A well-known phishing group called Inferno Drainer is exploiting a new Ethereum feature to carry out attacks that drain wallets. The group is using Ethereum Improvement Proposal (EIP) 7702, part of the Pectra upgrade, which allows Externally Owned Accounts (EOAs) to temporarily function as smart contract wallets during transactions.

In a recent incident highlighted by Scam Sniffer on May 24, a wallet upgraded to EIP-7702 lost around $150,000 due to a sophisticated phishing scam. Yu Xian, the founder of SlowMist, a blockchain security firm, explained that Inferno Drainer executed the theft in a more advanced manner compared to traditional phishing scams.

Instead of directly hijacking user wallets, Inferno Drainer utilized a delegated MetaMask wallet that was already authorized under EIP-7702. With this setup, hackers could silently approve token transfers through a batch authorization process. Xian clarified that the victim unintentionally triggered an “execute” command within MetaMask, causing the malicious batch data to drain tokens without detection.

Xian pointed out that this incident signifies a change in scam methods, indicating that cybercriminals are adapting to incorporate new Ethereum updates to enhance their operations and evade detection. He warned users to remain vigilant and regularly review token authorizations to prevent theft via phishing accounts under EIP-7702.

This case is part of a wider trend in the cryptocurrency industry, where malicious actors have stolen millions of dollars from numerous individuals through phishing attacks. Security experts stress the importance of users actively protecting themselves by verifying websites, auditing token permissions, and refraining from clicking on unverified links to mitigate risks of falling victim to such scams.