Ethereum's Pectra Upgrade Facilitates $150,000 Wallet Drain

Generated by AI AgentCoin World
Monday, Jun 2, 2025 11:12 pm ET1min read
ETH
--

Ethereum's latest upgrade, Pectra, introduced a new feature called EIP-7702, designed to enhance wallet functionality and user experience. This feature, proposed by Vitalik Buterin, supports account abstraction, allowing users to batch transactions, sponsor gas fees, and enforce stricter spending controls. However, the upgrade has inadvertently provided attackers with a new avenue for exploitation.

Just weeks after the Pectra upgrade, attackers began leveraging EIP-7702 in a series of automated "sweeper" attacks. These attacks targeted compromised wallets, draining nearly $150,000 from a single victim. The attacks were facilitated by a malicious contract dubbed "CrimeEnjoyor," which quickly drained funds from compromised wallets to an attacker's address. The contract's code, though short and copy-pasted, proved to be alarmingly effective.

Wintermute’s analysis reveals that over 80% of EIP-7702 delegations are being used by a single malicious contract, dubbed “CrimeEnjoyor.” The contract’s code is short, copy-pasted, and alarmingly effective. Once it gains access to a compromised wallet – often through phishing – it instantly drains the funds to an attacker’s address. It’s automation at scale, and it’s proving costly.

Blockchain security firm Scam Sniffer highlighted one such incident where a victim lost nearly $150,000 in a single batched transaction linked to the notorious Inferno Drainer service. With thousands of similar transactions already recorded, it may be that features meant to simplify Ethereum are also accelerating its vulnerabilities.

The core issue behind the recent wave of wallet-draining attacks isn’t EIP-7702. It’s the continued problem of leaked or stolen private keys. The new feature simply makes it faster and cheaper for attackers to exploit already-compromised wallets. Security firms like SlowMist are urging wallet providers to improve visibility into contract interactions and strengthen user protections.

As Ethereum evolves, the priority must shift toward smarter wallet design, clearer signing prompts, and better user education. Because even the most promising features can backfire when basic security fails.