According to a scammer at a blockchain security company, the single phishing attack emitted nearly $1 million in tokens from crypto investors who unconsciously signed a batch of malicious transactions disguised as UNISWAP swaps.
In a post on X on August 22nd, Yu Xiang, founder of blockchain security company Slowmist, noted that the incident had five tokens sucked up through a transaction that utilized Ethereum’s new EIP-7702 mechanism.
He explained:
“From a fish user’s perspective, it looks like this: the user opens a phishing website, a wallet signing prompt pops up, the user confirms, and with that one action, all valuable assets in the wallet address disappear in a snap.”
The EIP-7702 was introduced in the Pectra upgrade to streamline the Ethereum user experience. This feature allows wallets to act like temporary smart contracts, allowing multiple transactions to batch, enable gas sponsorship, or set spending limits in one step.
As a rule, the delegation is revocable and network-specific. However, the attackers have found a way to actually weaponize the feature.
Crypto Market Maker WinterMute warns that standard implementations are being misused at scale. That June analysis showed that over 90% of EIP-7702 delegations were associated with malicious contracts.
The company noted that many of these contracts are simple copy-paste scripts that scan vulnerable wallets and automatically drain their holdings.
With this in mind, the scam sniffer and Xiang urged crypto users to take special care before signing a wallet request. They recommended that you avoid checking your domain name, hurry-up verification, and refuse signatures that appear to be unclear or overly broad.
They also said some of the red flags that could occur include unlimited token approval requests, contract upgrades under EIP-7702, or transaction simulations that do not match expectations.
