Inferno Drainer utilizes EIP-7702 to implement a new type of phishing attack, resulting in individual user losses of up to $150,000
ChainCatcher news, according to Beincrypto, the blockchain security platform Scam Sniffer has disclosed that the notorious phishing organization Inferno Drainer has recently launched a new type of attack utilizing the upcoming EIP-7702 feature in Ethereum, resulting in individual user losses of up to $150,000.
EIP-7702 is a proposal in the Ethereum Pectra upgrade that allows external accounts (EOA) to temporarily act as smart contract wallets during transactions. Attackers exploit this by using authorized MetaMask wallets to batch transfer user assets, rather than directly controlling wallet permissions.
Yuxian, the founder of Slow Mist Technology, stated that such attacks have evolved from traditional private key theft to utilizing the "execute" command to perform malicious authorizations in the background. Security experts recommend that users regularly check their token authorization status and use tools like Etherscan to identify abnormal delegation behaviors to mitigate potential risks.