A sophisticated phishing group known as Inferno Drainer has capitalised on a recently implemented Ethereum feature to conduct large-scale wallet-draining attacks, exposing a novel vulnerability within the blockchain ecosystem. This new tactic leverages Ethereum Improvement Proposal 7702 , part of the network’s broader Pectra upgrade, which permits Externally Owned Accounts to temporarily emulate smart contract wallets during transactions.
EIP-7702 was introduced to enhance transaction efficiency and flexibility by allowing EOAs, typically controlled by individuals, to process complex batch operations usually reserved for smart contracts. However, this flexibility has opened unforeseen attack vectors that cybercriminals like Inferno Drainer are now exploiting to extract significant funds without alerting users.
The initial alert came from Scam Sniffer, a web3 anti-scam platform, which identified a wallet compromised through this method losing nearly $150,000. This incident underscores the growing sophistication of phishing techniques targeting crypto users, marking a shift from conventional scams that often rely on direct wallet hijacking or tricking users into revealing private keys.
Blockchain security expert Yu Xian, founder of SlowMist, a firm specialising in combating crypto threats, explained that Inferno Drainer’s method differs markedly from previous phishing scams. Instead of forcibly taking control of a wallet, the group operates through a delegated MetaMask wallet—one authorised under EIP-7702’s new permissions system.
This approach involves the hackers silently approving token transfers by executing a batch authorisation process. Through this mechanism, the victim unknowingly triggers an “execute” command within MetaMask, which processes malicious batch data quietly in the background, resulting in a stealthy but effective draining of tokens.
“The phishing gang uses this mechanism to complete batch authorisation operations on tokens related to the victim’s address,” Xian said, highlighting the threat’s subtlety and the challenge it poses to wallet security.
The shift towards batch authorisations was designed to streamline interactions on Ethereum by allowing users to manage multiple transactions or permissions in a single operation. Unfortunately, it also offers a cover for nefarious actors to bundle illicit commands within legitimate transaction flows, evading traditional detection methods.
Industry analysts observe that this new exploit underscores the delicate balance between innovation and security in blockchain technology. Ethereum’s continuous upgrades aim to enhance usability and scalability but often introduce complexities that can be manipulated if not carefully monitored.
Inferno Drainer has reportedly refined this phishing tactic over months, adapting to Ethereum’s evolving infrastructure. Their campaigns focus on victims who have already adopted wallets compatible with the Pectra upgrade, ensuring that the batch execution feature is active and exploitable.
The Pectra upgrade itself is a significant step forward for Ethereum, promising improved transaction throughput and user experience. Yet, as this case reveals, the implementation of powerful features without equally robust security safeguards invites exploitation. Wallet providers, particularly MetaMask, face mounting pressure to integrate advanced detection algorithms and user alerts to mitigate such silent batch authorisation abuses.
Security firms are recommending users exercise heightened caution when approving wallet transactions, especially those involving batch operations. Unlike straightforward transaction confirmations, batch authorisations may bundle multiple permissions, some of which could be maliciously crafted.
The incident also highlights the growing arms race in crypto security, where threat actors rapidly adapt to platform upgrades and exploit minor oversights or new functionalities. While blockchain’s decentralised nature offers transparency, the intricacies of smart contract and wallet interaction often elude average users, increasing their vulnerability.
MetaMask’s role in this exploit is crucial, as the wallet’s delegation and permission system under EIP-7702 allows the execution of complex commands with user consent. Experts suggest MetaMask and similar wallet developers could implement clearer prompts, disallowing batch authorisations that combine unexpected or unverified commands, thereby reducing risk.
Regulatory scrutiny around crypto security continues to intensify as attacks like those by Inferno Drainer demonstrate the potential for significant financial loss. Governments and industry bodies are increasingly focused on fostering secure protocols and pushing for better user education to counteract sophisticated phishing attempts.
Cryptocurrency exchanges and DeFi platforms may also need to review their integration with wallets supporting EIP-7702, ensuring that their transaction flows do not inadvertently facilitate or obscure malicious batch authorisations.
This emerging threat reiterates the importance of layered security measures, including hardware wallets, multi-factor authentication, and vigilant transaction monitoring. As phishing schemes grow more advanced, users must adopt a cautious stance towards authorisation requests, verifying each operation’s legitimacy, particularly when batch executions are involved.
Inferno Drainer’s exploitation of Ethereum’s latest upgrade serves as a stark reminder that innovation in blockchain technology must be matched by equally innovative security frameworks. The broader crypto community faces a critical juncture where safeguarding user assets depends on swift adaptation to both technological progress and the evolving tactics of cybercriminals.
Efforts to address such vulnerabilities are underway within Ethereum developer circles, with proposals to refine permissioning models and enhance wallet interfaces to better distinguish legitimate transactions from potentially harmful batch authorisations. Collaboration between security researchers, wallet providers, and the wider blockchain community is crucial to curtail threats exploiting the complex functionalities introduced by upgrades like Pectra.
Arabian Post – Crypto News Network
