- Scammers exploit Ethereum’s new EIP-7702 feature; over 80% usage links to a single malicious automated draining operation.
- Wintermute researchers found identical code authorizations enabling “sweeper” contracts that automatically steal ETH from compromised user wallets.
A newly introduced Ethereum feature faces misuse. Security experts report scammers actively exploit EIP-7702, part of the recent Pectra upgrade. More than 80% of its usage links to a single malicious operation, according to market maker Wintermute. This finding interrupts positive momentum following Ethereum’s upgrade and a large security funding announcement.
Wintermute researchers identified the exploit pattern. Attackers use “automated sweeper” attacks targeting vulnerable crypto wallets. These attacks leverage “delegate contracts,” a functionality enabled by EIP-7702. The Pectra upgrade activated this feature on the Ethereum network on May 7th.
Wintermute detailed their findings publicly.
“Our research team found that over 80% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code,” they stated. “These are sweepers, used to automatically drain incoming ETH from compromised addresses.” This high rate of misuse rings alarm bells.
These malicious activities persist despite Ethereum’s security ambitions. The Ethereum Foundation announced a substantial security funding initiative on May 14th. This program, valued at one trillion dollars, aims to enhance wallet security features among other goals.
Security analysis reveals the scam method
Over 80% of EIP-7702 delegations authorized contracts copied from identical source code. This code originated from a specific malicious wallet address. The security gap allows exploiters to drain ETH automatically from targeted wallets.
Wintermute researchers labeled the primary suspicious address “Crime Enjoyor.” The situation triggered online debate. Users questioned whether the Pectra upgrade inadvertently empowered scammers.
Understanding EIP-7702
EIP-7702 is a component of the Pectra hard fork. This feature permits standard user accounts (Externally Owned Accounts or EOAs) to act temporarily like smart contracts. It achieves this by letting the EOA delegate its transaction execution rights to an actual smart contract. This delegation capability is the mechanism exploited by the automated sweepers.
