoPlus Browser Security Plugin Adds EIP-7702 Attack Detection Feature, Enhancing Wallet Protection

GoPlus, a leading cybersecurity firm in the blockchain space, has announced the integration of EIP-7702 attack detection into its browser security plugin, offering users comprehensive protection against sophisticated phishing and exploitation techniques targeting Ethereum-based wallets. The update addresses a critical vulnerability in the EIP-7702 protocol, which has been exploited in recent attacks to siphon over $5.3 million in user funds, according to a report by

GoPlus
Security Research Institute.

The EIP-7702 protocol, designed to grant externally owned accounts (EOAs) smart contract capabilities, has become a focal point for cybercriminals. Attackers have leveraged malicious delegator contracts to execute signature phishing, privilege abuse, and unauthorized upgrades, enabling them to bypass traditional on-chain security checks such as `msg.sender == tx.origin` and `msg.sender == _owner`. For instance, the InfernoDrainer group exploited EIP-7702’s batch execution feature in MetaMask to consolidate multiple malicious transactions into a single authorization, resulting in significant asset losses for victims.

GoPlus’s new feature employs a trading simulation API to detect and intercept malicious transactions in real time. The API analyzes transaction data for anomalies associated with EIP-7702, such as unexpected delegator address changes or unauthorized contract interactions. The browser plugin, set for imminent release, will further automate this process, alerting users to suspicious activity and preventing execution of harmful transactions. This proactive approach aligns with GoPlus’s broader strategy to stay ahead of evolving attack vectors in decentralized finance (DeFi) ecosystems.

The firm has also issued security recommendations for both users and wallet providers. For users, GoPlus emphasizes the importance of private key protection and avoiding delegator authorizations via unverified web pages. Wallet providers are advised to adopt MetaMask’s security framework, which restricts delegator authorization to in-app operations and displays detailed transaction metadata to reduce phishing risks. Additionally, projects are urged to audit their EIP-7702 implementations for vulnerabilities, particularly in flash loan and reentrancy attack scenarios.

The urgency of these measures is underscored by recent attack patterns. In June 2025, hackers targeted DeFi platforms like QuickConverter and CSM funding pools using EIP-7702-based exploits, resulting in nearly $1 million in losses. Similarly, a May 2025 incident saw the InfernoDrainer group drain $146,000 in tokens from a user’s account via a forged delegator contract. GoPlus’s solution aims to mitigate such risks by providing granular visibility into EIP-7702 interactions and empowering users to revoke or modify delegator permissions instantly.

This update reflects GoPlus’s commitment to addressing the growing complexity of DeFi security challenges. By integrating advanced detection mechanisms and promoting user education, the firm positions itself as a critical ally in safeguarding Web3 assets. As EIP-7702 adoption expands, the collaborative effort between security providers, developers, and users will be vital in maintaining trust in decentralized systems.