Inferno Drainer exploits a new attack vector using Ethereum EIP-7702, resulting in a $150,000 loss in a single transaction

BlockBeats News, May 26th, According to the blockchain security platform Scam Sniffer, phishing group Inferno Drainer recently used the Ethereum EIP-7702 upgrade feature to carry out a new type of attack, causing a single transaction to result in approximately $150,000 in losses. EIP-7702 is a key feature of the Pectra upgrade, allowing an externally owned account (EOA) to temporarily possess smart contract capabilities during a transaction. The attacker, leveraging an authorized MetaMask wallet, initiated batch token transfer operations.

SlowMist founder Cao Yin pointed out that this event marks an evolution in phishing strategies: attackers no longer directly hijack wallets but instead lure users to trigger MetaMask's "execute" command, silently executing malicious batch approvals in the background to complete asset transfers. (Beincrypto)