Inferno Drainer Exploits New Ethereum Feature to Steal $150K in Crypto Phishing Scam
A notorious crypto phishing group known as Inferno Drainer has stolen nearly $150,000 in a targeted attack that exploited a newly introduced Ethereum feature—marking a concerning evolution in how scammers are using blockchain upgrades to their advantage.
On May 24, web3 security platform Scam Sniffer flagged the incident, which involved a wallet upgraded to Ethereum Improvement Proposal (EIP) 7702—a feature from the upcoming Pectra upgrade. EIP-7702 enables regular Ethereum accounts, known as Externally Owned Accounts (EOAs), to temporarily behave like smart contract wallets, enhancing transaction flexibility. Unfortunately, this capability has also opened new doors for attackers.
According to Yu Xian, founder of blockchain security firm SlowMist, Inferno Drainer took advantage of this new flexibility to carry out a stealthy token drain. Instead of hijacking a wallet outright, the attackers exploited a MetaMask wallet that had already been authorized under the new standard.
Xian explained that the victim unknowingly executed a malicious “batch authorization” via MetaMask, enabling Inferno Drainer to drain tokens silently in the background. “The phishing gang uses this mechanism to complete batch authorization operations on tokens related to the victim’s address,” he said.
This marks a turning point in phishing tactics. Rather than relying solely on outdated strategies, cybercriminals are now adapting to cutting-edge Ethereum updates. “As we predicted, the phishing gangs have caught up,” Xian warned, urging users to regularly audit token permissions and check for suspicious wallet delegations tied to EIP-7702.
The attack isn’t an isolated case—it’s part of a troubling trend in the crypto space. Last month alone, over $5 million was siphoned from more than 7,500 victims in similar phishing schemes, signaling that digital asset holders face growing risks.
To stay safe, Scam Sniffer advises users to double-check any site before connecting their wallets or approving transactions, routinely review token authorizations, and avoid interacting with unverified links.