Thought as a decisive advance towards the abstraction of account, the Pectra update already upsets the security balances on Ethereum. Introducing the EIP-7702 standard, supported by Vitalik Buterin, it allows wallets to behave temporarily as intelligent contracts. However, barely deployed, this innovation is diverted on a large scale to automate attacks. Far from eliminating the risks, the evolution of the protocol creates new, more subtle, that hackers are already hastement to exploit.
In short
- Ethereum's “pectra” update introduces the EIP-7702, a standard aimed at improving the user experience via account abstraction.
- Wintermute alerts on a massive and malicious use of this functionality, diverted to automate the flight of funds.
- The real problem lies in the compromise of private keys, not in technology itself, according to experts like Taylor Monahan.
- Slowmist calls on Wallet suppliers to better supervise delegation signatures and clearly inform users.
A diverted technical innovation for malicious purposes
The new update of Ethereum, called Pectra, was deployed on the network, and marked a major technical stage, although the market remained marble in the face of this development.
According to Wintermute, a quantitative trading company active in the Ethereum ecosystem, one of the features introduced, the EIP-7702, was massively diverted for malicious purposes. This proposal allows portfolios to temporarily adopt the capacities of a smart contract, which exposes users to automated attacks.
The initial intention is to offer more flexibility in on-chain interactions, in particular via the management of group transactions, the sponsorship of gas costs, or the integration of advanced authentication systems.
However, on the social network X (ex-owner) on May 30, 2025, Wintermute reveals that “More than 80 % of EIP-7702 delegations were authorized to malware sharing the same copied-pacored bytecode”and designates this script by the nickname of ” Crimeenjoyor “.
This rudimentary, but formably effective script uses private compromises keys to automate the emptying of crypto wallets. Once deployed, it sucks the funds of any vulnerable address and transfers them to hackers, without human interaction.
The analysis published on the Dune Dune de Wintermute shows that this same code is at the origin of the majority of current EIP-7702 delegations. Concretely, malicious actors:
- Copy the script Crimeenjoyor in multiple intelligent contracts;
- Get or buy private keys compromised via phishing or malware attacks;
- Use EIP-7702 to force the automated execution of group transactions which empty the portfolios;
- Transfer the diverted funds to their own address into a single operation.
The phenomenon is not anecdotal. After SCAM SNIFFERa user was relieved of nearly $ 150,000 in an attack linked to this system, via a lot in affiliated lot to the well -known fraudulent service Inferno Drainer.
A human flaw much more than a defect in the protocol
For many Crypto security experts, the problem does not reside so much in the EIP-7702, one of the major updates of Ethereum, as in the eternal Achilles heel of cryptos: the mismanagement of private keys by investors.
Taylor Monahan, specialist recognized as a blockchain safety, expresses it without detour: “This is not really a problem linked to 7702. It is the same problem that the crypto has known since its inception: end investors have trouble securing their private keys”.
According to the expert, this new feature only makes automated attacks more fluid and less expensive to execute, without being the direct cause.
For its part, the Slowmist cybersecurity company underlines the lack of educational tools adapted to this innovation. In a report Recently published, the company insists on the need for Wallet suppliers to better highlight the target contracts when an investor signs an EIP-7702 delegation.
“Providers must quickly adapt their interfaces and alert users explicitly”,, declared Yu Xian, founder of Slowmist, on May 25 on the X platform. This also alerts the acceleration of attacks:“As we had predicted, phishing gangs have caught up with us”.
This observation underlines a disturbing evolution. Cybercriminals are now appropriating technical innovations almost as quickly as they are deployed.
Beyond the immediate alert, this case poses substantive questions on the capacity of the Ethereum ecosystem to reconcile rapid innovation and the safety of investors. If the EIP-7702 brings real technical flexibility, it also imposes a rise in drastic skills on the part of investors and tool developers. Without educational support or suitable UI/UX safeguards, these advances may open a boulevard in Hackers, and to erode confidence in the smart wallets of tomorrow.
Maximize your Cointribne experience with our 'Read to Earn' program! For each article you read, earn points and access exclusive rewards. Sign up now and start accumulating advantages.
