Ethereum malicious contracts designed to drain the portfolios with low security do not benefit from the operation, said Crypto Wintermute market on Friday, identifying these contracts as “Crimeenjoyors”.
The entire problem is linked to the Ethereum improvement proposal (EIP) -7702, part of the Pectra upgrade which was put online at the beginning of last month. It allows regular Ethereum addresses, secured by private keys, to work temporarily as intelligent contracts, by facilitating transactions by lots, the authentication of the password and the expenditure limits.
The regular Ethereum addresses the control of the delegate of their portfolios to intelligent contracts, granting them permission to manage or move their funds. Although he has simplified the user experience, he also created a risk of malicious contracts draining funds.
Friday, more than 80% of the delegations carried out via EIP-7702 involved reused and copies contracts and paste designed to scan and automatically identify weak portfolios for potential flight.
“Our research team revealed that more than 97% of all EIP-7702 delegations were authorized for several contracts using the same exact code. These are sweepersUsed to automatically drain the ETH entering from compromises addresses, “said Wintermute on X.
“The Crimeenjoyor contract is short, simple and widely reused. This Byte-Coco-Copier code now represents the majority of all EIP-7702 delegations. It is funny, dark and fascinating at the same time,” added the market market.
Notable cases include a portfolio that has lost nearly $ 150,000 thanks to malware transactions in a fishing attack, as Sniffer noted.
However, large -scale monetary drainage was not profitable for attackers. Crimeenjoyors spent around 2.88 ETH to authorize around 79,000 addresses. A special address –0x89383882fc2d0cd4d7952a3267a3b6dae967e704 – managed more than half of these authorizations, with 52,000 authorizations.
According to Wintermute’s researcher, the stolen ether can be traced by analyzing the code of these contracts. For the example above, the ETH is intended to pour the address –0x6f6bd3907428Ae93BC58aca9ec25Ae3A80110428.
However, this Friday, he had no incoming ETH transfer. The researcher added that this model also seems coherent in the other crimereenjoyors.
