- An investor lost $1.54 million to EIP-7702 phishing.
- Loss included ETH, BTC, and staked tokens.
- 90% of delegations are linked to malicious contracts.
A crypto investor lost $1.54 million on August 24, 2025, after a phishing attack using EIP-7702 transactions targeted their ETH, BTC, and staked Ethereum tokens.
The industrial phishing approach with EIP-7702 highlights vulnerabilities in digital asset security, necessitating user caution and regulatory scrutiny to prevent future mass asset losses.
EIP-7702 Phishing Exploits Lead to Massive Losses
A phishing incident involving EIP-7702 resulted in a user losing approximately $1.54 million. The attacker exploited the batch transaction capabilities, targeting ETH, BTC, and several staked tokens on Ethereum, as confirmed by SlowMist founder Cao Yun. The method involves unauthorized delegation of user EOA addresses to MetaMask, subsequently enabling attackers to transfer assets via a single contract call.
Immediate security warnings have been issued, stressing the importance of verifying websites and transaction links before executing transactions. Users are advised against granting unlimited approvals on tokens, which leave accounts vulnerable to similar threats.
**Cao Yun (Yu Xiang), Founder, SlowMist**, – “From the perspective of a phished user, it goes like this: the user opens a phishing website, a wallet signature prompt pops up, the user clicks confirm, and with just that one action, all valuable assets in the wallet address vanish in a snap.” source
Market Implications and Security Recommendations
Did you know? EIP-7702-based phishing attacks have become predominant due to the delegation feature, highlighting parallels with past vulnerabilities exploited in major exchange hacks.
Ethereum (ETH), according to CoinMarketCap, currently holds a market cap of $577.17 billion with a price of $4,781.54. It leads the market with a dominance of 14.47% and posted a 0.59% increase in 24-hour trading. Ethereum’s market presence remains substantial, showing a 31.89% rise over 30 days, notwithstanding a significant 64.31% drop in 24-hour trading volume, as reported on August 24, 2025.
Overall, experts from the Coincu research team emphasize potential long-term implications of EIP-7702 on the regulatory landscape, urging increased scrutiny and potential updates to wallet signature prompts. They foresee potential evolutions in user security protocols and stress the necessity for clearer transaction interface designs.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Source: https://coincu.com/scam-alert/crypto-investor-loses-to-eip-7702/