Odaily News Wintermute analyzed that the EIP-7702 proposal in Ethereum's recent Pectra upgrade has been used on a large scale for malicious behavior. The proposal was originally intended to improve user experience, such as supporting batch transactions, social verification, and setting spending limits, but more than 80% of the current EIP-7702 authorizations have flowed to multiple contracts that deploy the same "auto-cleaning" code.
Wintermute named this type of contract "CrimeEnjoyor", and its function is to automatically transfer wallet assets after the private key is leaked.
Security companies Scam Sniffer and SlowMist both pointed out that the proposal has been abused by the fraud service Inferno Drainer, and some users have lost nearly $150,000 due to malicious batch transactions. SlowMist founder Yu Xian reminded that wallet service providers should support and clearly display authorization contract information as soon as possible to prevent phishing attacks.
Security expert Taylor Monahan pointed out that the root of the problem still lies in the security of user private keys. "EIP-7702 is not a vulnerability, it just makes the attack more efficient." (The Block)