Wintermute Eyes ETH Flaws as SharpLink Starts Treasury Plan
The post Wintermute Eyes ETH Flaws as SharpLink Starts Treasury Plan appeared on BitcoinEthereumNews.com. Ethereum is the focus of two major developments this week, one on the security front and another in corporate finance. Crypto market maker Wintermute has introduced a novel countermeasure to warn users of malicious Ethereum contracts that exploit EIP-7702, injecting alert messages directly into verified attacker code. Meanwhile, US sports betting firm SharpLink Gaming has filed to raise $1 billion to build a significant Ether treasury, naming Ethereum co-founder Joseph Lubin as its new board chairman. Ethereum Users Face New Wallet Draining Threat as Wintermute Injects ‘CrimeEnjoyor’ Warnings into Malicious Contracts Ethereum users are being warned of a sophisticated new type of wallet-draining attack, with leading crypto market maker Wintermute stepping in to inject a digital safeguard directly into the threat itself. On May 30, Wintermute revealed its deployment of a novel piece of code, dubbed “CrimeEnjoyor,” which prints prominent warning messages inside malicious Ethereum smart contracts, specifically those abusing a new feature introduced in the Pectra upgrade. This preemptive move comes as Ethereum grapples with the fallout of EIP-7702, a recently launched improvement proposal that gives wallets the ability to temporarily delegate transaction control to smart contracts. While designed to enable powerful new use cases, the feature has quickly become a tool for attackers seeking to automatically siphon ETH from users with compromised private keys. How the Attack Works: Exploiting EIP-7702 EIP-7702 was implemented as part of Ethereum’s Pectra upgrade, which went live on May 7 at epoch 364032. It introduces a new account abstraction mechanism allowing users to hand over transaction authorization to smart contracts on a temporary basis. Although entirely optional and opt-in, the feature has rapidly been adopted by malicious actors due to its ability to automate the sweeping of funds from wallets that have accidentally leaked their private keys. Wintermute’s CrimeEnjoyor contract with a warning…
The post Wintermute Eyes ETH Flaws as SharpLink Starts Treasury Plan appeared on BitcoinEthereumNews.com.
Ethereum is the focus of two major developments this week, one on the security front and another in corporate finance. Crypto market maker Wintermute has introduced a novel countermeasure to warn users of malicious Ethereum contracts that exploit EIP-7702, injecting alert messages directly into verified attacker code. Meanwhile, US sports betting firm SharpLink Gaming has filed to raise $1 billion to build a significant Ether treasury, naming Ethereum co-founder Joseph Lubin as its new board chairman. Ethereum Users Face New Wallet Draining Threat as Wintermute Injects ‘CrimeEnjoyor’ Warnings into Malicious Contracts Ethereum users are being warned of a sophisticated new type of wallet-draining attack, with leading crypto market maker Wintermute stepping in to inject a digital safeguard directly into the threat itself. On May 30, Wintermute revealed its deployment of a novel piece of code, dubbed “CrimeEnjoyor,” which prints prominent warning messages inside malicious Ethereum smart contracts, specifically those abusing a new feature introduced in the Pectra upgrade. This preemptive move comes as Ethereum grapples with the fallout of EIP-7702, a recently launched improvement proposal that gives wallets the ability to temporarily delegate transaction control to smart contracts. While designed to enable powerful new use cases, the feature has quickly become a tool for attackers seeking to automatically siphon ETH from users with compromised private keys. How the Attack Works: Exploiting EIP-7702 EIP-7702 was implemented as part of Ethereum’s Pectra upgrade, which went live on May 7 at epoch 364032. It introduces a new account abstraction mechanism allowing users to hand over transaction authorization to smart contracts on a temporary basis. Although entirely optional and opt-in, the feature has rapidly been adopted by malicious actors due to its ability to automate the sweeping of funds from wallets that have accidentally leaked their private keys. Wintermute’s CrimeEnjoyor contract with a warning…
What's Your Reaction?
