Phishing assaults in August demonstrated how rapidly fraudsters have adopted the most recent developments in Ethereum. Scam Sniffer disclosed that three significant wallets were responsible for almost 46% of the $12 million in losses during that month, with one wallet suffering a loss of $3.08 million on its own.
The company pinpointed Ethereum’s new EIP-7702 standard as the main instrument that scammers took advantage of in these schemes. Ethereum has introduced EIP-7702 to enhance wallet functionality, allowing externally owned accounts to temporarily function as smart contract wallets. The upgrade introduced user-friendly features like batching transactions, establishing spending limits, incorporating passkeys, and enabling wallet recovery without altering addresses. However, these same features were soon exploited by attackers, who used them to hasten thefts and deceive users into granting malicious approvals.
Analytics revealed that more than 80% of delegate contracts associated with EIP-7702 have exhibited malicious behavior, affecting over 450,000 wallet addresses since the introduction of the standard. Security experts also believe that most users remain perilously oblivious to these risks. Yu Xian, highlighted that organized criminal groups have actively taken advantage of EIP-7702, broadening their attacks throughout Ethereum Virtual Machine ecosystems. Therefore, to address these risks, Scam Sniffer is advising investors to be more vigilant when engaging with wallet prompts.
The company advised checking domains, steering clear of hasty approvals, and dismissing signatures that provide unlimited or excessively broad permissions. With the rise of dubious prompts related to contract upgrades and inconsistent transaction simulations, Ethereum users must remain alert. Particularly because even innovative features can serve as attack vectors if misused.