Pectra lets hackers drain wallets with just an offchain signature
Ethereum’s Pectra upgrade introduces offchain wallet delegation via EIP-7702, allowing attackers to drain funds using just a signed message.
Ethereum’s latest network upgrade, Pectra, introduced powerful new features aimed at improving scalability and smart account functionality — but it also opened a dangerous new attack vector that could allow hackers to drain funds from user wallets using only an offchain signature.
Under the Pectra upgrade, which went live on May 7 at epoch 364032, attackers can exploit a new transaction type to take control of externally owned accounts (EOAs) without requiring the user to sign an onchain transaction.
Arda Usman, a Solidity smart contract auditor, confirmed to Cointelegraph that “it becomes possible for an attacker to drain an EOA’s funds using only an offchain signed message (no direct onchain transaction signed by the user).”
English
Spanish
French
German
Arabic
Chinese (Simplified)
Russian
Portuguese
Indonesian
Dutch
Afrikaans
Italian
Vietnamese
Bulgarian
Croatian
Danish
Greek
Hebrew
Hindi
Hungarian
Irish
Japanese
Korean
Norwegian
Persian
Polish
Romanian
Somali
Swedish
Thai