Ethereum phishing scams – $12M lost in August as EIP-7702 exploits surge!
What trick made even seasoned investors approve a scam without realizing it?
Key Takeaways
Phishing scams drained over $12M from 15,000+ wallets in August 2025, largely exploiting Ethereum’s EIP-7702 standard. Experts warn that even major projects like Trump’s WLFI token are being targeted.
Phishing scams in the crypto sector surged to alarming levels in August 2025, stripping investors of more than $12 million across 15,000+ wallets.
According to blockchain security firm Scam Sniffer, the losses marked a 72% jump from July – With the number of victims climbing by 67% month-over-month.
Phishing attacks go beyond heights
Phishing attacks in August showed how quickly scammers have adapted to Ethereum [ETH]’s latest innovations.
In fact, Scam Sniffer revealed that three whale wallets accounted for nearly 46% of the $12 million in losses that month, with one wallet alone losing $3.08 million. The firm identified Ethereum’s new EIP-7702 standard as the primary tool scammers exploited in these schemes.
For those unaware, Ethereum introduced EIP-7702 to improve wallet functionality, enabling externally owned accounts (EOAs) to temporarily operate like smart contract wallets. The upgrade added convenient features such as batching transactions, setting spending caps, integrating passkeys, and recovering wallets without changing addresses.
However, attackers soon weaponized these same features, using them to accelerate thefts and trick users into signing malicious approvals.
Details of the attack
Wintermute’s Dune Analytics dashboard showed that over 80% of delegate contracts tied to EIP-7702 have displayed malicious behavior, compromising more than 450,000 wallet addresses since the standard’s rollout.
Security experts also believe that most users remain dangerously unaware of these risks.
Yu Xian, founder of blockchain security firm SlowMist, also emphasized that organized criminal groups have eagerly exploited EIP-7702, extending the attacks across Ethereum Virtual Machine (EVM) ecosystems.
Hence, to counter these threats, Scam Sniffer is urgingnvestors to exercise greater caution when interacting with wallet prompts.
The firm recommended verifying domains, avoiding rushed approvals, and rejecting signatures that grant unlimited or overly broad permissions.
As suspicious prompts tied to contract upgrades and mismatched transaction simulations continue to spread, Ethereum users should stay vigilant. Especially since even breakthrough features can double as attack vectors in the wrong hands.
