Recent Updates
12:00
Bitwise CIO: “Strategy Won’t Be Forced to Sell Its Bitcoin”
11:30
A Critical $4B Expiry Looms for Bitcoin and Ethereum Options
11:00
Could Bitcoin Ignite a New Rally in January 2026?
10:37
CFTC Chair on Crypto: A New Golden Age Is Beginning in the U.S.
10:32
Outflows Continue in Bitcoin ETFs While Solana Stays Positive
10:30
21Shares 2x SUI ETF Starts Trading on Nasdaq
10:00
Aster Burns $80M ASTER Tokens in Stage 4 Buyback
Crypto:
36638
Bitcoin:
$91.395
% 1.87
BTC Dominance:
%58.7
% 0.02
Market Cap:
$3.13 T
% 1.20
Fear & Greed:
28 / 100
Bitcoin:
$ 91.395
BTC Dominance:
% 58.7
Market Cap:
$3.13 T
Crypto News, EN, News

Ethereum Pectra Update Contains a Critical Vulnerability!

Yigit Taha OZTURK
Update Date: 11 May 2025 20:50:46
SUBSCRIBE: Youtube Google News
Ethereum
11
May

In the fast-paced world of crypto, innovation often walks hand-in-hand with new risks. Ethereum’s latest upgrade, Pectra, is a double-edged sword — bringing advanced smart wallet features while exposing users to an unprecedented attack vector.

One message. That’s all it takes for hackers to drain your entire wallet. A signed offchain message is now powerful enough to hand over control of your funds — no onchain transaction required.

EIP-7702: The Risky New Delegation Mechanism

Activated on May 7, 2025, Pectra’s centerpiece EIP-7702 introduces a transaction type called SetCode, which allows users to delegate control of their wallets via a simple signature.

Arda Usman, a Solidity smart contract auditor, confirmed: “An attacker can use this offchain signature to install malicious code into an externally owned account (EOA) and move ETH or tokens — without the user ever signing a transaction.”

This feature effectively transforms user wallets into smart contracts, opening the door to silent yet devastating attacks.

ethereum

A Stealth Threat Via Innocent-Looking Messages

Yehor Rudytsia, an onchain researcher at Hacken, emphasized that this transaction type allows arbitrary code to be installed in wallets. Previously, such a change required an actual transaction; now, only a signature is enough.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

This shift means phishing attempts, fake DApps, or Discord scams can now result in complete wallet takeovers. “We believe this will become the most common attack vector following the Pectra upgrade,” Rudytsia warned.

Wallet applications that fail to correctly interpret transaction type 0x04 are especially vulnerable.

ethereum

Hardware Wallets Are Not Immune Anymore

The once-clear distinction between hot and cold wallets is fading. Rudytsia highlighted that hardware wallets are now just as vulnerable if users unknowingly sign malicious messages: “Once signed, all funds can be gone in a moment.”

To stay safe, users should:

  • Never sign messages they do not fully understand.
  • Look out for delegation requests, especially those involving nonce values.
  • Be aware that some delegation signatures can be replayed on any Ethereum-compatible chain.

While multisig wallets offer more robust protection, single-key wallets — including hardware ones — must adopt new safeguards to prevent exploitation.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

Leave a Reply

Your email address will not be published. Required fields are marked *