Ethereum News Today: Ethereum’s New Upgrade Became a Weapon for $12M in Crypto Theft
Aime SummaryIn August 2025, phishing scams in the cryptocurrency sector surged, draining over $12 million from 15,000 wallets, according to reports from blockchain security firm Scam Sniffer. The figure represents a 72% increase in financial losses compared to July 2025, and a 67% rise in the number of victims, underscoring a troubling escalation in fraudulent activity across the industry. The primary mechanism behind these attacks has been the exploitation of Ethereum’s EIP-7702 standard, which was introduced to enhance wallet functionality by enabling externally owned accounts (EOAs) to temporarily function as smart contract wallets. This upgrade, while intended to improve user experience with features like transaction batching and passkey integration, has been weaponized by scammers to accelerate thefts and mislead users into signing malicious approvals [1].
The impact of these scams was particularly pronounced among high-value investors, or "whales." According to Scam Sniffer, three of the most significant incidents in August resulted in losses of $3.08 million, $1.54 million, and $1.00 million respectively, accounting for nearly 46% of the total $12 million in losses during the month [1]. These figures highlight a strategic shift in attack vectors, where scammers increasingly target larger accounts that hold substantial assets. The exploitation of EIP-7702 allowed attackers to bundle malicious transactions with seemingly legitimate requests, making it harder for victims to distinguish between genuine and fraudulent prompts [2].
Security experts have raised concerns about the widespread unawareness among users regarding these risks. Yu Xian, founder of SlowMist, a blockchain security firm, emphasized that organized criminal groups have rapidly adapted to EVM ecosystems and are leveraging the new standard to execute more sophisticated attacks. Wintermute’s Dune Analytics dashboard has further revealed that over 80% of delegate contracts tied to EIP-7702 have displayed malicious behavior since its implementation, affecting over 450,000 wallet addresses [1]. This data underscores the urgent need for heightened awareness and improved security practices among EthereumETH-- users.
To mitigate the threat, Scam Sniffer has recommended that investors remain cautious when encountering wallet prompts and take steps to verify domains before approving transactions. The firm also advised users to avoid granting broad or unlimited permissions and to be wary of prompts related to contract upgrades or mismatched transaction simulations. These guidelines are intended to counter the increasing prevalence of phishing scams that exploit the very features designed to enhance user control and convenience [2].
As phishing attacks continue to evolve and become more embedded within standard DeFi and NFT interactions, the need for proactive security measures is becoming more critical. The broader crypto industry must balance the utility of new features with the necessary safeguards to protect users from malicious exploitation. The recent surge in phishing losses reinforces the importance of education and vigilance, particularly as attackers refine their tactics to capitalize on the latest blockchain innovations [1].
Source:
[1] Crypto Phishing Attacks Surge In August As Losses Hit $12 (https://bitcoinist.com/crypto-phishing-attacks-surge-august-losses-hit-12/)
[2] Phishing scams cost users over $12M in August (https://cointelegraph.com/news/phishing-scams-cost-users-12m-august-stay-safe)
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet