Inferno Drainer Exploits Ethereum Upgrade, Steals $150,000

In a recent development, the blockchain security platform Scam Sniffer revealed that the phishing group Inferno Drainer has exploited the Ethereum EIP-7702 upgrade, leading to losses of nearly $150,000 from a single transaction. The EIP-7702 feature, introduced as part of the Pectra upgrade, allows an externally owned account (EOA) to temporarily acquire smart contract functionalities during transactions, creating an opportunity for misuse.
This incident marks a significant shift in phishing tactics, as highlighted by industry expert and SlowMist founder Cao Yin. Instead of directly hijacking wallets, attackers are now tricking users into invoking MetaMask’s “execute” command. This action allows for covert malicious approvals that enable asset transfers without the user's explicit knowledge, indicating a troubling evolution in the complexity of online security threats within the cryptocurrency ecosystem.

Comments
No comments yet