Wintermute, one of the leading global algorithmic trading firms, has recently analyzed Ethereum’s recent ‘Pectra’ upgrade and found that it has mostly been used by sweeper attacks to drain out unsuspecting wallets. Wintermute has announced that Ethereum users could become more vulnerable and exposed to attacks due to the latest Pectra upgrade of Ethereum. Scam Sniffer, a major blockchain security firm, has reported that an Ethereum user has lost around $150,000 to a phishing attack caused by the security compromise caused by the Pectra upgrade.
Ethereum users could become more vulnerable to attacks due to its Pectra upgrade, says Wintermute
Wintermute warns the Ethereum users to be alert, and they could become exposed to online attacks due to the security compromise reported due to the latest Pectra upgrade. The latest Pectra upgrade from Ethereum was intended to improve the ease-of-use for network users and enhance its efficiency. According to the latest analysis from one of the best algorithmic trading firms, Wintermute, an upgrade that aimed to enable seamless service within the network is now being used by malicious attackers to drain user wallets.
Wintermute explained that more than 80% of EIP-7702 delegations were being used in malicious smart contracts that employed copy-pasted code. They added that this was a method that automatically stole the assets of wallets with leaked keys.
EIP-7702, the latest account abstraction upgrade implemented in the Pectra, might increase the risk of automated attacks by malicious smart contracts. As per the analysis conducted by Wintermute, over 80% of delegations enabled through EIP-7702 lead to copy-pasted smart contracts that could trigger the automatic triggering of vulnerable wallets. Wintermute named this malicious contract “CrimeEnjoyer.” The copied versions of the same basic code are likely to automatically sweep or drain the wallets with unsafe keys and send the contents to the malicious attacker who is found to be the deployer of the contract.
Wintermute wrote on X that the CrimeEnjoyor contract was short, simple, and widely reused. He noted that this one copy-pasted bytecode now accounted for the majority of all EIP-7702 delegations, adding that it was funny, bleak, and fascinating at the same time. However, concerns regarding EIP-7702 stay active; a prominent security expert, Taylor Monahan, stated that the major issue is private key security, not EIP-7702. He claimed that, in reality, the core issue was not EIP-7702, but that users still struggled to keep their private keys safe. She added that EIP-7702 merely provided the capability to drain addresses more efficiently and cheaply.
Yu Xian, the founder of SlowMist, has raised his concerns and stated that, as they had predicted, phishing organizations had already caught up. He emphasized that users must remain vigilant to prevent the leakage of assets from their wallets. Blockchain security firm, Scam Sniffer, has already reported that a wallet has lost around $150,000 through a malicious transaction in a phishing attack caused by the security breach identified after the Pectra upgrade. They address the users about protecting themselves from phishing by double-checking all the signature requests and by not rushing into signing transactions.
Read More: SEC Raises Legal Concerns Over REX-Osprey’s Proposed Ethereum and Solana ETFs