Wintermute Launches Warning System to Combat 97% of EIP-7702 Exploits

Coin WorldSunday, Jun 1, 2025 10:16 pm ET
3min read

Wintermute, a leading crypto trading firm, has introduced a new warning system designed to alert Ethereum users about malicious contracts, aiming to prevent devastating wallet-draining attacks and enhance overall transaction security. This development comes in response to the recent "Pectra" upgrade on the Ethereum network, which introduced EIP-7702, an account-abstraction feature intended to improve user experience by allowing wallets to temporarily behave like smart contracts. However, this upgrade has been exploited by malicious actors, leading to significant financial losses for unsuspecting users.

According to Wintermute's analysis, over 80% of EIP-7702 delegations have been used by a single malicious script, dubbed "CrimeEnjoyor," which automatically sweeps wallets with leaked keys and sends the contents to the attacker. This script has been widely reused, accounting for the majority of all EIP-7702 delegations. The firm's Dune dashboard revealed that the script's copy-pasted bytecode has been a primary tool for these attacks, highlighting the urgent need for enhanced security measures.

The impact of these attacks has been severe. One user, for instance, lost nearly $150,000 to a phishing attack enabled by the malicious script, as identified by a blockchain security firm. The attack was linked to the Inferno Drainer scam-as-a-service, a well-known threat in the crypto security landscape. This incident underscores the vulnerability of users' private keys, which remain a critical point of failure in the crypto ecosystem.

Security experts have weighed in on the issue, with a blockchain security firm detailing the risks associated with EIP-7702 adoption. The firm's founder emphasized the need for vigilance, stating that phishing gangs have quickly adapted to exploit the new feature. The firm recommended that wallet service providers support EIP-7702 transactions and prominently display the target contract during user sign-offs to reduce the risk of phishing attacks.

A security expert also commented on the issue, noting that the underlying problem lies in users' inability to secure their private keys. The expert pointed out that while EIP-7702 introduces new capabilities for automated attacks, the root cause remains the same: users struggle to protect their private keys. This makes sweeping addresses more cost-efficient and less tedious for attackers.

In response to these challenges, Wintermute's new warning system aims to provide an additional layer of security for Ethereum users. By alerting users to the presence of malicious contracts, the system seeks to mitigate the risk of wallet-draining attacks and enhance the overall security of transactions on the Ethereum network. This proactive approach by Wintermute underscores the importance of continuous innovation and vigilance in the rapidly evolving world of cryptocurrency.

Wintermute’s new code warns Ethereum users of malicious contracts, aiming to prevent devastating wallet-draining attacks and enhance overall transaction security. This initiative follows alarming reports of increased malicious contract activities targeting Ethereum users, underlining the critical need for protective measures. According to Wintermute’s recent findings, over 97% of EIP-7702 delegations were exploited by contracts utilizing identical code, raising significant red flags for users.

The introduction of EIP-7702 has brought innovation to Ethereum, allowing users to delegate control of their wallets. However, along with this convenience comes an alarming vulnerability. As Wintermute highlighted, this feature has been exploited by contracts designed to automatically drain wallets when users expose their private keys. The firm’s new tool aims to illuminate these risks, improving the safety of the Ethereum ecosystem.

Blockchain security is paramount, particularly given the recent incidents where unsuspecting users have lost substantial amounts of cryptocurrency. For example, one Ethereum user suffered a loss of over $146,550 due to malicious transactions made possible through EIP-7702. With over 12,000 EIP-7702 transactions executed since its deployment, the potential for further exploitation remains a pressing concern. Wintermute asserts that enhanced transparency tools are vital to distinguishing between legitimate and harmful contracts, especially for less experienced users.

Smart contracts play an essential role in the cryptocurrency landscape, offering automation and efficiency. However, the reliance on these contracts without proper verification can lead to devastating outcomes for users. CrimeEnjoyor serves as a critical countermeasure, notifying users of potentially harmful contracts. As Ethereum continues to evolve, the need for robust security measures alongside innovative features is more pressing than ever.

As the sophistication of threats increases, so does the imperative for user education. Many Ethereum users are unaware of the risks posed by EIP-7702 and similar innovations. Wintermute’s proactive approach highlights the need for continuous education and transparency within the community. By disseminating warnings and facilitating a better understanding of smart contracts, users can make informed decisions and avoid falling victim to scams.

In light of the growing threats in the cryptocurrency space, especially regarding EIP-7702, Wintermute’s CrimeEnjoyor tool represents a significant step towards enhancing user security. As malicious actors become increasingly sophisticated, users must remain vigilant and informed. Embracing security innovations and educating oneself on blockchain mechanisms can substantially mitigate the risks involved in using Ethereum and other cryptocurrencies.