A single phishing attack has drained a million dollars of tokens of a cryptographic investor who unconsciously signed a lot of malicious transactions disguised as Uniswaps, according to the blockchain security company, Scam Sniffer.
In a position on August 22 on X, Yu Xiang, founder of the Safety Society Slowmist, noted that the incident involved five tokens siphone by a transaction exploiting the new EIP-7702 mechanism in Ethereum.
He explained:
“From the point of view of a sentence, it happens as follows: the user opens a phishing website, a portfolio signature prompt appears, the user clicks on confirm, and with a single action, all the precious assets in the portfolio address disappear in the blink of an eye.”
EIP-7702 was introduced into the upgrading of Pectra to rationalize the Ethereum user experience. The functionality allows a portfolio to act as a temporary intelligent contract, which makes it possible to group several transactions, activate the sponsorship of the gas or set expenditure limits in a single step.
In principle, the delegation is revocable and specific to the network. However, the attackers found ways to arm the functionality in practice.
Crypto Market Maker Wintermute warned that the implementation of the standard is used on a large scale. His June analysis has shown that more than 90% of EIP-7702 delegations were linked to malicious contracts.
The company has stressed that many of these contracts are simple scripts to glue copy that scrass vulnerable wallets and automatically drain their assets.
Given this, Scam Sniffer and Xiang urged crypto users to take additional care before signing portfolio requests. They recommended to check the domain names, avoid precipitated confirmations and reject signatures that seem clear or too large.
They also said that some of the red flags that may arise include requests for unlimited token approvals, upgrades to contracts under EIP-7702 or transaction simulations that do not meet expectations.