Technical exploitation

Collection item

Wintermute’s research found that over 97% of Ethereum EIP-7702 delegations were linked to contracts using identical code for automated wallet draining.

Ethereum contracts deployed using the EIP-7702 feature introduced in the Pectra upgrade have been exploited to function as sweepers that automatically transfer incoming ETH from compromised wallets to addresses controlled by attackers.

The warning printed by Wintermute’s “CrimeEnjoyor” code explicitly states the contract is malicious and instructs users not to send funds.

Attackers exploited Ethereum’s EIP-7702 feature to authorize smart contracts that automatically transfer ETH from wallets with stolen private keys to attacker-controlled addresses.

Data source type

Collection data source

Filter

{"where":{"AND":[{"attribute":"Jfmby78N4BCseZinBmdVov","is":"KeG9eTM8NUYFMAjnsvF4Dg"}]}}