Ethereum's New Upgrade Turns into a Hacker's Playground: Wallets at Risk!

Holy smokes, the crypto world is buzzing with alarm bells over Ethereum's latest protocol upgrade! Security experts are sweating bullets as shady characters are using it to swipe cash from unsuspecting users' wallets.

EIP-7702, a flashy part of the Pectra upgrade rolled out earlier this year, is now under the microscope after a string of shady moves were spotted on the blockchain. Yeah, you heard that right, folks!

This brainchild of Ethereum's co-founder, Vitalik Buterin, was supposed to jazz up your standard wallets by letting them moonlight as smart contracts. Sounds cool, right? Well, not when the bad guys start knocking on your door!

These creeps are all over this new feature like flies on honey, exploiting it for all its worth.

Ethereum EIP-7702 Exploits on the Rise

Hold onto your hats, because security gurus have uncovered that a bunch of EIP-7702 delegations are connected to wallet-draining bots that kicked off their dirty work on May 30, 2025. And guess what? It all started after crypto market maker Wintermute blew the whistle on a tsunami of malicious smart contracts abusing this new delegation feature.

Sure, EIP-7702 brings the sizzle, but it's also bringing the danger. Our team's digging revealed that a whopping 97% of EIP-7702 delegations were handed over to multiple contracts using the same dodgy code. These so-called "sweepers" are out to clean you out, automatically draining your ETH like a vacuum on steroids.

And get this, these contracts, cheekily dubbed "CrimeEnjoyors," are nothing but short, slick pieces of code that scan your delegated wallets for weak spots and then swoop in to snatch your funds, funneling them to the crooks' wallets. These evil scripts are the ultimate pickpockets, silently batching up fraudulent token approvals in ways you'd never see coming.

Wintermute chimed in, saying most of these malicious contracts haven't scored yet, but some unlucky souls have already taken a hit. On May 24, 2025, the crypto anti-scam heroes at Scam Sniffer spilled the beans that one poor sap lost a cool $150,000 in ETH to a phishing scam that played dirty with an EIP-7702 delegation.

The real problem? It all boils down to those pesky compromised private keys, and EIP-7702 just makes it easier for these digital thieves to pull off their heists at lightning speed. Yu, the sharp mind behind blockchain security firm SlowMist, is sounding the alarm on how dangerous this vulnerability could get, urging everyone to stay sharp.

How to Stay Safe

Listen up, because SlowMist dropped a bombshell in March 2025: to keep your wallet safe with EIP-7702, you gotta sign smart, stick to verified contracts, and follow those smart dev practices. Do your homework before you delegate access, and steer clear of any DApps that smell fishy.

And hey, wallet providers, step up your game! Flash some serious warnings during the delegation process. It could be the difference between keeping your users safe and leaving them wide open to phishing scams.