The mass wallet-draining attacks linked to Ethereum’s Pectra upgrade involve malicious smart contracts deployed using the EIP-7702 feature, which allows attackers to automate the theft of ETH from wallets with leaked private keys by delegating control to “sweeper” contracts that instantly transfer incoming funds to attacker-controlled addresses.

Quotes that support claims

Hackers are abusing the new EIP-7702 feature introduced in the Ethereum Pectra Upgrade to automate the transfer of ETH from wallets with stolen private keys. According to blockchain security researchers, attackers are using EIP-7702 to deploy smart contracts that drain funds without manual action.

Instead of moving ETH manually from each compromised wallet, attackers now authorize contracts that automatically forward any received ETH to their own addresses.

These sweepers automatically transfer any incoming funds to attacker-controlled addresses.