Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack

Inferno Drainer exploited Ethereum’s EIP-7702 to steal $150,000 from a single wallet. The case was flagged by Scam Sniffer on May 24, 2025.

EIP-7702, introduced in the Pectra upgrade, allows regular wallets to act like smart contracts temporarily. Attackers used this to bypass standard approval prompts and authorize token transfers.

The group used a delegated MetaMask wallet, already granted permissions, to process malicious transactions without alerting the wallet owner.

Delegated Wallet Enabled Hidden Batch Authorization

According to Yu Xian, founder of SlowMist, the victim signed a transaction that triggered a hidden batch authorization. This approved multiple token transfers at once.

Xian explained that the attackers executed an “execute” command using previously granted permissions. The tokens were drained silently through that batch.

EIP-7702 MetaMask Delegation Record Revealed in Wallet Authorization Log. Source: Etherscan / X

This method avoided the need for direct wallet takeover. Instead, it used access that had already been authorized during earlier activity.

Ethereum Phishing Attacks Surpass $5M in April 2025

Scam Sniffer reported over $5 million lost to phishing in April 2025. A total of 7,565 wallets were affected.

Xian said the use of new protocol features like EIP-7702 marks a change in scam tactics.

“As we predicted, the phishing gangs have caught up,”

he said.

Batch Token Drain via Multicall in EIP-7702 MetaMask Phishing. Source: Scam Sniffer

He urged users to check if their wallet addresses are linked to delegation approvals or open token permissions.

Scam Sniffer advised users to inspect existing token authorizations and revoke unused or suspicious ones. Delegated MetaMask sessions can remain active if not manually removed.

No official comment has been made by MetaMask or the Ethereum Foundation regarding the misuse of EIP-7702. Blockchain analysts continue tracking the stolen funds.

Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.

LATEST POSTS