Pectra lets hackers drain wallets with just an offchain signature
0
0
Ethereum’s Pectra upgrade introduces offchain wallet delegation via EIP-7702, allowing attackers to drain funds using just a signed message.
Ethereum’s latest network upgrade, Pectra, introduced powerful new features aimed at improving scalability and smart account functionality — but it also opened a dangerous new attack vector that could allow hackers to drain funds from user wallets using only an offchain signature.
Under the Pectra upgrade, which went live on May 7 at epoch 364032, attackers can exploit a new transaction type to take control of externally owned accounts (EOAs) without requiring the user to sign an onchain transaction.
Arda Usman, a Solidity smart contract auditor, confirmed to Cointelegraph that “it becomes possible for an attacker to drain an EOA’s funds using only an offchain signed message (no direct onchain transaction signed by the user).”
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio you’re using to start.