Pectra lets hackers drain wallets with just an offchain signature

Ethereum’s Pectra upgrade introduces offchain wallet delegation via EIP-7702, allowing attackers to drain funds using just a signed message.

Ethereum’s latest network upgrade, Pectra, introduced powerful new features aimed at improving scalability and smart account functionality — but it also opened a dangerous new attack vector that could allow hackers to drain funds from user wallets using only an offchain signature.

Under the Pectra upgrade, which went live on May 7 at epoch 364032, attackers can exploit a new transaction type to take control of externally owned accounts (EOAs) without requiring the user to sign an onchain transaction.

Arda Usman, a Solidity smart contract auditor, confirmed to Cointelegraph that “it becomes possible for an attacker to drain an EOA’s funds using only an offchain signed message (no direct onchain transaction signed by the user).”

Read more

About the author

Text Widget

Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Donec sed odio dui. Etiam porta sem malesuada.

Recent Works