A notorious phishing group known as Inferno Drainer has begun exploiting a new Ethereum feature to launch wallet-draining attacks

The group is taking advantage of Ethereum Improvement Proposal (EIP) 7702, a key part of the Pectra upgrade, which allows Externally Owned Accounts (EOAs) to temporarily act like smart contract wallets during transactions.

Sophisticated Crypto Phishing Scam Exploits Ethereum’s Smart Wallet Flexibility

On May 24, Scam Sniffer, a web3 anti-scam platform, flagged a case where a wallet recently upgraded to EIP-7702 lost nearly $150,000.

According to Yu Xian, founder of blockchain security firm SlowMist, Inferno Drainer carried out the theft using a more sophisticated version of traditional phishing.

Unlike previous scams that hijack user wallets directly, Xian explained that Inferno Drainer used a delegated MetaMask wallet—one already authorized under EIP-7702.

He said this allowed the hackers to approve token transfers silently through a batch authorization process.

Xian furthered that the victim unknowingly triggered an “execute” command within MetaMask, which processed the malicious batch data in the background. The result was a silent but effective token drain.

“The phishing gang uses this mechanism to complete batch authorization operations on tokens related to the victim’s address,” Xian said.

The security expert emphasized that this incident marks a shift in scam tactics.

According to him, it shows that attackers are no longer relying solely on old tricks as they’re actively integrating new Ethereum updates into their operations to stay ahead.

“As we predicted, the phishing gangs have caught up… Everyone should be vigilant, be careful that the assets in your wallet will be taken away,” Xian said.

Considering this, he urged users to review token authorizations regularly and check whether their wallet addresses have been delegated to phishing accounts via EIP-7702.

Meanwhile, this case is part of a broader trend in the crypto industry. Last month, malicious actors stole over $5 million from 7,565 individuals through phishing attacks.

Due to this, security experts have emphasized that crypto users must remain proactive to stay safe from these attack vectors.

Scam Sniffer advised industry players to verify websites before logging in or approving any transactions. They also urge community members to audit their token permissions routinely and avoid clicking on unverified links.