- The Ethereum blockchain’s Pectra upgrade brought new features along with critical security concerns.
- Users and developers warning about message signing risks following the adoption of EIP-3074 and EIP-7702.
- Wallet providers have responded by adding stronger warnings, but users are urged to be vigilant.
The Ethereum blockchain underwent a major upgrade today with the launch of the Pectra fork, introducing new features and technical improvements. The update immediately raised security concerns, as users and experts began issuing warnings about possible risks connected to message signing.
The Pectra fork incorporated changes such as Ethereum Improvement Proposal (EIP) 3074 and EIP-7702, which added new ways for users to interact with smart contracts. According to official sources, EIP-3074 introduced AUTH and AUTHCALL codes, letting users delegate authorization from their private keys to smart contracts. EIP-7702 further increased flexibility by allowing temporary delegation of an entire account to third-party contracts.
Soon after the upgrade, several users on social platforms, including X and Telegram, warned the community about a new attack vector. Citing EIP-3074, they cautioned that signing certain messages could enable attackers to drain all tokens from a user wallet. One user wrote, “Be careful what you sign… It is enough to drain all tokens.”
Developers behind EIP-3074 addressed the concerns, stating in a Binance.com/en/square/post/6784606613058″ rel=”noreferrer noopener”>post on Binance that no wallet currently allows improper signing without a prominent warning. They explained that wallet providers should flag messages using the 0x04 prefix, as these could grant dangerous permissions. “A bad caller could steal your funds,” the EIP authors advised.
With the implementation of EIP-7702, risk levels have increased further. This update allows a single malicious signature to temporarily assign full control of an account to a smart contract. If the contract is harmful, it has the potential to empty all assets, including ETH, tokens, and NFTs. These types of attacks were not possible before the Pectra upgrade, as externally owned accounts (EOAs) were not previously exposed to this type of vulnerability.
As of the time of reporting, there have been no confirmed thefts exploiting the new vulnerabilities, according to Ethereum security trackers. Most mainstream wallets, such as MetaMask, have responded to the update by adding clearer and more visible warnings for users when signing EIP-3074 messages.
More technical details about these changes and the introduced risks can be found in ongoing discussions among developers and on dedicated Ethereum forums such as Ethereum Magicians.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Bitcoin Jumps 2% as Fed Holds Rates Steady Amid Economic Uncertainty
- Coinbase Launches x402 Protocol for Direct Stablecoin Payments
- Bitcoin Node Resistance Doubles as OP_RETURN Data Limit Debate Escalates
- Congress Moves Forward on Stablecoin Laws, Yield Blocked by Banks
- Visa Invests in BVNK to Boost Stablecoin Payment Innovation
