Ethereum contracts deployed using the EIP-7702 feature introduced in the Pectra upgrade have been exploited to function as sweepers that automatically transfer incoming ETH from compromised wallets to addresses controlled by attackers.
Claim
Quotes that support claims
One implementation included a receive function that triggered automatic ETH transfers as soon as any funds arrived. The wallet user had no control once the contract was deployed.
The contracts had identical code designed to sweep ETH automatically.
These sweepers automatically transfer any incoming funds to attacker-controlled addresses.
Referenced by
Technical exploitation
Crypto news
Data block
