Analysts Sound Alarm: $1.5M Phishing Exploit Linked to Ethereum’s Groundbreaking EIP-7702
The crypto world just got another harsh reminder that innovation often comes with a target on its back.
Ethereum's latest upgrade, EIP-7702, designed to streamline user transactions, has instead become the centerpiece of a sophisticated $1.5 million phishing scheme. Security analysts are scrambling to contain the fallout as bad actors exploit fresh code vulnerabilities.
How the Attack Unfolded
Attackers crafted deceptive smart contracts that mimicked legitimate EIP-7702 interactions, tricking users into approving malicious transactions. The exploit bypassed conventional wallet security prompts, leaving even experienced traders exposed.
The Aftermath and Response
While the Ethereum core team investigates patches, the incident fuels the eternal debate: are we building for progress or just creating new ways to lose money? Some things on the blockchain never change—especially the speed at which scams evolve to match 'revolutionary' upgrades.
Stay vigilant. Your keys, your crypto—and apparently, your constant burden to outsmart the next clever exploit.
There have been at least three victims this month
The latest unfortunate victim reportedly lost a total of $1.54 million after signing EIP-7702 phishing batch transactions that contained multiple token transfers and NFT approval operations. Part of those funds has reportedly been bridged to Mainnet via Relay Protocol.
The case comes two days after Scam Sniffer announced that another investor had lost $1M in tokens and NFTs after signing phishing batch transactions disguised as Uniswap swaps.
That exploit came weeks after the anti-fraud service reported that an EIP-7702 upgraded address lost $66k to the same group using the same exploit.
These schemes involve a fraudulent DeFi interface that is typically designed to mimic platforms like Uniswap. The victims were prompted to approve transactions that at first glance appeared routine, but in reality, were authorized hidden transfers.
Upon approval, attackers would drain the wallet almost instantly, siphoning crypto and NFTs.
According to Scam Sniffer, many users are still in the dark about the risks linked to EIP-7702 because it is a recent development. Since the malicious transactions are usually structured to appear normal, unsuspecting users are vulnerable.
Security experts have reported EIP-7702 exploits since June
Scam Sniffer has confirmed that phishing attacks targeting EIP-7702 upgraded addresses have gone up, indicating a growing trend. However, it is not a new trend, as security experts have been reporting incidents for months now.
In June, Wintermute researchers revealed exploiters have targeted several unsuspecting crypto wallets with “automated sweeper” attacks, this time, using “delegate contracts”– a new feature launched as part of the EIP 7702.
While EIP-7702 brings new convenience, it also introduces new risks
Our Research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised… pic.twitter.com/xHp7zr4hC9
— Wintermute (@wintermute_t) May 30, 2025
In a series of tweets shared via its official X handle, Wintermute claimed its research team had discovered that over 80% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. They called them sweepers and reported that they are used to automatically drain incoming ETH from compromised addresses.
The malicious attempts by hackers to drain ETH from wallets have continued despite the ethereum Foundation’s one trillion dollar security program, which it announced on May 14.
To be safe, Scam Sniffer has urged users to be cautious and vigilant when approving batch transactions and to verify interfaces carefully before signing anything.
Fake DeFi platforms designed to mimic legitimate ones have been tagged as one of the most common attack vectors in the crypto sector, and the introduction of batch transactions, though proven to improve user experience for legitimate applications, has added complexity while increasing the chance of an exploit.
The best way to get ahead of the issue is to use only trusted applications and triple-check permissions granted during every transaction, batched or not.
Sign up to Bybit and start trading with $30,050 in welcome gifts
