Ethereum News Today: EIP-7702’s Power Turned Weapon—$1.5M Drained in Seconds

Generated by AI AgentCoin World
Sunday, Aug 24, 2025 10:46 am ET2min read
ETH
--
UNI
--
Aime RobotAime Summary

- A crypto investor lost $1.5M via a phishing attack exploiting Ethereum's EIP-7702 mechanism, enabling rapid token drainage through malicious contracts.

- Attackers used EIP-7702's delegation feature to execute unauthorized transactions after victims signed phishing prompts, bypassing traditional wallet security layers.

- Security firms report 90%+ of EIP-7702 delegations link to malicious contracts, urging users to verify transaction domains and reject ambiguous approvals.

- The incident highlights risks in Ethereum's account abstraction framework, with experts calling for improved wallet safeguards and user education to prevent similar attacks.

A cryptocurrency investor recently lost approximately $1.5 million following a sophisticated phishing attack that exploited Ethereum’s EIP-7702 mechanism, according to reports from several blockchain security firms. The incident, which occurred in late August, involved the use of malicious transactions disguised as legitimate

Uniswap
swaps. The attacker managed to siphon five different tokens from the victim’s wallet after the user unknowingly signed a batch of fraudulent transactions [2].

EIP-7702, introduced as part of the

Ethereum
Pectra upgrade in May 2024, was designed to improve the user experience by allowing externally owned accounts (EOAs) to temporarily delegate execution authority to smart contracts. This functionality enables features such as transaction batching, gas sponsorship, and spending limits without requiring users to transition to full smart contract wallets. However, the delegation mechanism has been weaponized by malicious actors, who have leveraged it to drain user funds with minimal user interaction [3].

Yu Xiang, founder of blockchain security firm SlowMist, highlighted the vulnerability in a post on X, explaining that the attack unfolded when a user visited a phishing website and confirmed a wallet signature prompt. Within moments, the attacker executed a sequence of transactions that effectively emptied the user’s wallet. The attack exploited the EIP-7702 feature by delegating execution control to a malicious contract, which then initiated a series of unauthorized transfers [2].

Crypto market maker Wintermute reported in June that over 90% of EIP-7702 delegations were linked to malicious contracts, many of which are simple, copy-paste scripts designed to automate the scanning and draining of vulnerable wallets [2]. These findings underscore the growing prevalence of attacks targeting the new Ethereum account abstraction framework. Security researchers and firms such as Scam Sniffer have urged users to exercise caution when interacting with smart contract-based transactions. They recommend verifying the legitimacy of the requesting domain, avoiding rushed confirmations, and rejecting signatures that appear overly broad or ambiguous [3].

The EIP-7702 mechanism, while intended to enhance flexibility and efficiency, has introduced new security risks by expanding the attack surface available to bad actors. The delegation process is theoretically revocable and limited to specific networks; however, attackers have found ways to bypass these safeguards in practice. Scam Sniffer and other security experts emphasize the importance of user education in mitigating such risks. They highlight red flags such as requests for unlimited token approvals, unexpected contract upgrades under EIP-7702, and transaction simulations that deviate from expected outcomes [2].

As Ethereum continues to evolve with innovations like EIP-7702, the crypto community must remain vigilant against emerging threats. The incident serves as a stark reminder of the need for robust security practices and proactive awareness among users. Developers and wallet providers are also urged to implement stronger safeguards, including clearer user prompts and enhanced transaction validation, to reduce the likelihood of successful attacks [2].

Source:

[1] EIP-7702 A New Era in Account Abstraction (https://www.quillaudits.com/blog/smart-contract/eip7702-new-era-in-account-abstraction)

[2] Crypto investor loses $1M in Uniswap scam exploiting Ethereum’s EIP-7702 (https://cryptoslate.com/crypto-investor-loses-1m-in-uniswap-scam-exploiting-ethereums-eip-7702/)

[3] Crypto investor loses $1M in Uniswap scam exploiting Ethereum’s EIP-7702 (https://www.bitget.com/news/detail/12560604925954)