Ethereum’s New Upgrade Backfires – Hackers Steal $1.5M Overnight
Ethereum’s latest upgrade, EIP-7702, is facing harsh scrutiny after hackers exploited the feature in a string of phishing attacks that drained over $1.5 million from one investor.
The upgrade, introduced with May’s Pectra hard fork, was designed to make wallets smarter by letting regular Ethereum addresses temporarily act like smart contracts. While this allows users to bundle multiple actions into a single transaction, security experts say it has also created new attack surfaces.
A Growing Wave of Scams
Anti-fraud service Scam Sniffer has tracked at least three major cases this month alone. In the most recent incident, a victim unknowingly signed a batch of malicious approvals disguised as routine transfers. Within seconds, attackers swept $1.54 million in tokens and NFTs, later bridging much of it to Ethereum’s mainnet.
Just days earlier, another investor lost $1 million in a near-identical trap mimicking a Uniswap interface, while a separate case in June saw $66,000 vanish. The method is consistent: fake DeFi sites lure users into approving hidden transfers that drain entire wallets.
Warnings from Security Firms
Wintermute researchers had already flagged the risks back in June, noting that most delegations tied to EIP-7702 were pointing to identical “sweeper” contracts designed to instantly steal incoming ETH.
Scam Sniffer says the threat is escalating as more addresses upgrade under the new standard, with many users unaware of the dangers.
What Users Can Do
Experts advise extra caution when signing batch transactions and avoiding unfamiliar interfaces, no matter how convincing they look. The safest approach, they stress, is sticking to trusted applications and double-checking every permission request.
EIP-7702 may have been meant to streamline Ethereum, but for now, it’s giving hackers an efficient new playground.
The information provided in this article is for informational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alex is Editor-in-Chief of Coindoo and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
