A recent phishing attack utilizing EIP-7702 resulted in significant losses for a crypto investor, serving as yet another warning about security in the digital space.
Phishing Attack and Its Aftermath
An investor lost approximately $1.54 million in a phishing attack related to EIP-7702 transactions. The attacker exploited batch transaction capabilities, targeting ETH, BTC, and several staked tokens on Ethereum. SlowMist founder Cao Yun confirmed that the method includes unauthorized delegation of user EOA addresses to MetaMask, enabling attackers to transfer assets through a single contract call.
Immediate security warnings have been issued, emphasizing the importance of verifying websites and transaction links before executing transactions. Users are advised against granting unlimited approvals on tokens, as this leaves accounts vulnerable to similar threats.
Market Considerations and Security Recommendations
EIP-7702-based phishing attacks have become predominant due to the delegation feature, highlighting parallels with past vulnerabilities exploited in major exchange hacks. As of the loss, Ethereum (ETH) holds a market cap of $577.17 billion, with a price of $4,781.54. ETH's market dominance is 14.47%, showing a 0.59% increase in 24-hour trading, despite a significant 64.31% drop in trading volume during the same period.
Regulatory Implications
Experts from the Coincu research team emphasize potential long-term implications of EIP-7702 on the regulatory landscape, urging increased scrutiny and possible updates to wallet signature prompts. They foresee potential evolutions in user security protocols and stress the necessity for clearer transaction interface designs.
The phishing incident linked to EIP-7702 serves as a clear example of digital asset vulnerabilities and emphasizes the necessity for increased caution measures for both users and regulators.
