Ethereum’s Pectra Upgrade Under Threat from Scammers — Will ETH Price React?

• According to GoPlus Security, the Pectra upgrade is facing a concerning security risk.
• Users are advised to authorize EIP-7702 only through official wallet apps and plugins.

As revealed by GoPlus Security, the recently launched Ethereum Pectra upgrade is facing security challenges. Dangerous vulnerabilities have emerged as users attempt to enable EIP-7702 smart accounts after the Pectra upgrade.

Scammer Exploiting Users’ Trust in Pectra

According to GoPlus Security, on-chain data from bundlebear.com showed over 10,000 addresses using smart accounts, unaware of the risks attached. As reviewed in our recent publication, the Ethereum Pectra upgrade enables Externally Owned Accounts (EOAs). These accounts briefly act as smart contract wallets by delegating control via a signed message.

Although the EIP-7702 feature enhances user experience, it also exposes users to new security risks that require urgent attention. Through contract code decompilation, GoPlus found that users lose their ETH coins when they authorize the malicious delegator with the address “0x930fcc37d6042c79211ee18a02857cb1fd7f0d0b.”

Analyzing the code showed that all ETH gets auto-redirected to the scammer wallet 0x000085bad upon authorization. GoPlus Security described the exploit as a sophisticated theft mechanism. They pointed out that the scammer is exploiting the trust people have in the Pectra upgrade. For instance, leading wallets like MetaMask have securely integrated EIP-7702.

Therefore, GoPlus Security urged users to utilize only the trust wallet interfaces for 7702 features. Users are also advised to disregard any external links or emails asking for smart account upgrades.

GoPlus acknowledged the importance of EIP-7702 for Ethereum’s UX and transaction flexibility. Still, they warn users to stay alert and only authorize 7702 through official wallet apps and plugins. 

Hardware wallets were deemed safer before the Pectra update. However, Yehor Rudytsia, an on-chain researcher at Hacken, says that it is no longer the case. Rudytsia noted that hardware wallets are now at the same risk as hot wallets, based on signing malicious messages. 

Thus, he urged users to sign only messages they understand. He added that wallet developers should provide clear warnings when users are asked to sign a delegation message.

Implications for Ethereum Price

The price of Ethereum is still riding on a bullish momentum, despite the latest attack on the Pectra upgrade. ETH is traded at $2,485 at press time, with the market cap pegged at over $300 billion. Within the past 24 hours, the price of ETH experienced a 3.94% increase.

The latest ETH price spike comes amid a broader market and network improvement proposal announced by Ethereum co-founder Vitalik Buterin. As featured in our recent coverage, Vitalik proposed significant steps to improve the network’s performance without compromising personal node visibility. 

Vitalik suggested building a distributed history storage solution to ensure each node can “store a small percentage of historical data older than cutoff.” He also proposed adjusting the gas pricing to ensure that storage is more expensive while execution is less expensive.