Ethereum’s Latest Shenanigans: When Innovation Meets Total Chaos 🚀💸

by

Ah, Ethereum, that charming digital Belle—leaning on its latest upgrade, Pectra, to charm the crowd after the grand spectacle of ‘The Merge’. One might think it a marvel, a masterpiece of modern engineering. But alas, dear reader, a darker tapestry is woven beneath its gleaming veneer. The promised simplicity of EIP-7702 has become the playground of shadowy scoundrels. Fancy that! 🎩🔥

Proposed by the venerable Vitalik Buterin—whose ideas are as intoxicating as absinthe—the EIP-7702 was meant to make wallets as easy as a Sunday promenade. Short-lived smart contracts, gas fees sponsored for your convenience, and delightful features such as spending limits and passkey authorization—what could possibly go wrong? Well, as the saying goes, ‘The road to hell is paved with good intentions and smart contracts.’ Naturally, this open door invites miscreants to frolic and filch. 😏

While EIP-7702 brings new convenience, it also introduces new risks

Our Research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised…

— Wintermute (@wintermute_t) May 30, 2025

Malicious Script “CrimeEnjoyor”: The Digital Version of a Pickpocket’s Charm

Wintermute, those vigilant sentinels of blockchain security, have uncovered that a staggering 80% of wallet delegations dance to the tune of a single nefarious script called “CrimeEnjoyor.” Think of it as the creepy carnival barker of the crypto world—luring wallets with honeyed words before swiftly siphoning their funds into the void. All this masquerading in the attire of user-friendliness—oh, the irony! 🕵️‍♂️🕸️

“Our Research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are sweepers, used to automatically drain incoming ETH from compromised addresses,” Wintermute announced in a tone that mixes horror with bemusement. “The CrimeEnjoyor contract is short, simple, and widely reused. This one copy-pasted bytecode now accounts for the majority of all EIP-7702 delegations. It’s simultaneously hilarious, tragic, and utterly fascinating,” they added, sipping their metaphorical champagne.

Scam Sniffer, that ever-vigilant sentinel, reports a wallet lost nearly $150K—an amount that might make even the wealthiest toddlers cry—due to some phishing *entendre* linked to the infamous Inferno Drainer. As Ethereum dons its new clothes of ‘innovation,’ scoundrels are quick to join the masquerade—caught in a perpetual dance with disaster.

The Real Flaw: Your Private Keys Are Not So Private

But let us not blame the innovation itself, for it is but a shining mirror—what truly matters are the shadows cast by user negligence. The true Achilles’ heel remains the humble private key—those tiny secrets that unlock the vaults of riches. An absent-minded whisper or a careless click, and wealth vanishes faster than a souffle at a dinner party. Researchers and security firms like SlowMist tirelessly plead: secure your keys, darling, or rue the day.

Profit? What Profit? The Thieves’ Little Joke

Despite the grand schemes and vast swaths of ETH floating in digital chaos, the attackers’ wallets are emptier than a church on Monday. To target nearly 79,000 wallets, they spent less than a modest 3 ETH—hardly enough for a decent soirée. One audacious address managed over 52,000 authorizations—impressive, if only for its audacity. The stolen loot is traceable, yet the scoundrels appear to have little to show for their efforts—an costly hobby of a few penny-wise pirates. 🎭💸

Read More

2025-06-02 14:38