Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack
Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack
cryptonewsEthereum

Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack

Tatevik Avetisyan
by Tatevik Avetisyan

-

577
0

Inferno Drainer exploited Ethereum’s EIP-7702 to steal $150,000 from a single wallet. The case was flagged by Scam Sniffer on May 24, 2025.

EIP-7702, introduced in the Pectra upgrade, allows regular wallets to act like smart contracts temporarily. Attackers used this to bypass standard approval prompts and authorize token transfers.

The group used a delegated MetaMask wallet, already granted permissions, to process malicious transactions without alerting the wallet owner.

Delegated Wallet Enabled Hidden Batch Authorization

According to Yu Xian, founder of SlowMist, the victim signed a transaction that triggered a hidden batch authorization. This approved multiple token transfers at once.

Xian explained that the attackers executed an “execute” command using previously granted permissions. The tokens were drained silently through that batch.

EIP-7702 MetaMask Delegation Record Revealed in Wallet Authorization Log. Source: Etherscan
EIP-7702 MetaMask Delegation Record Revealed in Wallet Authorization Log. Source: Etherscan / X

This method avoided the need for direct wallet takeover. Instead, it used access that had already been authorized during earlier activity.

Ethereum Phishing Attacks Surpass $5M in April 2025

Scam Sniffer reported over $5 million lost to phishing in April 2025. A total of 7,565 wallets were affected.

Xian said the use of new protocol features like EIP-7702 marks a change in scam tactics.

“As we predicted, the phishing gangs have caught up,”

he said.

Batch Token Drain via Multicall in EIP-7702 MetaMask Phishing. Source: Scam Sniffer
Batch Token Drain via Multicall in EIP-7702 MetaMask Phishing. Source: Scam Sniffer

He urged users to check if their wallet addresses are linked to delegation approvals or open token permissions.

Scam Sniffer advised users to inspect existing token authorizations and revoke unused or suspicious ones. Delegated MetaMask sessions can remain active if not manually removed.

No official comment has been made by MetaMask or the Ethereum Foundation regarding the misuse of EIP-7702. Blockchain analysts continue tracking the stolen funds.


Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.

Previous article
Coinbase Hit With Lawsuit Over $400M Data Breach and UK Regulator Violation
Next article
Bitcoin Reclaims Safe-Haven Status Amid Market Turmoil, But Caution Remains

LATEST POSTS

Ethereum

More companies are betting on Ethereum: What does it mean for the evolution of the sector?

While Bitcoin has long been the "gold standard" of the crypto world, a significant shift is happening in 2026 as institutional investors increasingly bet on...
cryptonews

Kashkari Fires Back at Crypto and Stablecoins While Backing AI

Neel Kashkari, president of the Federal Reserve Bank of Minneapolis, criticized crypto and stablecoins during remarks at the 2026 Midwest Economic Outlook Summit on Thursday....
Analysis

ETH Coils Near $2,000 as Triangle Tightens and $1,800–$2,118 Range Holds

Ethereum traded near $1,994 on the 4 hour ETHUSDT perpetual chart from Binance as one analyst pointed to a tightening triangle that could force a...
Ethereum

Ethereum Rebound Hints Build, but ETH Needs $2,150 and $2,800 to Flip the Trend

Ethereum stayed in a downtrend for several weeks. During this period, price kept making lower highs and lower lows. In addition, ETH traded below the...
Load more

Follow us on X too!

120FollowersFollow

Most Popular

Guest posts