Wintermute reports a serious warning regarding the Ethereum wallet ecosystem after the Pectra update. In the spot light is EIP-7702 which is at the centre of a$146 million crisis.
A large scale of automated wallet attack campaigns has reported. Over 80% of the affected are on this new protocol. Wintermute’s Dune Analytics platform reports that phishing groups are using CrimeEnjoyor smart contract templates. These are used to carry out mass theft of Ethereum wallets.
EIP-7702’s Intended Innovation Backfires
Wintermute issues of security in the Ethereum wallet come from what may be considered a forward thinking innovation. EIP-7702 introduces a feature which allows externally owned accounts (EOAs) to at times function as smart contracts. This puts in play transaction batching, third party fee sponsorship, and social login integrations.
However great trade off in which these benefits are had. Attackers are putting out large scale malicious byte code. This in turn is causing wide spread wallet hacking with great efficiency. Wallets which are compromised via fake dApps give attackers full access. This enables sneaky asset drain.
Wintermute’s Ethereum Wallet Threat Detection Is Increased
Wintermute reports developing Ethereum wallet tools that identify malicious contracts through bytecode analysis. They are also putting in real time warnings for suspicious deployments. Additionally, hardware providers such as Ledger are putting in time locks. MetaMask is to put out threat scores for delegation prompts.
Despite controls in place, we see that 97% of EIP-7702’s delegations has been in attacks. Wintermute’s report notes almost 5,000 wallets compromised and over $146 million stolen.
Wintermute Ethereum Wallet Crisis Divides Experts
A great dispute has come up. Wintermute and SlowMist report that EIP-7702 increases attack vectors. At the same time, Taylor Monahan argues that longstanding user carelessness with private keys is to blame.
Still the results are present. Ethereum validators are putting out EIP-7702 transactions, and dApps like Uniswap are reporting delayed support. Also DeFi insurance for EOA based wallets has seen a 22% rise in premium.
A Push For Protocol Fixes And Industry Reform
Wintermute is seeing into implementation of changes via EIP-7702.1. This proposal requires audits of high value delegations. Also, EIP-6968 introduces the concept of contract revocation periods.
The SEC also has a role in this issue as they bring up the exploit in recent custody rules. We may see that institutions create new rules to disable support for EIP-7702 by default. They may also report on exposure levels.
This crisis highlights Ethereum’s core paradox: Innovation without educating the user is a recipe for disaster. Wintermute’s Ethereum wallet incident will set the stage for future security models. These models will impact not only Ethereum but also the greater Web3.
