Wintermute, a major crypto market maker, has developed a tool to combat a rising threat in the Ethereum ecosystem—malicious smart contracts exploiting the new EIP-7702 delegation feature to drain user wallets.
‘CrimeEnjoyor’ Flags Dangerous Delegation Contracts
On May 30, Wintermute unveiled “CrimeEnjoyor”, a code that injects visible warnings into verified malicious Ethereum contracts. These contracts are designed to auto-sweep incoming ETH from wallets with compromised private keys. The message warns users:
“This contract is used by bad guys to automatically sweep all incoming ETH. DO NOT SEND ANY ETH.”
This initiative comes in response to a growing trend of wallet-draining contracts leveraging EIP-7702, an upgrade introduced in Ethereum’s recent Pectra hard fork.
EIP-7702: A Double-Edged Sword
EIP-7702 enables Ethereum wallet users to temporarily delegate control to smart contracts. While this increases functionality for wallet abstraction and automation, it also opens a new attack vector for malicious actors.
Wintermute’s research reveals that over 97% of EIP-7702 delegations were to contracts using identical code, indicating a coordinated exploitation campaign. These contracts—called “sweepers”—drain ETH automatically from wallets that have delegated access, often due to leaked or stolen private keys.
To expose these threats, Wintermute reversed the bytecode of these contracts into human-readable Solidity and publicly verified them, allowing the warning message to appear on block explorers like Etherscan.
Real-World Impact and Urgent Need for Transparency
The risk is real. On May 23, a user lost $146,550 by unknowingly signing multiple malicious batched transactions linked to EIP-7702, according to blockchain security firm Scam Sniffer.
As of now, 12,329 EIP-7702 transactions have been executed since Pectra went live on May 7 at epoch 364032.
Wintermute emphasizes the urgent need for better transparency tools to help users differentiate between legitimate and malicious contract interactions. While EIP-7702 is optional, the complexity it introduces requires additional user education and interface safeguards.
Pectra Brings More Than Just EIP-7702
The Pectra upgrade also introduced:
- EIP-725, raising the staking limit from 32 ETH to 2,048 ETH to help institutional validators.
- EIP-7691, increasing data blob capacity to enhance Layer 2 scalability and reduce fees.
Conclusion
Wintermute’s CrimeEnjoyor offers a much-needed defense against smart contract-based scams in a rapidly evolving Ethereum ecosystem. As innovation like EIP-7702 unfolds, user protection must evolve in parallel to ensure security remains at the heart of Ethereum’s decentralized future.
