An Ethereum investor suffered a devastating loss of $1.54 million in a sophisticated phishing scam that exploited the newly implemented EIP-7702 batch transaction feature, part of Ethereum's recent Pectra upgrade. Blockchain security firm Scam Sniffer identified the attack, which involved a fraudulent DeFi interface mimicking legitimate platforms like Uniswap.
The attacker drained the victim's wallet of wrapped Ethereum (wstETH), wrapped Bitcoin (cbBTC), and several other tokens after the investor approved what appeared to be routine transactions. The EIP-7702 feature allows multiple operations within a single transaction, improving efficiency but creating new vulnerabilities that scammers are exploiting.
Scam Sniffer reported that this is part of a growing trend, with multiple victims targeted since the feature went live. Earlier this week, another investor lost approximately $1 million in NFTs and tokens through a similar scheme. The security firm warned that many users remain unaware of the risks associated with the new transaction standard.
"The novelty of EIP-7702 leaves many unaware of the risks, making these kinds of scams particularly effective," stated Scam Sniffer. The incident has raised significant concerns about security vulnerabilities in cutting-edge DeFi mechanisms and the potential pitfalls of blockchain advancements.