- EIP-7702 enables wallet delegation through off-chain signatures, which can be exploited by malicious actors.
- Users are advised to exercise caution and avoid signing unfamiliar messages to protect their assets.
What happened: Pectra upgrade’s EIP-7702 exposes wallets to off-chain signature exploits
Ethereum implemented the Pectra upgrade, introducing EIP-7702, which allows users to delegate wallet control via off-chain signatures. This feature, while aimed at enhancing scalability and smart account functionality, has inadvertently opened a new attack vector.
Security experts have identified that attackers can exploit this by obtaining a user’s off-chain signature—potentially through phishing or malicious dApps—and use it to install arbitrary code on the user’s wallet. This code can then transfer funds without any on-chain transaction or further user interaction.
Also read: Ethereum may rally in Q1 with historical bullish trend
Also read: 6,663 Ethereum offloaded on Coinbase amid ongoing sell-off
Why it’s important
The introduction of EIP-7702 has significant implications for wallet security. Previously, transferring funds required a direct on-chain transaction signed by the user. Now, a single off-chain signature can grant full control to an attacker.
This development underscores the need for heightened vigilance among users and prompt updates from wallet providers to detect and warn against such delegation requests. As the Ethereum ecosystem evolves, balancing innovation with security remains paramount.
