crypto punk
crypto punk
Share Dialog
Share Dialog
Subscribe to burndown
Subscribe to burndown
Recently, hack incidents related to EIP-7702 have started to increase. We’ve begun encountering these hack incidents on cross-chain swap platforms like Relay.Let’s see how we can secure our wallets. First, what is EIP-7702?EIP-7702 is an update to the Ethereum network that simplifies wallet usage. Normally, simple wallets (Externally Owned Accounts - EOAs) can only perform basic transactions, but with this proposal, wallets can temporarily function like smart contracts.
What does this mean?
Easier Transactions: You can perform multiple steps (e.g., token approval and spending) in a single transaction.
Cost-Free Usage: Someone else can pay the gas fees on your behalf, so you don’t incur costs.
More Secure and Flexible: You can add specific permissions to your wallet, such as allowing only certain transactions.
However, there are risks, and the source of these risks is EIP-7702’s delegation feature.Hackers set traps for you using fake websites. When you sign an “approval” with your wallet on these sites, EIP-7702 temporarily turns your wallet into a “smart” one, and the hacker adds a sweep. This code essentially instructs the wallet to steal funds immediately if any arrive. This authorization settles into your wallet without you noticing. Then, you perform a swap on the real Relay site (e.g., converting ETH to USDC on another chain). The transaction completes, and the funds arrive in your wallet.But at that moment, the sweep code activates and instantly sends the funds to the hacker’s wallet. Since everything happens in a single transaction, you don’t notice it. So, Relay isn’t at fault; hackers are exploiting the approval you previously gave.
Relay’s statement on the matter: https://x.com/RelayProtocol/status/1967256125994352800
What can you do to prevent this?
First, go to the following site and paste your wallet address to search it. Do not connect your wallet. https://eip7702.app
Recently, hack incidents related to EIP-7702 have started to increase. We’ve begun encountering these hack incidents on cross-chain swap platforms like Relay.Let’s see how we can secure our wallets. First, what is EIP-7702?EIP-7702 is an update to the Ethereum network that simplifies wallet usage. Normally, simple wallets (Externally Owned Accounts - EOAs) can only perform basic transactions, but with this proposal, wallets can temporarily function like smart contracts.
What does this mean?
Easier Transactions: You can perform multiple steps (e.g., token approval and spending) in a single transaction.
Cost-Free Usage: Someone else can pay the gas fees on your behalf, so you don’t incur costs.
More Secure and Flexible: You can add specific permissions to your wallet, such as allowing only certain transactions.
However, there are risks, and the source of these risks is EIP-7702’s delegation feature.Hackers set traps for you using fake websites. When you sign an “approval” with your wallet on these sites, EIP-7702 temporarily turns your wallet into a “smart” one, and the hacker adds a sweep. This code essentially instructs the wallet to steal funds immediately if any arrive. This authorization settles into your wallet without you noticing. Then, you perform a swap on the real Relay site (e.g., converting ETH to USDC on another chain). The transaction completes, and the funds arrive in your wallet.But at that moment, the sweep code activates and instantly sends the funds to the hacker’s wallet. Since everything happens in a single transaction, you don’t notice it. So, Relay isn’t at fault; hackers are exploiting the approval you previously gave.
Relay’s statement on the matter: https://x.com/RelayProtocol/status/1967256125994352800
What can you do to prevent this?
First, go to the following site and paste your wallet address to search it. Do not connect your wallet. https://eip7702.app
Ifyou have delegations, you’ll see them here. If you don’t have any delegations, you don’t need to do anything else—you’re safe from these types of attacks.If you see that you have delegations, follow these steps in your MetaMask wallet:
Open the wallet where you want to remove delegations.
Click the three-line symbol in the top right and go to the Account Details section.
At the bottom, you’ll see the "Enable Smart Contracts" section. It will take a short while for the networks to load, and then you’ll see which networks you’ve approved for delegation.
You can secure your wallet by removing all the delegations you’ve given. After each removal, you’ll be asked to confirm the transaction—approve and remove them.
The Rabby wallet also has a feature to remove these delegations. You can remove them via Rabby wallet as well. After the removal process, go back to http://eip7702.app and check again. The delegations should be gone.
Finally, remove all permissions across all networks via http://revoke.cash.
Ifyou have delegations, you’ll see them here. If you don’t have any delegations, you don’t need to do anything else—you’re safe from these types of attacks.If you see that you have delegations, follow these steps in your MetaMask wallet:
Open the wallet where you want to remove delegations.
Click the three-line symbol in the top right and go to the Account Details section.
At the bottom, you’ll see the "Enable Smart Contracts" section. It will take a short while for the networks to load, and then you’ll see which networks you’ve approved for delegation.
You can secure your wallet by removing all the delegations you’ve given. After each removal, you’ll be asked to confirm the transaction—approve and remove them.
The Rabby wallet also has a feature to remove these delegations. You can remove them via Rabby wallet as well. After the removal process, go back to http://eip7702.app and check again. The delegations should be gone.
Finally, remove all permissions across all networks via http://revoke.cash.
<100 subscribers
<100 subscribers
No activity yet