Ethereum’s Pectra upgrade introduced EIP-7702, enabling wallets to temporarily function as smart contracts for a better user experience.
Proposed by Vitalik Buterin, this feature supports account abstraction, allowing users to batch transactions, sponsor gas fees, and enforce stricter spending controls.
While this innovation improves wallet usability and security, it has also become a potential target for exploitation.
Wintermute’s analysis reveals that over 80% of EIP-7702 delegations are being used by a single malicious contract, dubbed “CrimeEnjoyor.” The contract’s code is short, copy-pasted, and alarmingly effective.
Once it gains access to a compromised wallet – often through phishing – it instantly drains the funds to an attacker’s address.
It’s automation at scale, and it’s proving costly.
Blockchain security firm Scam Sniffer highlighted one such incident where a victim lost nearly $150,000 in a single batched transaction linked to the notorious Inferno Drainer service.
With thousands of similar transactions already recorded, it may be that features meant to simplify Ethereum are also accelerating its vulnerabilities.
Maybe it’s not the code
The core issue behind the recent wave of wallet-draining attacks isn’t EIP-7702. It’s the continued problem of leaked or stolen private keys.
The new feature simply makes it faster and cheaper for attackers to exploit already-compromised wallets. Security firms like SlowMist are urging wallet providers to improve visibility into contract interactions and strengthen user protections.
As Ethereum evolves, the priority must shift toward smarter wallet design, clearer signing prompts, and better user education.
Because even the most promising features can backfire when basic security fails.
