Concerns continue to mount over Ethereum’s latest protocol upgrade as security risks attract malicious actors aiming to drain user wallets.
The Ethereum Improvement Proposal EIP-7702, part of the Pectra upgrade introduced earlier this year, is drawing scrutiny across the crypto industry after numerous exploits have been observed on chain.
Proposed by co-founder Vitalik Buterin, the upgrade was originally designed to enhance wallet functionality by allowing standard Ethereum wallets to temporarily behave like smart contracts.
However, the feature has attracted significant attention from malicious actors exploiting its capabilities.
Ethereum EIP-7702 Exploits on the Rise
Security researchers have identified that multiple EIP-7702 delegations are linked to malicious wallet-draining bots began on May 30, 2025, after crypto market maker Wintermute flagged a surge in malicious smart contracts abusing the new delegation feature.
Nicknamed “CrimeEnjoyors,” the contracts are short, reusable snippets of code that automatically scan delegated wallets for vulnerabilities and attempt to sweep funds to attacker-controlled addresses. These malicious scripts automate fund theft from compromised wallets by silently batching fraudulent token approvals in undetectable patterns.
While Wintermute added that many of the malicious contracts have yet to successfully extract funds, some users have already fallen victim. On May 24, 2025, crypto anti-scam platform Scam Sniffer revealed that one user lost approximately $150,000 in ETH to a phishing attack that leveraged a malicious contract using EIP-7702 delegation.
The root issue often stems from compromised private keys, which EIP-7702’s functionality exacerbates by enabling rapid, automated theft. Blockchain security firm SlowMist founder Yu stressed the potential impact of the vulnerability, echoing broader calls for users to exercise vigilance.
How to Stay Safe
According to a March 2025 analysis by SlowMist, cautious signing, verified contracts, and smart development practices are key to staying safe with EIP-7702. Users are advised to verify target contracts before delegating access, and avoid interacting with suspicious DApps.
Wallet providers are also urged to display clear warnings during the delegation process, which could serve as an extra layer of protection for users against phishing attempts.
