Table of Contents
Toggle
What is EIP-7702?
EIP-7702 is one of the key proposals in the Pectra upgrade, which allows ordinary external accounts (EOAs) to temporarily possess functionalities similar to smart contract wallets during transactions. The aim is to enable numerous batch operations and set up more complex rules, ultimately enhancing user experience. However, this has now been exploited by hackers.
More Advanced Phishing Scams
Yuxian, the founder of blockchain security company Slow Mist, pointed out that the recent attack was executed by the notorious scam group Inferno Drainer, employing techniques that surpass traditional phishing. Unlike previous methods that directly stole private keys or controlled wallets, this attack utilized the interaction between users and an authorized contract supporting EIP-7702. Hackers discreetly initiated multiple token authorizations and transfer operations through functionalities within that contract.
When users mistakenly enter a phishing website and click “confirm” or “sign,” they are actually authorizing the contract to execute a batch instruction on their behalf. This instruction has already been pre-designed by the hackers, containing transfer and authorization operations. The result is that victims unwittingly signed transactions that allowed their assets to be transferred away.
Hackers Evolving with the Times
This incident represents a significant shift in scamming tactics. Yuxian noted that hackers no longer rely on traditional tricks but actively integrate the latest Ethereum technologies, making their attack methods more covert and targeted. “As we predicted earlier, scam groups have kept pace with technological advancements… Everyone must remain vigilant, as wallet assets can be emptied at any time.” He also urged users to regularly check their token authorization status and be aware of whether their wallets have been authorized by unknown addresses through EIP-7702.