Malicious Ethereum contracts designed to drain wallets with weak certainty do not benefit from the operation, the manufacturer of cryptocurrencies of the Wintermute market said on Friday, identifying these contracts as “crime grimes.”
The whole theme is linked to the proposal to improve Ethereum (EIP) -7702, part of the tong update that was directed at the beginning of last month. It allows regular Ethereum addresses, insured by private keys, temporarily operate as intelligent contracts, facilitating lots, authentication of passwords and spending limits.
The regular Ethereum addresses the delegate control of its wallets to intelligent contracts, giving them permission to manage or move their funds. Although it has simplified the user experience, it has also created a risk of malicious contracts that drain funds.
Until Friday, more than 80% of the delegations made through EIP-7702 involved reused contracts, copying and pasta designed to automatically scan and identify weak wallets for a possible robbery.
“Our research team found that more than 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code. These are dragUsed to automatically drain the incoming eth of the compromised addresses, “Wintermute said in X.
“The CourtJoyor contract is short, simple and widely reused. This copy of the copy now represents most of all the EIP-7702 delegations. It is fun, dark and fascinating at once,” added the market manufacturer.
Notable cases include a wallet that lost almost $ 150,000 through malicious lots in a fishing attack, as noted by the anti-SCAM Tracker Sniffer scam.
Even so, large -scale money drainage has not been profitable for attackers. The crimeenjores spent approximately 2.88 ETH to authorize around 79,000 addresses. A private address –0x89383882FC2D0CD4D7952A3267A3B6DAE967E704 – He managed more than half of these authorizations, with 52,000 permits granted.
According to the winter researcher, the stolen ether can be traced by analyzing the code of these contracts. For the previous example, the ETH is intended to flow the address –0x6f6BD3907428AE93BC58ACA9EC25AE3A80110428.
However, until Friday, I had no incoming eth transfers. The researcher added that this pattern also seems consistent in other Crimeenjoyors.
