Odaily星球日报讯 Wintermute 分析称,以太坊近期 Pectra 升级中的 EIP-7702 提案已被大规模用于恶意行为。该提案原旨在提升用户体验,如支持批量交易、社交验证、设定支出上限等,但现有超过 80%的 EIP-7702 授权流向了多个部署相同“自动清扫”代码的合约。 Wintermute 将这一类合约命名为“CrimeEnjoyor”,其作用是在私钥泄露后自动转移钱包资产。 安全公司 Scam Sniffer 和 SlowMist 均指出该提案已被诈骗服务 Inferno Drainer 滥用,有用户因恶意批量交易损失近 15 万美元。SlowMist 创始人余弦提醒,钱包服务商应尽快支持并明确展示授权合约信息,防止钓鱼攻击。 安全专家 Taylor Monahan 指出,问题根源仍在于用户私钥安全,“EIP-7702 并非漏洞,它只是让攻击变得更高效。”(The Block)
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.