365int
Ethereum’s recent Pectra upgrade, launched on May 7, introduces new security risks. The upgrade features EIP-7702, which allows users to delegate wallet control through offchain signatures. This opens the door for attackers to hijack wallets with just a signature, bypassing the need for an onchain transaction.
Attackers can exploit phishing methods to obtain a delegation signature, enabling them to install malicious code on a user’s wallet. Once this code is set, attackers can steal funds without the user’s knowledge.
Yehor Rudytsia from Hacken warns that wallets not detecting these new transaction types are especially vulnerable. “Wallets must analyze transaction types and flag suspicious requests,” Rudytsia advised.
This risk affects both hot and hardware wallets. Users should be cautious and never sign messages they don’t fully understand.
\
