For the reason that Pectra improve was activated on Might 7, many customers have scrambled to allow EIP-7702 sensible accounts, unaware of the dangers connected.
The improve permits Externally Owned Accounts (EOAs) to briefly act as sensible contract wallets by delegating management through a signed message. Whereas the function enhances person expertise, the EIP-7702 has additionally uncovered customers to new safety dangers that require pressing consideration.
High 7702 delegator is allegedly a phishing rip-off
Based on GoPlus Safety, on-chain information from bundlebear.com has revealed over 10k addresses utilizing sensible accounts.
GoPlus discovered that after customers authorize the malicious delegator tackle, any ETH transferred to their account will get robotically redirected to the scammer’s tackle. Supply: GoPlus Safety
Utilizing contract code decompilation, GoPlus discovered that after customers authorize the malicious delegator with the 0x930fcc37d6042c79211ee18a02857cb1fd7f0d0b tackle, any ETH transferred to their account will get robotically redirected to the scammer’s tackle.
After analyzing the code, it was revealed that after authorization, all ETH will get auto-redirected to scammer pockets 0x000085bad in what has been recognized as a complicated theft mechanism.
Each ETH transferred to victims’ wallets get auto-redirected to scammer pockets 0x000085bad. Supply: GoPlus Safety
It’s clear the scammer is exploiting the belief folks have within the Pectra improve. Whereas the risk could be very actual, some main wallets like MetaMask have been in a position to safely combine EIP-7702.
GoPlus Safety has urged customers who need to keep protected to solely belief pockets interfaces for 7702 options and deal with any exterior hyperlinks or emails asking for sensible account upgrades as scams.
It’s agreed that the EIP-7702 will work wonders for Ethereum’s UX & transaction flexibility, however it’s essential to remain alert and by no means authorize via exterior hyperlinks. GoPlus Safety warns that if anybody pushes you to “improve” outdoors your pockets, then it’s 100% a rip-off.
Different really helpful security measures embrace by no means trusting e mail/URL hyperlinks for 7702 authorization, at all times verifying contract supply code, being additional cautious with non-open-source contracts and ensuring to verify authorization addresses fastidiously.
❗WARNING❗
🚨 High 7702 Delegator Revealed as Phishing Rip-off 🚨
As hundreds rush to allow EIP-7702 sensible accounts after Pectra improve, harmful vulnerabilities have emerged. Whereas revolutionary for account abstraction, pressing safety dangers want consideration.
Particulars ⬇️
— GoPlus Safety 🚦 (@GoPlusSecurity) Might 20, 2025
{Hardware} wallets usually are not safer both
Earlier than the Pectra replace, {hardware} wallets had been deemed safer. However based on Yehor Rudytsia, on-chain researcher at Hacken, that’s now not the case.
Rudytsia says {hardware} wallets at the moment are on the similar danger as sizzling wallets from the angle of signing malicious messages. “If executed, all of the funds are gone in a second,” he stated.
Whereas there are methods to remain protected, all of them require vigilance on the a part of the customers.
“Customers shouldn’t signal the messages they don’t perceive,” Rudytsia suggested. He additionally urged pockets builders to supply clear warnings when customers are requested to signal a delegation message.
Customers must be particularly cautious of the brand new delegation signature codecs launched by EIP-7702, as they aren’t appropriate with the present EIP-191 or EIP-712 requirements. These messages usually seem as easy 32-byte hashes and should bypass regular pockets warnings.
“If a message consists of your account nonce, it’s in all probability affecting your account straight,” Usman warned. “Regular sign-in messages or offchain commitments don’t normally contain your nonce.”
Even worse, EIP-7702 permits signatures with chain_id = 0, which means the signed message will be replayed on any Ethereum-compatible chain. This implies it may be used wherever.
In comparison with {hardware} wallets, multisignature wallets stay safer beneath the Pectra improve, due to their requirement for a number of signers. Single-key wallets — {hardware} or in any other case — should undertake new signature parsing and red-flagging instruments to forestall potential exploitation.
