The latest Ethereum Pectra update, featuring smart wallets, validator limit increase, and other network enhancements, unintentionally puts user wallets at high risk of an “auto-drain.” The study conducted by the Wintemute team reveals that an overwhelming 97% of these upgrade delegations are linked to malicious “sweeper” contracts.
On May 7th, the update was implemented, incorporating EIP-7702 – a proposal aimed at enabling Externally Owned Accounts (EOAs) to function as temporary smart contracts. Yet, this advancement has been tainted by malicious, repetitively used code snippets, potentially endangering many Ethereum users.
In their most recent update, the Wintermute team disclosed that about 97% of EIP-7702 wallet delegations are connected to harmful “sweeper” contracts, which have been created to automatically empty Ethereum from hacked accounts. These malicious contracts, referred to as “CrimeEnjoyor” by Wintermute, focus on wallets where private keys have been leaked, draining funds without the user’s knowledge or interaction.
While EIP-7702 offers a level of convenience, it’s crucial to note that it also presents fresh risks. Our research reveals that over 97% of EIP-7702 delegations were granted authorization to numerous contracts, all employing the same code. These are known as sweepers, which are designed to automatically transfer incoming ETH from compromised accounts without user intervention.
— Wintermute (@wintermute_t) May 30, 2025
On the Wintermute’s Dune dashboard, it is shown that more than 79,000 unique addresses are associated with these sweepers. The attackers have transferred approximately 2.88 Ether as an authorization fee for these addresses.
In order to uncover specifics, the investigative agency deciphered the harmful bytecode back into Solidity, confirming it as CrimeEnjoyor to reveal its purpose and alert users. So far, there has been no confirmation of this malicious operation leading to any exploits.
The Pectra update was designed to simplify transactions using capabilities such as transaction grouping and gas subsidization. This enhancement was advantageous for pioneers like Uniswap and JumperExchange, who handle about 95% of EIP-7702 activities on Ethereum. Yet, the absence of clarity in unauthenticated contracts has opened opportunities for manipulation due to their non-verified status.
This discovery has triggered worry within the cryptocurrency community, prompting advisors to advocate for vigilance among users. As Ethereum continues to develop, the significance of strong validation and transparent mechanisms has become increasingly vital to safeguard users against potential auto-drain hazards.
Read More
- 50 Goal Sound ID Codes for Blue Lock Rivals
- Quarantine Zone: The Last Check Beginner’s Guide
- 50 Ankle Break & Score Sound ID Codes for Basketball Zero
- Ultimate Myth Idle RPG Tier List & Reroll Guide
- Mirren Star Legends Tier List [Global Release] (May 2025)
- Lucky Offense Tier List & Reroll Guide
- Basketball Zero Boombox & Music ID Codes – Roblox
- Master the Pitch: Rematch Controls – Keyboard & Controller (Open Beta)
- Every House Available In Tainted Grail: The Fall Of Avalon
- Should You Save Vidar Or Give Him To The Children Of Morrigan In Tainted Grail: The Fall Of Avalon?
2025-06-02 15:23