One message. That’s all it takes for hackers to drain your entire wallet. A signed offchain message is now powerful enough to hand over control of your funds — no onchain transaction required.

EIP-7702: The Risky New Delegation Mechanism

Activated on May 7, 2025, Pectra’s centerpiece EIP-7702 introduces a transaction type called SetCode, which allows users to delegate control of their wallets via a simple signature.

Arda Usman, a Solidity smart contract auditor, confirmed: “An attacker can use this offchain signature to install malicious code into an externally owned account (EOA) and move ETH or tokens — without the user ever signing a transaction.”

This feature effectively transforms user wallets into smart contracts, opening the door to silent yet devastating attacks.

A Stealth Threat Via Innocent-Looking Messages

Yehor Rudytsia, an onchain researcher at Hacken, emphasized that this transaction type allows arbitrary code to be installed in wallets. Previously, such a change required an actual transaction; now, only a signature is enough.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

This shift means phishing attempts, fake DApps, or Discord scams can now result in complete wallet takeovers. “We believe this will become the most common attack vector following the Pectra upgrade,” Rudytsia warned.

Wallet applications that fail to correctly interpret transaction type 0x04 are especially vulnerable.

Hardware Wallets Are Not Immune Anymore

The once-clear distinction between hot and cold wallets is fading. Rudytsia highlighted that hardware wallets are now just as vulnerable if users unknowingly sign malicious messages: “Once signed, all funds can be gone in a moment.”

To stay safe, users should:

• Never sign messages they do not fully understand.
• Look out for delegation requests, especially those involving nonce values.
• Be aware that some delegation signatures can be replayed on any Ethereum-compatible chain.

While multisig wallets offer more robust protection, single-key wallets — including hardware ones — must adopt new safeguards to prevent exploitation.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Ethereum Pectra Update Contains a Critical Vulnerability! appeared first on Coin Engineer.