Key Insights
- Pectra, Ethereum’s latest network upgrade, went live on 7 May and brought several technical improvements to the network along with it.
- However, underneath the surface, researchers have found a possibly dangerous vulnerability.
- The EIP-7702 was part of the Pectra upgrade and introduces a new transaction type called SetCode (type 0x04).
- This code can be used to install backdoor access into the victim’s wallet and drain its contents.
- Meanwhile, Ethereum is trading strongly and is looking towards hitting the $10,000 zone soon.
Pectra, Ethereum’s latest network upgrade, went live on 7 May and brought several technical improvements to the network along with it.
This upgrade was specifically designed to improve Ethereum’s scalability and smart account functionality.
However, underneath the surface, researchers have found a possibly dangerous vulnerability.
This change in Ethereum’s armor could allow hackers to drain funds from wallets using only an off-chain signature.
This change, which was enabled by EIP-7702, is already raising alarms across the Ethereum community, and security experts are warning everyone to adapt quickly or risk losing funds.
What Is EIP-7702 and Why Is It Risky?
The Pectra upgrade came with more than 10 Ethereum improvement proposals (also known as EIPs).
Among these was EIP-7702, which introduces a new transaction type called SetCode (type 0x04).
SetCode basically allows externally owned accounts (EOAs) to temporarily delegate control to a smart contract.
This means a regular Ethereum wallet can behave like a smart contract just by signing an off-chain message.
This is an interesting upgrade because before Pectra, users needed to send an actual transaction on-chain.
This process required gas fees and multiple steps to change how their wallet worked.
However, with EIP-7702, a single signed message is enough to give full control of your wallet to a third party.
Which is where the problem stems from.
It is worth mentioning that this delegation isn’t inherently bad. In fact, it opens doors for more flexible wallet designs and better user experience.
However, it also comes with a big security issue because if a user unknowingly signs a spoofed message, an attacker could install custom code into their wallet.
This code can be used to install backdoor access into the victim’s wallet and drain its contents:
Without the need for any further approval or on-chain interaction.
How the Exploit Works?
The way this kind of attack would work is relatively simple, and it involves some good old phishing.
Attackers might simply use phishing tactics from fake websites or Discord messages to trick users into signing an off-chain message that has been tampered with.
Once the victim signs this message, the attacker can directly overwrite the wallet’s code with a lightweight proxy that forwards all operations to a smart contract they control.
As soon as this delegation is complete, the attacker can use the contract to move ETH and tokens out of the user’s wallet.
This is especially dangerous because many wallet interfaces don’t yet recognize or flag these delegation requests.
As such, victims are more likely to accidentally approve them.
Hardware Wallets Are No Longer Inherently Safer
Another interesting aspect of this problem is that hardware wallets are not exactly safer this time around.
Hardware wallets, which were once considered the gold standard of security in the crypto space, are just as vulnerable to this attack as software-based ones.
Since the vulnerability involves signing a message rather than confirming a transaction, a user with a hardware wallet could still approve one of these backdoor requests if they don’t fully understand what they’re being asked to sign.
Ethereum’s Price Reacts
Ethereum has been on a bullish roll lately, despite the heat from the Pectra vulnerability.
According to data from CoinMarketCap, Bitcoin is flying high around the $104,000 price level, while Ethereum trades at above the $2,500 zone for the first time in months.
CoinMarketCap data shows that the cryptocurrency is up by nearly 3% over the last 24 hours before press time and by a staggering 40% over the last week.
Ethereum’s trading volume has also been sky-high lately, with an ongoing volume of around $25 billion at the time of writing.
This has led to analysts pointing out some incredibly bullish forecasts for the smart contract king, and here are their top predictions.
Ethereum To $10,000?
The long-term price performance of Ethereum tends to show a correlation to what is known as a “parabolic curve.”
This trend has held up since 2015, with each major rally kicking off from the lower boundary of this support.
May of this year has seen the cryptocurrency rebound this way again, and analysts are pointing towards jumps to prices as high as $10,000.
For example, crypto analyst MilkyBull Crypto recently highlighted Ethereum’s monthly chart as evidence.
According to the analyst, a move to $10,000 “can’t be ruled out technically.”
The recovery in the monthly chart’s Relative Strength Index (RSI) also shows this outlook, after bouncing from a multi-year support near the 40 level.
Another reason for this bullish prediction is that Bitcoin’s dominance might have peaked, and Ethereum is now contending for more market space.
The altcoin season index has recently broken out of a downward trend and is hovering just below the 40 mark.
While the market is still technically in “Bitcoin season,” a breakout is very possible at this point, and Ethereum could be ready for a comeback indeed.
That said, Ethereum hitting the $10,000 zone will require some more strength from the bulls, as well as continued strength from the general market.
So far, the signs are already there, and investors will need to keep an eye out for what the next few months bring.
Long-term holders, on the other hand, should note that Ethereum is once again becoming the center of attraction, and the cryptocurrency appears determined to make higher highs from current price levels.
