{"id":129018,"date":"2025-05-11T13:15:36","date_gmt":"2025-05-11T13:15:36","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=129018"},"modified":"2025-05-11T13:15:36","modified_gmt":"2025-05-11T13:15:36","slug":"pectra-lets-hackers-drain-wallets-with-just-an-offchain-signature","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=129018","title":{"rendered":"Pectra lets hackers drain wallets with just an offchain signature"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsEthereum\u2019s latest network upgrade, Pectra, introduced powerful new features aimed at improving scalability and smart account functionality \u2014 but it also opened a dangerous new attack vector that could allow hackers to drain funds from user wallets using only an offchain signature.<br \/>\nUnder the Pectra upgrade, which went live on May 7 at epoch 364032, attackers can exploit a new transaction type to take control of externally owned accounts (EOAs) without requiring the user to sign an onchain transaction.<br \/>\nArda Usman, a Solidity smart contract auditor, confirmed to Cointelegraph that \u201cit becomes possible for an attacker to drain an EOA\u2019s funds using only an offchain signed message (no direct onchain transaction signed by the user).\u201d<br \/>\nAt the center of the risk is EIP-7702, a core component of the Pectra upgrade. The Ethereum Improvement Proposal introduces the SetCode transaction (type 0x04), which enables users to delegate control of their wallet to another contract simply by signing a message.<br \/>\nIf an attacker obtains this signature \u2014 say, via a phishing site \u2014 they can overwrite the wallet\u2019s code with a small proxy that forwards calls to their malicious contract.<br \/>\n\u201cOnce the code is set,\u201d Usman explained, \u201cthe attacker can invoke that code to transfer out the account\u2019s ETH or tokens\u2014all without the user ever signing a normal transfer transaction.\u201d<br \/>\nSource: Vladimir S. | Officer&#8217;s NotesRelated: Ethereum Pectra upgrade adds new features<br \/>\nWallets can be altered with offchain signature<br \/>\nYehor Rudytsia, onchain researcher at Hacken, noted that this new transaction type introduced by Pectra allows arbitrary code to be installed on the user\u2019s account, essentially turning their wallet into a programmable smart contract.<br \/>\n\u201cThis tx type allows the user to set arbitrary code (smart contract) to be able to execute operations on the user\u2019s behalf,\u201d Rudytsia said.<br \/>\nBefore Pectra, wallets could not be modified without a transaction signed directly by the user. Now, a simple offchain signature can install code that delegates complete control to an attacker\u2019s contract.<br \/>\n\u201cPre-Pectra, users needed to send transaction (not sign message) to allow their funds to be moved\u2026 Post-Pectra, any operation may be executed from the contract which user approved via SET_CODE,\u201d Rudytsia explained.<br \/>\nThe threat is real and immediate. \u201cPectra activated May 7, 2025. From that moment, any valid delegation signature is actionable,\u201d Usman warned. He added that smart contracts relying on outdated assumptions, such as using tx.origin or basic EOA-only checks, are particularly vulnerable.<br \/>\nWallets and interfaces that fail to detect or properly represent these new transaction types are most at risk. Rudytsia warned that \u201cwallets are vulnerable if they do not analyze Ethereum\u2019s transaction types,\u201d especially transaction type 0x04.<br \/>\nHe emphasized that wallet engines must clearly display delegation requests and flag any suspicious addresses.<br \/>\nThis new form of attack can be easily executed through common offchain interactions like phishing emails, fake DApps, or Discord scams.<br \/>\n\u201cWe believe it will be the most popular attack vector regarding these breaking changes introduced by Pectra,\u201d Rudytsia said. \u201cFrom now on, users have to carefully validate what they are going to sign.\u201d<br \/>\nSource: NoirRelated: Pectra features already in use: Ethereum EIP-7702 wallets roll out<br \/>\nHardware wallets are not safer anymore<br \/>\nHardware wallets are no longer inherently safer, Rudytsia said. He added that hardware wallets from now on are at the same risk as hot wallets from the perspective of signing malicious messages. \u201cIf done\u2014all the funds are gone in a moment.\u201d<br \/>\nThere are ways to stay safe, but they require awareness. \u201cUsers should not sign the messages they do not understand,\u201d Rudytsia advised. He also urged wallet developers to provide clear warnings when users are asked to sign a delegation message.<br \/>\nSpecial caution should be taken with new delegation signature formats introduced by EIP-7702, which are not compatible with existing EIP-191 or EIP-712 standards. These messages often appear as simple 32-byte hashes and may bypass normal wallet warnings.<br \/>\n\u201cIf a message includes your account nonce, it\u2019s probably affecting your account directly,\u201d Usman warned. \u201cNormal sign-in messages or offchain commitments don\u2019t usually involve your nonce.\u201d<br \/>\nAdding to the risk, EIP-7702 allows for signatures with chain_id = 0, meaning the signed message can be replayed on any Ethereum-compatible chain. \u201cUnderstand it can be used anywhere,\u201d Usman said.<br \/>\nWhile multisignature wallets remain more secure under this upgrade, thanks to their requirement for multiple signers, single-key wallets \u2014 hardware or otherwise \u2014 must adopt new signature parsing and red-flagging tools to prevent potential exploitation.<br \/>\nAlongside EIP-7702, Pectra also included EIP-7251, which raised Ethereum\u2019s validator staking limit from 32 to 2,048 ETH, and EIP-7691, which increases the number of data blobs per block for better layer-2 scalability.<br \/>\nMagazine:\u00a0Bitcoin eyes \u2018crazy numbers,\u2019 JD Vance set for Bitcoin talk: Hodler\u2019s Digest, May 4 \u2013 10<a href=\"https:\/\/cointelegraph.com\/news\/pectra-wallet-exploit-offchain-signature-risk?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsEthereum\u2019s latest network upgrade, Pectra, introduced powerful new features aimed at improving scalability and smart account functionality \u2014 but it also opened a dangerous new attack vector that&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/129018"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=129018"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/129018\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=129018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=129018"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=129018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}