From the very moment the EIP-7702 activation surge hit the Pectra upgrade on May 7th, it surpassed the activation speed of all prior upgrades combined, leaving undisguised hazards in its wake– hazards that many users stumble into without even realizing.
Imagine your crypto wallet supercharged with some temporary smart-contracting know-how! That is precisely what the new upgrade offers, letting a user in full delegation by way of a signed message. But hold on-a conundrum appears with increased ease of use: the availability of security threats now stands demanding urgent attention.
Top 7702 delegator is allegedly a phishing scam
According to GoPlus Security, on-chain data from bundlebear.com has revealed over 10k addresses using smart accounts.
A very coldblooded new scam has been unearthed by GoPlus Security: Give the wrong address, and any Ether sent to your account instantly vanishes into thin air, redirected to an awaiting thief. It’s like a digital black hole for your funds, activated the instance you give the goahead. Protect yourself by doublechecking those addresses and do your best to avoid becoming the next victim.
Beware! Approving one-way access to delegator 0x930fcc37d6042c79211ee18a02857cb1fd7f0d0b is like installing a time portal to ferry your ETH off limbo. After decompiling GoPlus’s contract code, the discovered sinister trap: Should any ETH enter your account, said ETH will be swiftly redirected to the scammer’s wallet. Watch your ETH from being stolen away!
The race to preempt the public launch started immediately after the approval: every single Satoshi of ETH was fed into the black hole wallet 0x000085bad. An elaborate automated theft, in every sense of the word!
Every ETH transferred to victims’ wallets get auto-redirected to scammer wallet 0x000085bad. Source: GoPlus Security
In an effort to capitalize on users’ enthusiasm, scammers are distorting the promise of Pectra. Though the danger is very real, secure wallets such as MetaMask are moving ahead, safely integrating EIP-7702.
The other company is issuing an alarm: experienced cryptonauts should consider any unsolicited “smart account upgrade” requests sent via email or external links to be outright scams. Only through your wallet interface shall you consider any link that purports to give you access to all 7702 features: venture outside, and your losses shall be total.
EIP-7702 is about to transform the Ethereum human interface and transaction possibility. But a word of caution: Beware of impersonators lurking outside your wallet. GoPlus Security cautions: If anyone presses you for an “upgrade” via external links, putting on all brakes becomes warranted. It is a complete scam. Be vigilant, and stay safe.
Most importantly: do not get phished in the attempt to authorize 7702. Instead, type in the contract address yourself. Inspect the contract source code with the eyes of a hawk. Be wary of closed source contracts. Always double or even triple-check the authorization address-your money rests on it.
❗WARNING❗
🚨 Top 7702 Delegator Revealed as Phishing Scam 🚨 Sparks Have Flared in the Pectra Smart Account-Fever, But One Danger Hides! Eager to harness the power of EIP-7702 smart accounts, thousands are rushing toward the remaining jewels. The promise of account abstraction is very promising, but security concerns must draw immediate focus before the gold rush turns sour.
Details ⬇️ GoPlus Security 🚦 (@GoPlusSecurity) May 20, 2025
Hardware wallets are not safer either
Back in the day, hardware wallets were considered the holy grail of crypto security. Think again. As Pectra has flipped the whole story, according to on-chain guru of Hacken, Yehor Rudytsia. The game has changed.
A stunningly simple exploit now threatens what was previously judged to be the impenetrable vaults by the hardware wallets, cautions Rudytsia. A single malicious signature is enough to siphon funds. “Poof, all your funds, vanishing into thin air in a blink of an eye,” he solemnly describes. The security landscape has shifted in ways that now diminish the defining aspects of hot and cold storage via exquisite new threats.
While there are ways to stay safe, they all require vigilance on the part of the users.
“Don’t blindly sign your digital life away,” warned Rudytsia, urging caution. “If a message reads like gibberish, don’t authorize it.” He further pressed wallet developers to act as vigilant guardians, equipping users with unmistakable warnings when delegation messages appear, preventing unwitting approvals of hidden agendas.
Beware a Siren Song-The delegation signatures promise sweet nothings but come across as innocent 32-byte hash values. Unlike their honest brethren, EIP-191 and EIP-712, this new set sings a very different tune, one unfamiliar to your wallet. Hence this warning: Something very simple might technically become a very dangerous delegation, beyond the bounds of any alarm in your wallet.
“Usman kept the Erklärung free of crypto jargon: ‘See your nonce in the message? Danger! That transaction’s messing with your account.’ Somewhat literally, he leaned in. ‘Just logging in or making promises off-chain? Your nonce shouldn’t be there.'”
Now comes the real kicker: EIP-7702 enables signature replays acrossanyEthereum-compatible chain because it accepts signatures withchain_id = 0. Imagine it as a skeleton key able to open any vault. Use it on one chain, and the echoes spread that can be exploited on many others.
Pectra arrives, but multisig wallets are still considered the most secure platform. The multisig wallets require multiple approvals; so it stays intact while single-key setups try to scramble – hardware or no hardware. Expect a frantic race to patch for vulnerabilities, as single-key wallets rush to deploy new defenses at signatures, desperately trying not to end up easy marks.
Thanks for reading Urgent security risk: Ethereum’s EIP-7702 Pectra already infected by phishing scammers
