Ethereum’s latest enhancement, EIP-7702, which incorporates an account abstraction feature, has been introduced to improve user interface by allowing wallets to emulate smart contract functionalities. While this addition alongside the Pectra update is designed to broaden capabilities, it has also sparked a surge in nefarious activities focused on exploiting these new functionalities.
What Does the New Feature Offer?
EIP-7702 enables wallets to act like smart contracts temporarily, incorporating features like batched transactions and spending controls tied to various authentication processes. This innovation mainly aims to simplify core transactions and augment security measures, as advocated by Ethereum’s co-founder, Vitalik Buterin. The update is also efficient in gas fee management, enabling multiple transactions to be executed through a single delegation.
How is Security Being Threatened?
Despite these advancements, the analysis reveals an alarming trend where over four-fifths of EIP-7702 delegations have fallen prey to fraudulent “CrimeEnjoyor” contracts. These cloned contracts are skillfully architected to allow hackers to reroute digital assets from weak spots within wallets, creating a sizable risk for users.
The simplicity and common use of the “CrimeEnjoyor” contract highlight the stark irony of this security issue, presenting considerable dangers within the EIP-7702 frameworks.
Blockchain security analysts such as Scam Sniffer and SlowMist report considerable asset losses for users. For example, one owner suffered a loss equaling roughly $150,000 through a single transaction that employed batch processing and phishing tactics.
- Analyze signature requests carefully in digital wallets to avoid security traps.
- Wallet providers are urged to promptly implement security protocols for smooth EIP-7702 transitions.
- Stay vigilant about unauthorized or unverified transaction prompts to safeguard resources.
To mitigate such threats, experts advise users to rigorously evaluate signature prompts and avoid rushing through transactions. Furthermore, wallet providers are encouraged to integrate necessary defenses quickly.
Providers should urgently align support for EIP-7702 with clear disclosures around intended contract delegations to curb phishing risks.
As EIP-7702 seeks to improve user experiences in the Ethereum network, it also introduces severe security challenges. It is crucial for users to practice caution and for wallet services to robustly bolster their security frameworks to avert potential financial setbacks.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.
Source: https://en.bitcoinhaber.net/hackers-exploit-new-ethereum-feature