A single phishing assault drained almost $1 million price of tokens from a crypto investor who unknowingly signed a batch of malicious transactions disguised as Uniswap swaps, in line with blockchain safety agency Rip-off Sniffer.
In an Aug. 22 put up on X, Yu Xiang, founding father of blockchain safety agency SlowMist, famous that the incident concerned 5 tokens siphoned via a transaction exploiting Ethereum’s new EIP-7702 mechanism.
He defined:
“From the angle of a phished person, it goes like this: the person opens a phishing web site, a pockets signature immediate pops up, the person clicks verify, and with simply that one motion, all beneficial property within the pockets tackle vanish in a snap.”
EIP-7702 was launched within the Pectra improve to streamline the Ethereum person expertise. The characteristic permits a pockets to behave like a short lived good contract, making it doable to batch a number of transactions, allow gasoline sponsorship, or set spending limits in a single step.
In precept, the delegation is revocable and network-specific. Nevertheless, attackers have discovered methods to weaponize the characteristic in apply.
Crypto market maker Wintermute has warned that the usual’s implementation is being exploited at scale. Its June evaluation confirmed that greater than 90% of EIP-7702 delegations had been linked to malicious contracts.
The agency identified that many of those contracts are easy copy-paste scripts that scan for susceptible wallets and drain their holdings mechanically.
Contemplating this, Rip-off Sniffer and Xiang urged crypto customers to take further care earlier than signing pockets requests. They advisable verifying domains, avoiding rushed confirmations, and rejecting signatures that appear unclear or overly broad.
In addition they acknowledged that a number of the purple flags that would come up embody requests for limitless token approvals, contract upgrades underneath EIP-7702, or transaction simulations that don’t match expectations.

