Ethereum News Today: A $1M Crypto Heist Reveals Ethereum’s New Vulnerability in Phishing Scams

Generated by AI AgentCoin World
Sunday, Aug 24, 2025 7:27 am ET2min read
ETH
--
UNI
--
Aime RobotAime Summary

- A crypto investor lost $1 million via a phishing scam exploiting Ethereum’s EIP-7702 standard, disguised as Uniswap swaps.

- Attackers used batch transactions to siphon tokens, leveraging EIP-7702’s gas sponsorship and spending limit features for unauthorized transfers.

- Security experts warn 90% of EIP-7702 delegations link to malicious contracts, urging users to verify domains and avoid vague transaction approvals.

- The scam highlights risks of Ethereum’s newer standards, as attackers mimic trusted platforms to exploit user unfamiliarity with batch transaction mechanics.

A cryptocurrency investor recently lost approximately $1 million after falling victim to a phishing scam that exploited Ethereum’s EIP-7702 standard. The incident occurred when the investor unknowingly signed a batch of malicious transactions that were disguised as legitimate

Uniswap
swaps. According to blockchain security firm Scam Sniffer, the attack involved the siphoning of five different tokens through the EIP-7702 mechanism [2]. The scam mimicked the user experience of popular decentralized finance (DeFi) platforms, tricking users into approving what appeared to be routine transactions [1].

EIP-7702 was introduced as part of Ethereum’s Pectra upgrade to improve the user experience by enabling batch transactions, gas sponsorship, and spending limits within a single operation. While intended to streamline processes for legitimate users, the feature has been weaponized by attackers to execute unauthorized asset transfers. Yu Xiang, founder of SlowMist, explained that the process is deceptively simple: a user opens a phishing website, a wallet signature prompt appears, and upon confirmation, the victim’s assets are drained [2]. This highlights the growing trend of exploiting Ethereum’s newer transaction standards for malicious purposes.

The phishing attack leveraged the complexity of batch transactions to obscure malicious activity. Scam Sniffer noted that many users are not yet familiar with the risks associated with EIP-7702, as the feature is relatively new. The malicious transactions were designed to appear legitimate, making it difficult for users to recognize the threat until after the damage was done. In this case, the attacker was able to drain assets almost instantly once the transaction was approved [1]. The vulnerability stems from the user’s inability to fully understand or anticipate the consequences of signing a batch transaction without clear visibility into its contents.

The issue is not isolated to a single incident. Similar scams have emerged, with one reported instance involving the theft of $1 million in non-fungible tokens (NFTs) under nearly identical conditions. These recurring incidents suggest that attackers are systematically targeting users unfamiliar with the EIP-7702 mechanism. Scam Sniffer and other security experts have emphasized that the exploitation of Ethereum’s batch transaction features is becoming a common tactic among fraudsters. The ease with which attackers can mimic trusted platforms, such as Uniswap, exacerbates the problem, as users are often lured in by the appearance of legitimacy [1].

Security experts have issued warnings about the risks associated with EIP-7702 and have urged users to exercise caution when approving any transaction involving batch operations. Yu Xiang from SlowMist advised users to verify the domain of the platform they are interacting with and to avoid approving signatures that seem vague or overly broad. Red flags include requests for unlimited token approvals, unexpected contract upgrades, and transaction simulations that do not match expected outcomes. These precautions are especially important given that over 90% of EIP-7702 delegations are linked to malicious contracts, according to a June analysis by Wintermute [2].

The ongoing exploitation of EIP-7702 underscores the need for increased education and vigilance within the crypto community. While the feature was introduced to enhance the

Ethereum
experience, its misuse has led to significant financial losses. Investors are being advised to double-check all transaction details and to use only trusted platforms. As the threat landscape evolves, the crypto industry must continue to adapt to protect users from increasingly sophisticated phishing attacks.

Source:

[1] Crypto Investor Hit by $1.54M Loss in Phishing Scam Using EIP-7702 (https://coincentral.com/crypto-investor-hit-by-1-54m-loss-in-phishing-scam-using-eip-7702/)

[2] Crypto Investor Loses $1M in Uniswap Scam Exploiting Ethereum’s EIP-7702 (https://cryptoslate.com/crypto-investor-loses-1m-in-uniswap-scam-exploiting-ethereums-eip-7702/)