Eth Wallets Targeted in EIP-7702 Exploit

SlowMist has identified a vulnerability in Ethereum’s EIP-7702 feature, exploited by phishing gangs to drain ETH wallets. In April 2025 alone, reported losses have exceeded $5.29 million, marking a concerning rise in successful attacks. On-chain data corroborates this surge, emphasizing the sophistication of the attacks. The wallet-draining method involves exploiting existing batch delegation features, slipping through typical user transaction warnings. SlowMist has consistently highlighted this with detailed security analyses.

The direct involvement primarily affects Ethereum (ETH) and related ERC-20 tokens, putting affected users at financial risk. Immediate community reactions have been strong, focusing on preventive wallet updates and increased transaction scrutiny.

The broader implications emphasize the necessity for improved user interfaces and heightened security measures among developers. Global discussions signal a pivot towards integrating enhanced security checks and user feedback in wallet contracts.

Historically, phishing attacks on crypto wallets are not new; however, this incident has revived urgency around upgrading wallet security protocols. Market observers suggest the need for robust user education and quick adoption of security patches remains high. Regulatory responses have yet to materialize but could evolve as the situation develops further.

“SlowMist’s analysis underscores that this exploit was ‘very creative’ – it abused a legitimate wallet feature in an unexpected way.” — SlowMist Security Team, Security Team, SlowMist source