Ethereum’s most recent upgrade, Pectra, was expected to bring major improvements to wallet usability and security. Instead, it has triggered a wave of concern across the crypto community after being linked to a series of fast, automated attacks that drained nearly $150,000 from compromised wallets.
At the center of the controversy is a feature called EIP-7702, introduced as part of the Pectra update. The new protocol allows Ethereum wallets to behave temporarily like smart contracts, a capability that enables advanced features such as batch transactions, gas fee sponsorship, and spending limits. Initially praised for its user-centric design, EIP-7702 has now become a double-edged sword.
Just weeks after going live, malicious actors began using EIP-7702 in a series of “sweeper attacks.” These attacks are not exploiting a flaw in the upgrade itself but are instead taking advantage of stolen or leaked private keys. Once a wallet is compromised, attackers use EIP-7702’s automation features to drain funds instantly and at scale.
Security researchers at Wintermute were among the first to spot the disturbing pattern. Their analysis revealed that over 80% of delegations using EIP-7702 are tied to a single malicious smart contract labeled “CrimeEnjoyor.” The contract code is minimal, easy to replicate, and highly efficient—making it a go-to tool for hackers looking to cash in on compromised wallets.
The way these sweeper attacks work is alarmingly simple. Once attackers gain control of a wallet—usually through phishing schemes or malware—they execute a batched transaction using EIP-7702 that swiftly moves all assets to an attacker-controlled address. Victims often have no time to react. In one reported case, nearly $150,000 was drained from a single wallet in a matter of seconds, with the stolen funds linked to a well-known service used by scammers called Inferno Drainer.
The rise in these attacks has led many to question the overall impact of Ethereum’s latest innovations. While EIP-7702 was designed to enhance user experience and security, it has also streamlined the exploitation process for bad actors. The feature doesn’t create vulnerabilities by itself, but it amplifies the consequences of compromised wallets by making the theft faster, more efficient, and harder to trace.
According to blockchain security firm Scam Sniffer, the root of the issue lies not with Ethereum’s code but with poor key management and weak user protection mechanisms. As long as users remain vulnerable to phishing and social engineering attacks, any powerful tool—including well-intentioned upgrades—can be weaponized against them.
Security experts argue that the real solution lies in better wallet design and user interface improvements. Companies like SlowMist are calling for wallets to introduce clearer signing prompts, more transparent contract interactions, and smarter notification systems to warn users before harmful transactions are approved. Education also plays a key role. Many users still don’t understand how quickly they can lose control of their assets if they reveal their private keys or sign malicious contracts.
The Pectra upgrade, and particularly EIP-7702, highlights the delicate balance Ethereum developers must strike between innovation and security. While the goal is to create smarter, more flexible wallets, these changes must be paired with stronger protective measures. Otherwise, even the most promising features risk becoming tools for exploitation.
As Ethereum continues to evolve, one thing is clear: smarter features must come with smarter safeguards. Until then, users are advised to exercise extreme caution, especially when interacting with unknown contracts or signing complex transactions. In the fast-moving world of decentralized finance, convenience should never come at the cost of security.
Post Views: 14