Crypto: Ethereum's Pectra Update Could Be Exploited By Hackers
Considered a decisive step toward account abstraction, the Pectra update is already disrupting security balances on Ethereum. Introducing the EIP-7702 standard, supported by Vitalik Buterin, it allows wallets to temporarily behave like smart contracts. However, barely deployed, this innovation is being widely exploited to automate attacks. Far from eliminating risks, the protocol’s evolution creates new, subtler ones that hackers are already eager to exploit.
In Brief
- The “Pectra” upgrade of Ethereum introduces EIP-7702, a standard aimed at improving user experience through account abstraction.
- Wintermute warns of massive and malicious exploitation of this feature, hijacked to automate fund theft.
- According to experts like Taylor Monahan, the real issue lies in the compromise of private keys, not the technology itself.
- SlowMist calls on wallet providers to better regulate delegation signatures and provide clear user guidance.
A Technical Innovation Diverted for Malicious Purposes
The new Ethereum update, named Pectra, has been deployed on the network and marked a major technical milestone, although the market remained indifferent to this development.
According to Wintermute, a quantitative trading company active in the Ethereum ecosystem, one of the introduced features, EIP-7702, has been massively diverted for malicious purposes. This proposal allows wallets to temporarily adopt the capabilities of a smart contract, which exposes users to automated attacks.
The initial intention is to offer more flexibility in on-chain interactions, notably through the management of bundled transactions, gas fee sponsorship, or the integration of advanced authentication systems.
However, on the social network X (formerly Twitter) on May 30, 2025, Wintermute revealed that “more than 80% of EIP-7702 delegations were authorized to malicious contracts sharing the same copy-pasted bytecode”, and dubbed this script “CrimeEnjoyor“.
This rudimentary but deadly effective script exploits compromised private keys to automate the emptying of crypto wallets. Once deployed, it drains funds from any vulnerable address and transfers them to hackers, without human interaction.
The analysis published on Wintermute’s Dune dashboard shows that this same code is behind the majority of current EIP-7702 delegations. Specifically, malicious actors:
- Copy the CrimeEnjoyor script into multiple smart contracts;
- Obtain or purchase compromised private keys through phishing or malware attacks;
- Use EIP-7702 to force automated execution of bundled transactions that drain wallets;
- Transfer diverted funds to their own address in a single operation.
The phenomenon is far from anecdotal. According to Scam Sniffer, a user was stripped of nearly $150,000 in an attack related to this system, via a batch transaction linked to the well-known fraudulent service Inferno Drainer.
A Human Flaw More Than a Protocol Defect
For many crypto security experts, the problem lies less in EIP-7702, one of Ethereum’s major updates, than in the eternal Achilles’ heel of cryptos: investors’ poor private key management.
Taylor Monahan, a recognized expert in blockchain security, puts it bluntly: “It’s not really a problem related to 7702. It’s the same problem crypto has faced since its beginnings: end investors struggle to secure their private keys.”
According to the expert, this new feature only makes automated attacks smoother and less costly to execute, without being their direct cause.
On its side, cybersecurity firm SlowMist emphasizes the lack of educational tools suited to this innovation. In a recently published report, the company stresses the necessity for wallet providers to better highlight target contracts when an investor signs an EIP-7702 delegation.
“Providers must quickly adapt their interfaces and explicitly alert users,” declares Yu Xian, founder of SlowMist, on May 25 on platform X. He also warns of accelerating attacks: “As we predicted, phishing gangs have caught up with us.”
This observation highlights a worrying development. Cybercriminals now appropriate technical innovations almost as fast as they are deployed.
Beyond the immediate warning, this case raises fundamental questions about the Ethereum ecosystem’s ability to reconcile rapid innovation with investor security. While EIP-7702 brings real technical flexibility, it also demands a drastic upskilling from investors and tool developers. Without educational support or appropriate UI/UX safeguards, these advances risk opening a wide avenue for hackers and eroding trust in the smart wallets of tomorrow.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
Diplômé de Sciences Po Toulouse et titulaire d'une certification consultant blockchain délivrée par Alyra, j'ai rejoint l'aventure Cointribune en 2019. Convaincu du potentiel de la blockchain pour transformer de nombreux secteurs de l'économie, j'ai pris l'engagement de sensibiliser et d'informer le grand public sur cet écosystème en constante évolution. Mon objectif est de permettre à chacun de mieux comprendre la blockchain et de saisir les opportunités qu'elle offre. Je m'efforce chaque jour de fournir une analyse objective de l'actualité, de décrypter les tendances du marché, de relayer les dernières innovations technologiques et de mettre en perspective les enjeux économiques et sociétaux de cette révolution en marche.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.