Ethereum’s recent EIP-7702 update has introduced the account abstraction feature, allowing wallets to mimic smart contract behavior, which aims to enhance user experience. Launched alongside the Pectra update, this feature is intended to expand functionality but faces increasing exploitation. Current analyses indicate a significant rise in malicious activities targeting this feature.
The Purpose and Innovations of the New Feature
EIP-7702 allows wallets temporary smart contract-like behavior, adding functionalities such as batched transactions, spending limits, and various authentication methods. The primary objective is to streamline basic transactions and ensure security. In line with recommendations from Vitalik Buterin, the feature also optimizes gas fee usage and enables multiple transactions through a single delegation.
In Turkey, digital finance applications are reaching more users, yet these features introduce potential vulnerabilities. As a result, both individual investors and wallet providers face additional security risks that warrant attention.
Exploitation and Security Concerns
According to data from the analysis firm Wintermute, over 80% of EIP-7702 delegations have fallen under the control of cloned “CrimeEnjoyor” contracts. These contracts enable hackers to swiftly move digital assets from vulnerable wallets, exposing users to significant threats.
The “CrimeEnjoyor” contract is notably simple and broadly reused, representing a major portion of EIP-7702 delegations. This presents an ironic yet concerning scenario.
Reports from blockchain security companies Scam Sniffer and SlowMist indicate significant digital asset losses for users. In one case, a wallet owner lost approximately 150,000 USD through a single batched transaction. These attacks often involve automated software focused on batching and phishing attempts.
Users are advised to carefully review signature requests within digital wallets and avoid hasty transactions. Additionally, industry experts stress the importance of wallet service providers swiftly implementing necessary security measures.
Wallet service providers should rapidly support EIP-7702 transactions and clearly disclose target contracts for delegations. This reduces phishing attack risks.
Security experts also suggest that users remain vigilant against signature requests from non-official and unverified sources. These types of attacks predominantly target EVM-compatible blockchains.
The EIP-7702 update promises enhancements to the Ethereum 
$2,329 ecosystem, facilitating user ease but simultaneously ushering in significant security threats. User caution in wallet transactions and proactive safety mechanisms by wallet providers are crucial to prevent asset losses, underscoring the necessity for advanced security measures in digital asset management.
