Wintermute’s ‘CrimeEnjoyor’ to flag Ethereum’s wallet-draining contracts
Ethereum users face a new threat from malicious contracts capable of draining wallets, as Wintermute introduces a warning system called “CrimeEnjoyor.” This code injects alerts into verified malicious contracts that auto-sweep funds from wallets with compromised private keys. The warning advises users not to send ETH to these contracts. The malicious contracts exploit Ethereum Improvement Proposal-7702 (EIP-7702), which allows temporary delegation of wallet control to smart contracts. Wintermute's research indicates over 97% of EIP-7702 delegations were to contracts using identical code designed to drain ETH. EIP-7702 is optional and enhances Ethereum's capabilities but complicates the identification of legitimate versus malicious contracts. Since the Pectra upgrade on May 7, there have been 12,329 EIP-7702 transactions. The Pectra upgrade also included EIP-725, increasing validator staking limits, and EIP-7691, enhancing scalability and reducing transaction fees.
