Concerns are growing over Ethereum’s latest protocol upgrade as security risks emerge, attracting malicious actors who aim to compromise user wallets. The Ethereum Improvement Proposal EIP-7702, introduced earlier this year as part of the Pectra upgrade, has come under scrutiny due to reported exploits within the crypto ecosystem.

Understanding EIP-7702

Proposed by Ethereum co-founder Vitalik Buterin, EIP-7702 was designed to improve wallet functionality by enabling standard Ethereum wallets to temporarily function like smart contracts. While this feature offers enhanced convenience, it has also opened the door to new security vulnerabilities that malicious actors are actively exploiting.

Security Concerns and Exploits

Security researchers have observed a growing number of exploits originating from EIP-7702 delegations. On May 30, 2025, crypto market maker Wintermute flagged a surge in malicious smart contracts abusing the delegation feature. These contracts, nicknamed “CrimeEnjoyors,” use automated scripts to scan delegated wallets for vulnerabilities and sweep funds into attacker-controlled addresses.

“Over 97% of all EIP-7702 delegations were authorized to contracts using identical code. These are sweepers, used to automatically drain incoming ETH from compromised wallets.”

These malicious bots silently batch fraudulent token approvals, making fund theft undetectable to most users. While many of the malicious contracts have yet to successfully extract funds, some users have already fallen victim to these attacks.

Real Cases of EIP-7702 Exploits

On May 24, 2025, crypto anti-scam platform Scam Sniffer reported that a user lost approximately $150,000 in ETH due to a phishing attack that leveraged a malicious contract exploiting EIP-7702 delegation. Such incidents highlight the risks posed by compromised private keys and the automated nature of fund theft enabled by this upgrade.

“An address upgraded to EIP-7702 lost $146,551 through malicious batched transactions in a phishing attack.”

The blockchain security firm SlowMist has also voiced concerns regarding the vulnerability, emphasizing the need for users to remain vigilant when interacting with Ethereum wallets and smart contracts.

Protecting Yourself Against EIP-7702 Exploits

Security experts recommend several practices to mitigate the risks associated with EIP-7702:

  • Verify Contracts: Always ensure the authenticity of contracts before delegating access.
  • Exercise Caution: Avoid signing transactions on suspicious decentralized applications (DApps).
  • Enable Wallet Warnings: Wallet providers should implement clear warnings during the delegation process to alert users of potential risks.
  • Use Secure Wallets: Opt for wallets with robust security features and multi-signature capabilities.

Recommendations for Developers and Service Providers

Blockchain developers and wallet providers should adopt smart development practices to minimize vulnerabilities. Regular audits, clear communication of risks, and user education are essential to safeguarding the ecosystem. Additionally, proactive measures like displaying warnings about delegation risks could serve as a critical layer of protection against phishing attempts.

The Ethereum community is encouraged to stay informed about potential risks and adopt best practices to prevent exploitation. As the crypto space evolves, security must remain a priority to ensure user trust and the longevity of blockchain technology.