Ethereum Upgrade Creates Critical Wallet Security Risk

ByAva Sinclair

Ethereum’s recent Pectra upgrade introduced a significant security vulnerability that could allow hackers to drain wallet funds using only an offchain signature, security experts warn.

The major network upgrade, which went live on May 7, has enabled powerful new features but also created an unexpected attack vector that puts billions of dollars at risk.

Source: DepositPhotos

New Attack Vector Through EIP-7702

At the center of the vulnerability is Ethereum Improvement Proposal 7702 (EIP-7702), a core component of the Pectra upgrade that introduces a new transaction type called SetCode. This feature enables users to delegate control of their wallet to another contract simply by signing a message.

Security experts have confirmed that attackers who obtain this signature through phishing attacks can overwrite the wallet’s code with malicious proxy contracts that forward calls to drain funds, according to Cointelegraph.

“It becomes possible for an attacker to drain an EOA’s funds using only an offchain signed message,” explained Arda Usman, a Solidity smart contract auditor who has been analyzing the upgrade’s implications.

Hardware Wallets No Longer Inherently Safer

In a concerning development, researchers note that even hardware wallets, previously considered more secure, are equally vulnerable to this new attack vector. Before Pectra, users needed to send an actual transaction to allow their funds to be moved, but now a simple offchain signature can install code that delegates complete control.

Yehor Rudytsia, onchain researcher at Hacken, warns that hardware wallets “are at the same risk as hot wallets from the perspective of signing malicious messages” under this new paradigm.

Cross-Chain Risk Amplifies Threat

Adding to the danger, EIP-7702 allows for signatures with chain_id = 0, meaning a signed message can be replayed across any Ethereum-compatible blockchain. This significantly increases the potential impact of successful phishing attempts, as compromised signatures could affect user funds across multiple networks.

The vulnerability comes as wallet providers like Ambire and Trust Wallet race to integrate the new EIP-7702 features, with some already rolling out support since the upgrade went live on May 7.

Source: DepositPhotos

Protecting User Funds

Security experts recommend several protective measures to avoid falling victim to this new attack vector:

1. Users should scrutinize all signature requests and avoid signing messages they don’t fully understand.

2. Wallet developers must implement clear warnings when users are asked to sign a delegation message, especially those containing account nonces.

3. Extra caution should be taken with new delegation signature formats introduced by EIP-7702, which are not compatible with existing standards and may bypass normal wallet warnings.

While multisignature wallets remain more secure thanks to their requirement for multiple signers, single-key wallets must adopt new signature parsing and red-flagging tools to prevent potential exploitation, according to security researchers.

Ava Sinclair

Ava is a financial analyst-turned-writer who translates complex economic trends into digestible insights. Whether it's Wall Street movements, market shifts, or personal finance strategies, Ava makes numbers make sense for everyone.

Similar Posts