3 hours ago
A azygous phishing onslaught drained astir $1 cardinal worthy of tokens from a crypto capitalist who unknowingly signed a batch of malicious transactions disguised arsenic Uniswap swaps, according to blockchain information steadfast Scam Sniffer.
In an Aug. 22 post connected X, Yu Xiang, laminitis of blockchain information steadfast SlowMist, noted that the incidental progressive 5 tokens siphoned done a transaction exploiting Ethereum’s caller EIP-7702 mechanism.
He explained:
“From the position of a phished user, it goes similar this: the idiosyncratic opens a phishing website, a wallet signature punctual pops up, the idiosyncratic clicks confirm, and with conscionable that 1 action, each invaluable assets successful the wallet code vanish successful a snap.”
EIP-7702 was introduced successful the Pectra upgrade to streamline the Ethereum idiosyncratic experience. The diagnostic allows a wallet to enactment similar a impermanent astute contract, making it imaginable to batch aggregate transactions, alteration state sponsorship, oregon acceptable spending limits successful 1 step.
In principle, the delegation is revocable and network-specific. However, attackers person recovered ways to weaponize the diagnostic successful practice.
Crypto marketplace shaper Wintermute has warned that the standard’s implementation is being exploited astatine scale. Its June investigation showed that much than 90% of EIP-7702 delegations were linked to malicious contracts.
The steadfast pointed retired that galore of these contracts are elemental copy-paste scripts that scan for susceptible wallets and drain their holdings automatically.
Considering this, Scam Sniffer and Xiang urged crypto users to instrumentality other attraction earlier signing wallet requests. They recommended verifying domain names, avoiding rushed confirmations, and rejecting signatures that look unclear oregon overly broad.
They besides stated that immoderate of the reddish flags that could originate see requests for unlimited token approvals, declaration upgrades nether EIP-7702, oregon transaction simulations that bash not lucifer expectations.
The station Crypto capitalist loses $1M successful Uniswap scam exploiting Ethereum’s EIP-7702 appeared archetypal connected CryptoSlate.
English (US) 