Ethereum’s Pectra Upgrade Sparks Warnings of New Wallet Vulnerabilities

Ethereum’s Pectra Upgrade Introduces Powerful Features and Critical Wallet Security Risks

  • The Ethereum blockchain’s Pectra upgrade brought new features along with critical security concerns.
  • Users and developers warning about message signing risks following the adoption of EIP-3074 and EIP-7702.
  • Wallet providers have responded by adding stronger warnings, but users are urged to be vigilant.

The Ethereum blockchain underwent a major upgrade today with the launch of the Pectra fork, introducing new features and technical improvements. The update immediately raised security concerns, as users and experts began issuing warnings about possible risks connected to message signing.

- Advertisement -

The Pectra fork incorporated changes such as Ethereum Improvement Proposal (EIP) 3074 and EIP-7702, which added new ways for users to interact with smart contracts. According to official sources, EIP-3074 introduced AUTH and AUTHCALL codes, letting users delegate authorization from their private keys to smart contracts. EIP-7702 further increased flexibility by allowing temporary delegation of an entire account to third-party contracts.

Soon after the upgrade, several users on social platforms, including X and Telegram, warned the community about a new attack vector. Citing EIP-3074, they cautioned that signing certain messages could enable attackers to drain all tokens from a user wallet. One user wrote, “Be careful what you sign… It is enough to drain all tokens.”

Developers behind EIP-3074 addressed the concerns, stating in a Binance.com/en/square/post/6784606613058″ rel=”noreferrer noopener”>post on Binance that no wallet currently allows improper signing without a prominent warning. They explained that wallet providers should flag messages using the 0x04 prefix, as these could grant dangerous permissions. “A bad caller could steal your funds,” the EIP authors advised.

With the implementation of EIP-7702, risk levels have increased further. This update allows a single malicious signature to temporarily assign full control of an account to a smart contract. If the contract is harmful, it has the potential to empty all assets, including ETH, tokens, and NFTs. These types of attacks were not possible before the Pectra upgrade, as externally owned accounts (EOAs) were not previously exposed to this type of vulnerability.

As of the time of reporting, there have been no confirmed thefts exploiting the new vulnerabilities, according to Ethereum security trackers. Most mainstream wallets, such as MetaMask, have responded to the update by adding clearer and more visible warnings for users when signing EIP-3074 messages.

More technical details about these changes and the introduced risks can be found in ongoing discussions among developers and on dedicated Ethereum forums such as Ethereum Magicians.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Maine Attorney General Recovers Thousands in Crypto Scam Case

The Maine Attorney General's Office has recovered thousands of dollars for a victim of...

Coinbase Shares Hit Highest Level Since 2021 Nasdaq Debut

Coinbase stock reached its highest price since its 2021 listing, nearly returning to debut...

BPX Gains FCA Nod to Trade Tokenized Securities in the UK

BPX, a startup focused on trading tokenized securities, received several authorizations from the UK’s...

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

Must Read

10 Best Crypto Audiobooks You Don’t Want to Miss

So, you are getting tired of reading books and you want to switch to audiobooks that talk about cryptocurrencies. Well, today we are going...