A single phishing attack drained nearly $1 million worth of tokens from a crypto investor who unknowingly signed a batch of malicious transactions disguised as Uniswap swaps, according to blockchain security firm Scam Sniffer.
In an Aug. 22 post on X, Yu Xiang, founder of blockchain security firm SlowMist, noted that the incident involved five tokens siphoned through a transaction exploiting Ethereum’s new EIP-7702 mechanism.
He explained:
“From the perspective of a phished user, it goes like this: the user opens a phishing website, a wallet signature prompt pops up, the user clicks confirm, and with just that one action, all valuable assets in the wallet address vanish in a snap.”
EIP-7702 was introduced in the Pectra upgrade to streamline the Ethereum user experience. The feature allows a wallet to act like a temporary smart contract, making it possible to batch multiple transactions, enable gas sponsorship, or set spending limits in one step.
In principle, the delegation is revocable and network-specific. However, attackers have found ways to weaponize the feature in practice.
Crypto market maker Wintermute has warned that the standard’s implementation is being exploited at scale. Its June analysis showed that more than 90% of EIP-7702 delegations were linked to malicious contracts.
The firm pointed out that many of these contracts are simple copy-paste scripts that scan for vulnerable wallets and drain their holdings automatically.
Considering this, Scam Sniffer and Xiang urged crypto users to take extra care before signing wallet requests. They recommended verifying domain names, avoiding rushed confirmations, and rejecting signatures that seem unclear or overly broad.
They also stated that some of the red flags that could arise include requests for unlimited token approvals, contract upgrades under EIP-7702, or transaction simulations that do not match expectations.
Mentioned in this article
Source: https://cryptoslate.com/crypto-investor-loses-1m-in-uniswap-scam-exploiting-ethereums-eip-7702/