Wintermute’s ‘CrimeEnjoyor’ to flag Ethereum’s wallet-draining contracts

Ethereum users will be warned of a new attack capable of draining their wallets, as crypto market maker Wintermute says it has created code that injects a warning into verified malicious contracts.

Wintermute’s code, dubbed “CrimeEnjoyor,” prints a warning within malicious Ethereum contracts that are “designed to auto-sweep funds” from wallets with leaked private keys, itsaidin a May 30 X post.

The warning reads that the malicious contract “is used by bad guys to automatically sweep all incoming ETH” and prominently warns to “NOT SEND ANY ETH.”

The maliciouscontracts exploita feature introduced in Ethereum’s Pectra upgrade, called Ethereum Improvement Proposal-7702 (EIP-7702), that allows users to temporarily delegate control of their wallets to smart contracts, the firm said.

Wintermute said that its research team found “over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code.”

“These are sweepers, used to automatically drain incoming ETH from compromised addresses,” it explained.

Wintermute said it to make the CrimeEnjoyor code show up in the malicious contracts, it reversed their Ethereum Virtual Machine bytecode into human-readableSolidity codeand publicly verified it.

EIP-7702 is optional, but transparency tools needed

EIP-7702 is an opt-in feature and is not required to perform basic Ethereum operations like native token transfers.

Wintermute said that while EIP-7702 expands Ethereum’s capabilities, a lack of verification makes it more difficult to distinguish legitimate infrastructure from malicious exploitation, particularly for new users.

One Ethereum user who tapped EIP-7702lost$146,550 by signing several malicious batched transactions on May 23, blockchain security firm Scam Snifferpointedout at the time.

Related:Vitalik wants to make Ethereum ‘as simple as Bitcoin’ in 5 years

A total of12,329EIP-7702 transactions have been made since thePectra upgrade went liveon Ethereum at the start of epoch 364032 on May 7.

Pectra also introduced two other significant upgrades.

The first, EIP-725,  increased the validator staking limit from 32 EtherETH$2,493EthereumChange (24h)1.20%Market Cap$300.34BVolume (24h)$11.89BView Moreto 2,048 ETH to make operations easier for large stakers.

Pectra also introduced EIP-7691, which increases the number of data blobs per block with the aim ofimproving scalabilityonEthereum layer 2sand reducing transaction fees.

Magazine:12 minutes of nail-biting tension when Ethereum’s Pectra fork goes live

Explore more articles like this

Subscribe to the Markets Outlook newsletter

Get critical insights to spot investment opportunities, mitigate risks, and refine your trading strategies. Delivered every Monday

By subscribing, you agree to ourTerms of Services and Privacy Policy