Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack
Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack
cryptonewsEthereum

Inferno Drainer Uses EIP-7702 to Drain $150K in Ethereum Phishing Attack

Tatevik Avetisyan
by Tatevik Avetisyan

-

692
0

Inferno Drainer exploited Ethereum’s EIP-7702 to steal $150,000 from a single wallet. The case was flagged by Scam Sniffer on May 24, 2025.

EIP-7702, introduced in the Pectra upgrade, allows regular wallets to act like smart contracts temporarily. Attackers used this to bypass standard approval prompts and authorize token transfers.

The group used a delegated MetaMask wallet, already granted permissions, to process malicious transactions without alerting the wallet owner.

Delegated Wallet Enabled Hidden Batch Authorization

According to Yu Xian, founder of SlowMist, the victim signed a transaction that triggered a hidden batch authorization. This approved multiple token transfers at once.

Xian explained that the attackers executed an “execute” command using previously granted permissions. The tokens were drained silently through that batch.

EIP-7702 MetaMask Delegation Record Revealed in Wallet Authorization Log. Source: Etherscan
EIP-7702 MetaMask Delegation Record Revealed in Wallet Authorization Log. Source: Etherscan / X

This method avoided the need for direct wallet takeover. Instead, it used access that had already been authorized during earlier activity.

Ethereum Phishing Attacks Surpass $5M in April 2025

Scam Sniffer reported over $5 million lost to phishing in April 2025. A total of 7,565 wallets were affected.

Xian said the use of new protocol features like EIP-7702 marks a change in scam tactics.

“As we predicted, the phishing gangs have caught up,”

he said.

Batch Token Drain via Multicall in EIP-7702 MetaMask Phishing. Source: Scam Sniffer
Batch Token Drain via Multicall in EIP-7702 MetaMask Phishing. Source: Scam Sniffer

He urged users to check if their wallet addresses are linked to delegation approvals or open token permissions.

Scam Sniffer advised users to inspect existing token authorizations and revoke unused or suspicious ones. Delegated MetaMask sessions can remain active if not manually removed.

No official comment has been made by MetaMask or the Ethereum Foundation regarding the misuse of EIP-7702. Blockchain analysts continue tracking the stolen funds.


Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.

Previous article
Coinbase Hit With Lawsuit Over $400M Data Breach and UK Regulator Violation
Next article
Bitcoin Reclaims Safe-Haven Status Amid Market Turmoil, But Caution Remains

LATEST POSTS

cryptonews

Nasdaq and S&P 500 Hit Fresh Records as Bitcoin Reaches $75K

Bitcoin price climbed above $75,000 on Wednesday as tech stocks pushed both the Nasdaq record high and the S&P 500 record high. The move came...
Stock exchange

Bitmine NYSE Uplisting Starts as BMNR Expands Share Buyback to $4 Billion

Bitmine Immersion Technologies began trading on the New York Stock Exchange on Thursday after moving up from NYSE American, while the company also raised its...
Ethereum

Ethereum Stablecoin Supply Hits Record $180B as Token Terminal Maps Bigger Onchain Growth

The Ethereum stablecoin supply has reached a record $180 billion, according to Token Terminal. The data shows that the Ethereum network still leads the market...
Crypto money

Onchain Evidence Leads Terror Financing Convictions in Indonesia

Onchain evidence helped secure the conviction of three terrorism financiers in Indonesia in 2024 and 2025, according to TRM Labs. The cases showed that blockchain...
Load more

Follow us on X too!

122FollowersFollow

Most Popular

Guest posts