Ethereum’s Pectra Attack Claims First Victim, $150K Drained in EIP-7702 Phishing

Ethereum recently got a major boost with the Pectra upgrade, following the success of ‘The Merge’. One key feature, EIP-7702, promised to make wallets easier to use. But it is now facing backlash as it is being attacked by malicious actors. 

EIP-7702, proposed by Vitalik Buterin, was designed to improve Ethereum wallets by allowing them to act like smart contracts briefly. This meant easier transactions, gas fee sponsorships, and better features like spending limits and passkey authorization. But in reality, it has opened the door for scams. 

Malicious Script “CrimeEnjoyor” Exposed

Wintermute, a blockchain security firm, found that over 80% of wallet delegations are linked to one malicious script called “CrimeEnjoyor.” It hijacks wallets and instantly drains their funds to attacker-controlled addresses, all while pretending to offer a better user experience.

“Our Research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised addresses,” Wintermute, shared in a recent X post.

“The CrimeEnjoyor contract is short, simple, and widely reused. This one copy-pasted bytecode now accounts for the majority of all EIP-7702 delegations. It’s funny, bleak, and fascinating at the same time.”

Scam Sniffer reported that one wallet lost nearly $150K in a phishing scam tied to Inferno Drainer. As Ethereum adds new features, scams like this are rising, which often catch users off guard.

The Real Weakness: Private Key Safety

Experts note that the EIP-7702 isn’t the real problem, but weak key security is. Stolen or leaked private keys remain the biggest risk. Researchers warn that while 7702 makes transactions smoother, it also makes wallet-draining attacks cheaper and faster. 

Firms like SlowMist have urged the wallet providers to improve security features and make contact details more visible. Their message is that convenience should not compromise protection.

Bad Actors Didn’t Profit Much

Despite the massive wallet-draining attempts, attackers have not made a lot of profit. They spent about 2.88 ETH to target nearly 79,000 wallets. One address alone handled over 52,000 of these authorizations.

The stolen ETH is traceable, but so far, the main wallets tied to these scams have not received any funds, which means that the attacks may not be paying off yet.