US EditionEthereum 'CrimeEnjoyors' Aren't Making Money From Exploiting Pectra's EIP-7702, Wintermute Says
- On May 30, 2025, Wintermute reported that malicious Ethereum contracts called CrimeEnjoyors exploit the Pectra upgrade's EIP-7702 feature to target wallets.
- This attack stems from EIP-7702, which allows temporary wallet delegation to smart contracts but also increases risks from reused malicious code.
- Wintermute found CrimeEnjoyors authorized about 79,000 addresses with one address receiving 52,000 permissions, yet attackers failed to profit despite victim losses.
- Wintermute developed CrimeEnjoyor warning code that injects “NOT SEND ANY ETH” alerts into verified malicious contracts to help prevent fund loss.
- The event highlights Ethereum security concerns, prompting calls for user vigilance, contract verification, cautious signing, and improved wallet warnings.
17 Articles
17 Articles
Ethereum EIP-7702 Brings New Risks, Wintermute Says
Crypto market maker Wintermute has warned that Ethereum’s Pectra upgrade — specifically the implementation of the EIP-7702 account-abstraction feature — leaves users at higher risk of automated attacks. EIP-7702 was designed to improve the user experience by allowing wallets to temporarily act like smart contracts, enabling features such as transaction batching, gas sponsorship, and spending limits in a single transaction. But Wintermute’s analy…
Ethereum 'CrimeEnjoyors' Aren't Making Money From Exploiting Pectra's EIP-7702, Wintermute Says
Malicious Ethereum contracts designed to drain wallets with weak security aren't profiting from the operation, crypto market maker Wintermute said Friday, identifying these contracts as "CrimeEnjoyors."The whole issue is tied to the Ethereum Improvement Proposal (EIP)-7702, part of the Pectra upgrade that went live early last month. It allows regular Ethereum addresses, secured by private keys, to temporarily operate as smart contracts, facilita…
Ethereum Security Gap Emerges After Pectra Upgrade, Exploiting New Feature News ETHNews
Scammers exploit Ethereum’s new EIP-7702 feature; over 80% usage links to a single malicious automated draining operation. Wintermute researchers found identical code authorizations enabling “sweeper” contracts that automatically steal ETH from compromised user wallets. A newly introduced Ethereum feature faces misuse. Security experts report scammers actively exploit EIP-7702, part of the recent Pectra upgrade. More than 80% of its usage links …
Wintermute's team detected a vulnerability associated with EIP-7702, which allows bad actors to subtract delegated ETH from committed contracts. Therefore, they developed alerts to notify the community that they can interact with any of these. *** Vulnerability detected after the Ethereum update. It is associated with EIP-7702, which allows attackers to automatically drain ETH from certain contracts. More than 12,000 transactions have already in…
Thoughtful as a decisive step towards account abstraction, the Pectra update already upsets the security balances on Ethereum. Introducing the standard EIP-7702, supported by Vitalik Buterin, it allows portfolios to behave temporarily as smart contracts. However, barely deployed, this innovation is diverted on a large scale to automate attacks. Far from eliminating the risks, the evolution of the protocol creates new, more subtle, ones that hack…
Coverage Details
Bias Distribution
- 100% of the sources are Center
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage
