Recent Phishing Attack on Ethereum Wallets Shocks Blockchain Community
Recently, a new phishing attack targeting Ethereum wallets has shocked the blockchain community. Hackers successfully stole $146,551 worth of crypto assets by leveraging features from Ethereum’s latest upgrade, EIP-7702. According to a report from the blockchain security firm SlowMist, the attackers initiated malicious batch transactions via MetaMask’s EIP-7702 Delegator, bypassing traditional security mechanisms of the wallet.
EIP-7702: An Upgrade or a Vulnerability?
EIP-7702 is a recently launched upgrade proposal for Ethereum that allows wallet users to perform batched transactions through a “Delegator.” Originally intended to enhance operational efficiency and programmability, it has now been exploited by hackers as a conduit for asset theft. Through this new feature, fraudulent groups can silently authorize token transfers without sufficient user consent, effectively opening a backdoor behind the users’ backs.
MetaMask Users Targeted: Hackers Harvest Without Warning
In this incident, hackers deployed a malicious Delegator contract to lure users into interaction, subsequently executing batch transactions to extract assets. A MetaMask user fell victim, suffering a loss of up to $146,551. SlowMist founder Yu Xian stated that such phishing attacks targeting new features are becoming increasingly common, as hackers rapidly adapt to Ethereum’s upgrade pace and begin deploying fraudulent strategies against new functionalities.
The Hand Behind the Scenes: Inferno Drainer
This attack has been attributed to the notorious hacker group Inferno Drainer. According to a report by Check Point Research on May 7, 2025, the organization has been linked to over 30,000 wallet attack incidents in the past six months, resulting in a cumulative loss of $9 million. Inferno Drainer is known for designing bait websites and fraudulent smart contracts, further upgrading phishing techniques by utilizing the latest blockchain functionalities. This EIP-7702 incident once again confirms their level of activity.
Security Firms Had Already Sounded the Alarm: Malicious Addresses Exposed
In fact, on May 20, 2025, the blockchain security firm GoPlus Security had warned the community about a malicious Delegator address related to EIP-7702 that was circulating. This warning became a precursor to the attack, highlighting the insufficient responsiveness of users and the entire DeFi ecosystem when facing new upgrades.
April Fraud Wave: Over 7,500 Wallets Compromised, Losses Exceeding $5.3 Million
This incident is not an isolated case. In April 2025, the entire cryptocurrency ecosystem faced a wave of large-scale phishing attacks, with 7,565 wallets compromised and asset losses reaching as high as $5.3 million. This demonstrates that fraudulent techniques are continually evolving, while users’ risks are also on the rise.
How Can Users Protect Themselves? Stay Alert to New Features and Avoid Authorization Traps
In the face of such phishing attacks implemented through new features, users need to be particularly vigilant. The following suggestions can effectively enhance security:
- Avoid clicking on links provided by unknown websites or DApps
- Verify the content and addresses of transaction authorizations each time
- Maintain a skeptical attitude towards smart contracts and features that have not been widely verified
- Use blockchain security extension tools like Pocket Universe or ScamSniffer to assist in assessing transaction safety
The advancements of Ethereum bring more possibilities to the ecosystem, but they also mean that hacker toolkits are being upgraded simultaneously. Only by staying alert can users safeguard their assets in this race of upgrades and countermeasures.
Risk Warning
Cryptocurrency investments carry a high level of risk, and their prices can be highly volatile. You may lose your entire principal. Please assess risks carefully.