BlockBeats News, June 2nd, according to TheBlock, Wintermute recently issued a warning that the EIP-7702 feature (Account Abstraction Improvement) in the Ethereum Pectra upgrade is being maliciously abused, with over 80% of authorizations being used for automated attacks. Blockchain security company Scam Sniffer recently detected a user losing nearly $150,000 due to a phishing attack, where the attacker deployed a copy-paste contract named "CrimeEnjoyor" that can automatically drain wallets exposed through private key leaks. EIP-7702, proposed by Ethereum co-founder Vitalik Buterin, aims to temporarily give wallets smart contract capabilities to enhance user experience, including batch processing multiple transactions, sponsoring Gas fees, using biometric/social verification, and setting one-time transaction limits.

According to Wintermute's Dune dashboard, the majority of EIP-7702 authorizations flow to identical malicious contracts. Security expert Taylor Monahan pointed out that EIP-7702 makes draining addresses "cheaper and easier." Wintermute commented on this, saying, "It is both ridiculous and cruel, as the same copied bytecode accounts for most EIP-7702 authorizations."

BlockBeats previously reported that SlowMist co-founder Yu Xian stated that the largest users of the Ethereum EIP-7702 new mechanism are coin-stealing groups (not phishing organizations). EIP-7702 allows automatic authorization to transfer funds from wallets leaked through private keys or mnemonics, with over 97% of EIP-7702 delegations pointing to coin-stealing contracts.