Jun 2, 09:30 PM

Ethereum’s Pectra Upgrade EIP-7702 Exploited by Bots Draining Wallets; $150K Lost, BSC Also Targeted by Malicious npm Packages

Ethereum's recent Pectra upgrade, specifically the implementation of EIP-7702 designed to simplify wallet delegation, is being exploited by malicious bots that automatically drain wallets. Security researchers and firms, including Wintermute and others, have identified that over 97% of EIP-7702 delegations are linked to identical malicious contracts known as "CrimeEnjoyor," which facilitate automatic theft of Ethereum from compromised wallets. One reported victim lost $150,000 in a phishing attack related to this vulnerability. Additionally, a supply chain attack involving malicious npm packages targeting both Ethereum and Binance Smart Chain (BSC) wallets has been uncovered, with these packages capable of exfiltrating up to 85% of a victim’s crypto holdings using obfuscated JavaScript. The findings have prompted urgent calls for developers on Ethereum and BSC to upgrade their systems immediately to mitigate these risks.

#Ethereum #Pectra #Wintermute #Binance Smart Chain #JavaScript #BSC

Written with ChatGPT (GPT-4).

Sources

Additional media

Image #1 for story ethereums-pectra-upgrade-eip-7702-exploited-bots-draining-wallets-150k-lost-bsc-bb9901aa

Image #2 for story ethereums-pectra-upgrade-eip-7702-exploited-bots-draining-wallets-150k-lost-bsc-bb9901aa

Ethereum’s Pectra Upgrade EIP-7702 Exploited by Bots Draining Wallets; $150K Lost, BSC Also Targeted by Malicious npm Packages

Sources

Additional media

Similar Stories