Inferno Drainer exploits Ethereum’s EIP-7702 to drain wallets via phishing, stealing $150K in a recent attack and urging user vigilance.
The group is utilizing Ethereum Improvement Proposal (EIP) 7702, a critical component of the Pectra upgrade, which enables Externally Owned Accounts (EOAs) to function momentarily as smart contract wallets during transactions.
A sophisticated cryptocurrency phishing scam exploits the flexibility of Ethereum’s smart wallet
Scam Sniffer, a web3 anti-scam platform, reported a case on May 24 in which a wallet recently upgraded to EIP-7702 experienced a loss of nearly $150,000.
According to Yu Xian, the founder of the blockchain security firm SlowMist, Inferno Drainer employed a more sophisticated variant of traditional phishing to commit theft.
Xian clarified that Inferno Drainer utilized a delegated MetaMask wallet, which was already authorized under EIP-7702, in contrast to previous schemes that directly hijack user wallets.
He stated that this enabled the hackers to approve token transfers silently through a batch authorization procedure.
Xian also stated that the victim inadvertently executed an “execute” command within MetaMask, which processed the malicious bulk data in the background. The outcome was a token drain that was both discreet and effective.
“The phishing gang uses this mechanism to complete batch authorization operations on tokens related to the victim’s address,” Xian said.
The security expert emphasized that this incident represents a change in fraud tactics.
According to him, this demonstrates that attackers are no longer relying exclusively on traditional methods, as they are actively incorporating new Ethereum updates into their operations to maintain a competitive edge.
“As we predicted, the phishing gangs have caught up… Everyone should be vigilant, be careful that the assets in your wallet will be taken away,” Xian said.
In light of this, he encouraged users to conduct routine reviews of token authorizations and verify whether their wallet addresses have been delegated to fraudulent accounts through EIP-7702.
In the interim, this case indicates a more extensive trend within the cryptocurrency sector. Through phishing attacks, malicious actors were able to steal more than $5 million from 7,565 individuals last month.
As a result, security experts have underscored the importance of crypto users remaining vigilant to prevent these attack vectors.
Scam Sniffer advised industry participants to verify websites before logging in or authorizing any transactions. In addition, they encourage community members to conduct routine audits of their token permissions and refrain from clicking on unverified links.
