A new security test in Ethereum after EIP-7702: Crimeenjoor attacks

The Ethereum network moved to a new phase with Pectra upgrade and EIP-7702, which came into play last month. With this update, normal ETH addresses controlled by special switches can now act temporarily like a smart contract.

This feature improves the user experience and brings features such as collective process, encryption and expenditure limits; He also gave birth to new attack vectors.

Bad contracts called 💀 ‘Crimeenjoor’ are spreading

According to Wintermute’s report, malicious contracts called “Crimeenjoor” are trying to evacuate the weak-safety wallets using the EIP-7702 delegation system.

“We’ve identified thousands of authorization using the same code in 97%. These are simple but common‘ sweeper ’contracts that automatically sweep the ETH. - Wintermute

💸 attacks are ineffective: cost, no profit

To date, more than 79,000 wallets addresses have received authorization with these contracts. However, the attackers could hardly make any profits despite their 2,88 ETH expenditures.

52,000 authorization was gathered at only one address:

0x89383882FC2D0CD4D7952A3267A3B6DAE967E704

The address where the stolen ETHs are directed is:

0x6f6bd3907428ae93bc58A9ec25ae3a80110428

However, this address has not yet been transferred to ETH.

According to Samsniffer’s report, some wallets, especially around $ 150,000 whales, were deceived by such Batched processes through Phishing.

🛡️ Conclusion: Strong feature, risky for weak wallets

Although the EIP-7702 is technologically revolutionary, it contains serious dangers for non-secure users. Wintermute’s observations reveal that the size of the attacks is wide but the effect is low.

Ethereum’s innovation rate is impressive, but the accompanying risks are as complex. It is critical for users to review the wallet permits before using new features and to be careful against third -party connections.