TLDR
- Investor lost approximately $1.54 million in various tokens.
- Attack linked to exploitation of EIP-7702 mechanism.
- Over 90% of flagged delegations involved malicious contracts.
An Ethereum investor fell victim to a significant phishing attack, losing around $1.5 million in various tokens. This incident is linked to Ethereum’s EIP-7702, which has been exploited on the Ethereum mainnet.
The attack impacted several tokens, including ETH, wstETH, cbBTC, and other unspecified ERC-20 tokens. The assets were drained from what seems to be individual or possibly DeFi protocol-affiliated hot wallet assets.
Details of the Phishing Attack
The unidentified crypto investor interacted with scam contracts leveraging the new EIP-7702 mechanism. This exploit has been confirmed and traced by Scam Sniffer, a well-regarded blockchain security analytics platform.
While the attacker remains unidentified, there is no indication that the scam is linked to known criminal organizations or insiders. The Ethereum Foundation and other major DeFi protocol leaders have not yet commented on this specific incident.
Assessing the Financial Loss
The amount lost is approximately $1.54 million. There is no indication that this was grant or institutional funding, implying the loss directly affects individual holdings.
The loss specifically impacted ETH, its wrapped derivatives (wstETH), and cbBTC. Any other ERC-20 tokens stored in the affected wallet could be at risk. However, no evidence suggests a protocol-level compromise.
On-chain and Community Reactions
Major analytics dashboards like DefiLlama and Nansen report no significant changes in total value locked, indicating the event did not cause a protocol exploit.
The event has incited reactions on social media, with calls from security analysts and DeFi developers for user education and clearer UI warnings regarding new delegation permissions.
Previous Incidents and Awareness
Since EIP-7702 rolled out in May 2024, similar attacks have emerged, exploiting users unfamiliar with new transaction-delegation features. Over 90% of flagged delegations involved malicious contracts.
No protocol-level collapses have been reported, although these events regularly spur community efforts for UI reform and education. Ongoing vigilance and potential enhancements to user interface warnings are critical.
| Disclaimer: The content on defiliban.com is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |
