Wintermute Targets Ethereum Exploits as SharpLink Launches ETH Treasury Plan

Ethereum is the focus of two major developments this week, one on the security front and another in corporate finance. 

Crypto market maker Wintermute has introduced a novel countermeasure to warn users of malicious Ethereum contracts that exploit EIP-7702, injecting alert messages directly into verified attacker code. 

Meanwhile, US sports betting firm SharpLink Gaming has filed to raise $1 billion to build a significant Ether treasury, naming Ethereum co-founder Joseph Lubin as its new board chairman. 

Ethereum Users Face New Wallet Draining Threat as Wintermute Injects ‘CrimeEnjoyor’ Warnings into Malicious Contracts

Ethereum users are being warned of a sophisticated new type of wallet-draining attack, with leading crypto market maker Wintermute stepping in to inject a digital safeguard directly into the threat itself. On May 30, Wintermute revealed its deployment of a novel piece of code, dubbed “CrimeEnjoyor,” which prints prominent warning messages inside malicious Ethereum smart contracts, specifically those abusing a new feature introduced in the Pectra upgrade.

This preemptive move comes as Ethereum grapples with the fallout of EIP-7702, a recently launched improvement proposal that gives wallets the ability to temporarily delegate transaction control to smart contracts. While designed to enable powerful new use cases, the feature has quickly become a tool for attackers seeking to automatically siphon ETH from users with compromised private keys.

How the Attack Works: Exploiting EIP-7702

EIP-7702 was implemented as part of Ethereum’s Pectra upgrade, which went live on May 7 at epoch 364032. It introduces a new account abstraction mechanism allowing users to hand over transaction authorization to smart contracts on a temporary basis. Although entirely optional and opt-in, the feature has rapidly been adopted by malicious actors due to its ability to automate the sweeping of funds from wallets that have accidentally leaked their private keys.

Wintermute’s CrimeEnjoyor contract with a warning statement (Source: Wintermute)

Wintermute’s research uncovered that over 97% of all EIP-7702 delegations thus far have reused the same malicious bytecode—suggesting a copy-paste method among attackers. These so-called “sweeper” contracts are coded to automatically drain any ETH that enters the compromised wallet, giving users no second chance once they deposit funds.

“This one copy-pasted bytecode now accounts for the majority of all EIP-7702 delegations,” Wintermute stated in their May 30 announcement. “It’s funny, bleak, and fascinating at the same time.”

In response, Wintermute engineers developed and deployed CrimeEnjoyor, which is an intervention that rewrites these malicious contracts to include a human-readable Solidity warning message. To do this, Wintermute reverse-engineered the attacker’s Ethereum Virtual Machine (EVM) bytecode into Solidity, inserted the warning, and publicly verified the contracts so that unsuspecting users might spot the danger before it’s too late.

This message is now being surfaced within the most prevalent type of EIP-7702 exploitation contract in an attempt to add a visible red flag to otherwise opaque and technical smart contract interfaces.

Wintermute said the purpose is not just to stop this specific campaign, but to spark a broader movement toward transparent tagging of malicious infrastructure.

One User Loses $146K in ETH to EIP-7702 Exploit

The threat is far from hypothetical. On May 23, blockchain security firm Scam Sniffer reported that one Ethereum user lost approximately $146,550 after interacting with a set of malicious batched transactions exploiting EIP-7702. The user inadvertently signed approval for a sequence of calls that led to an automatic fund sweep from their wallet.

According to Dune Analytics data shared by Wintermute, 12,329 transactions leveraging EIP-7702 have occurred since the Pectra upgrade, with many still utilizing malicious code patterns.

Wintermute’s injected warning code, while currently found in 94.7% of all EIP-7702 delegate contracts, may gradually diminish in influence as attackers seek new methods. Still, the effort represents a creative countermeasure within an otherwise trustless ecosystem.

While EIP-7702 and the broader Pectra upgrade aim to enhance Ethereum's flexibility and scalability, Wintermute warned that a lack of transparency and contract verification tools poses a major security risk, especially for less experienced users.

As such, the Ethereum community is being called upon to prioritize UX-friendly security tools that can clearly flag suspicious delegation patterns and transactions. This includes labeling contracts, surfacing unusual gas behaviors, and implementing front-end alerts in common Ethereum wallet interfaces like MetaMask and Rabby.

Pectra’s Broader Impact on Ethereum

In addition to EIP-7702, Ethereum’s Pectra upgrade also rolled out two other major proposals:

• EIP-7251: Increased the validator staking limit from 32 ETH to 2,048 ETH, making it easier for large entities to manage validator nodes at scale.

• EIP-7691: Boosted the number of “data blobs” per block—a move aimed at supporting Ethereum layer-2 scalability efforts by enhancing data availability and reducing gas fees for rollups.

These technical improvements are part of Ethereum’s long-term roadmap to remain the dominant smart contract platform, though incidents like the EIP-7702 exploit underscore the growing need for accessible, real-time threat visibility within its expanding feature set.

SharpLink Gaming Bets Big on Ethereum: Files $1B Stock Offering to Fund Massive ETH Treasury Strategy

In related news, US sports betting platform SharpLink Gaming has filed with the Securities and Exchange Commission (SEC) to offer up to $1 billion in shares of common stock, with the vast majority of proceeds earmarked for the purchase of Ether (ETH), the native asset of the Ethereum blockchain.

The May 30 SEC filing follows SharpLink’s May 27 announcement of its new Ethereum-based corporate treasury strategy, marking a watershed moment for altcoin adoption among public companies.

“We intend to use substantially all of the proceeds from this offering to acquire Ether,” the company wrote, emphasizing a long-term commitment to building a crypto-native balance sheet.

The announcement triggered an immediate reaction from the market, with SharpLink Gaming’s stock surging 400% in a single trading day on May 27. The momentum was further fueled by the company’s decision to appoint Ethereum co-founder Joseph Lubin, also CEO of ConsenSys, as chairman of its board of directors, signaling a deep strategic alignment with the Ethereum ecosystem.

The parallels to Michael Saylor’s Bitcoin-centric strategy at his firm Strategy were not lost on the crypto community. SharpLink was quickly dubbed “Ethereum’s Michael Saylor” by analysts and educators on social media.

“Ethereum finally has its own Saylor,” wrote crypto analyst 0xBoboShanti on X.

“You are not bullish enough,” added Ethereum advocate Anthony Sassano, referencing SharpLink’s aggressive treasury move.

While SharpLink’s ETH-first vision may appeal to Web3 enthusiasts, the firm was quick to temper expectations with a detailed risk disclosure section in its SEC filing.

One concern raised was the potential rise of central bank digital currencies (CBDCs). SharpLink acknowledged that a global rollout of CBDCs could “eliminate or reduce the need or demand for private-sector issued cryptocurrencies, or significantly limit their utility,” which could severely impact Ethereum’s value proposition.

Another major risk centers on regulatory classification. If Ether is officially labeled as a “security” by the SEC or other regulators, SharpLink could face extensive compliance obligations, including securities registration, reporting requirements, and investor protections under US law.

Strategic Timing Amid Ethereum Momentum

Institutional interest in Ethereum is gaining traction, following a new filing from REX Shares, which has prompted speculation that Ethereum and Solana staking ETFs could debut in the US within weeks. Analysts say REX’s ETF filing includes unique regulatory “workarounds” that may allow staking, a feature many competing funds have failed to implement due to SEC pushback.

This broader backdrop of ecosystem growth, protocol upgrades, and institutional adoption gives SharpLink’s move a certain macro-tactical edge. The company is effectively front-running what could become a multi-billion dollar wave of Ether demand from traditional financial institutions.

Historically, public companies that entered crypto did so through Bitcoin, with Michael Saylor’s Strategy acquiring 580,250 BTC (worth over $60 billion) since 2020. Until now, Ethereum had no publicly traded counterpart championing it as a long-term treasury reserve.

Strategy Bitcoin holdings (Source: SaylorTracker)

With the appointment of Lubin and a potential billion-dollar ETH buy-in, SharpLink has broken that mold.

SharpLink says it will also allocate a portion of the offering proceeds toward working capital, core affiliate marketing operations, general corporate purposes, and operating expenses, but made clear that the bulk of funds would be devoted to Ether purchases.

The Bigger Picture: Ethereum as a Corporate Asset

SharpLink’s strategy could open the floodgates for a new class of ETH-focused treasuries, expanding the conversation beyond Bitcoin maximalism to embrace Ethereum’s broader smart contract and staking capabilities.

It also builds on momentum created by recent Ethereum upgrades, such as EIP-4844 (Proto-Danksharding) and EIP-7702, which enhance scalability and smart contract delegation, respectively. Ethereum’s fundamental narrative is evolving from “digital oil” to “programmable value infrastructure,” and SharpLink seems to be positioning itself to capitalize on that shift.

Whether this strategy pays off will depend on Ethereum’s regulatory clarity, price performance, and network utility growth in the coming years. But for now, it’s clear that SharpLink Gaming is making a high-stakes bet—one that could inspire others to follow suit.