Malicious Ethereum contracts designed to drain wallets with weak security do not benefit from the operation, said Crypto Market Maker Wintermute Friday, identifying these contracts as “Criminal Joyors.”
The whole question is linked to Ethereum Improvement Proposal (EIP) -7702, part of the pectra upgrade that went alive early last month. It provides regular Ethereum addresses, secured with private keys, temporarily acting as smart contracts, facilitating batches of transactions, password approval and consumption limits.
The ordinary Ethereum addresses delegated control of their wallets for smart contracts and gives them permission to manage or move their funds. Although it has simplified the user experience, it has also created a risk of malicious contracts that drain funds.
From Friday, more than 80% of the delegations involved through the EIP-7702 recycled, copy-and-pasta contracts designed to automatically scan and identify weak wallets for potential theft.
“Our research team found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using Same accurate code. These are sweepersUsed to automatically drain incoming ETH from compromised addresses, “Wintermute said at X.
“The Criminal Joyor Contract is short, simple and widely reused. This copy inmate bytecode now represents most of all EIP-7702 delegations. It’s fun, dark and fascinating at once,” the market manufacturer added.
Remarkable cases include a wallet that lost nearly $ 150,000 through malicious batched transactions in a fishing attack, as anti-scam tracker Scam Sniffer noted.
Still, the big money drain has not been profitable for attackers. The criminal joys used about 2.88 ETH to approve about 79,000 addresses. A specific address –0x89383882FC2D0CD4D7952A3267A3B6DAE967E704 – handled more than half of these permits, with 52,000 permits granted.
Per Wintermutes researcher the stolen ether can be traced by analyzing the code for these contracts. For the above example, ETH is intended to flow the address –0x6F6BD3907428AE93BC58ACA9EC25AE3A80110428.
From Friday, however, it had no incoming ETH transfers. The researcher added that this pattern also appears consistent across other criminal loves.
