Careful when signing messages in Ethereum Pectra

By: cryptonews|2025/05/08 05:45:02

The Ethereum blockchain forked today for its Pectra code change and introduced a suite of new features, upgrades, and vulnerabilities. However, within an hour of the changeover, concerned users were warning about a new threat vector: message signing. “Be careful what you sign... It is enough to drain all tokens,” posted one user to Telegram. Another Ethereum user echoed the warning, saying, “You only have to sign a message to get completely drained!” Many other warnings flagged similar risks . Ethereum’s Pectra upgrade included Ethereum Improvement Proposal (EIP) 3074, which has introduced new AUTH and AUTHCALL Ethereum operation codes. These opcodes allow the holder of an Ethereum private key to delegate authorization to a smart contract. Developers called it an important step in achieving account abstraction. However, critics say it has introduced new phishing attacks that allow theft of all assets in a user’s wallet once they delegate control of their keys. Careful signing Ethereum transactions and messages EIP-3074’s co-authors tried to calm fears with a post published on Binance claiming to be “unaware” of any wallet that allowed signing of improperly prefixed messages without a user warning. Transactions use the prefix 0x04, and the authors of the EIP hope that all major Ethereum wallets will flag 0x04 messages with prominent warnings to inform the user about their expansive power to authorize multiple withdrawals, including possible theft. “The caller field in the EIP-3074 signature is very important,” they wrote solemnly. “A bad caller could steal your funds.” Read more: Seneca Protocol hack highlights dangers of Ethereum’s token approval mechanism Today’s Pectra fork also added EIP-7702, raising the stakes even higher. With the power of EIP-7702, a single malicious signature can temporarily delegate someone’s entire account to a third-party smart contract . If that contract is malicious, it could potentially drain all assets (ETH, tokens, NFTs) in one go. As opposed to pre-Pectra Ethereum transactions, the possible attack surface for victims is broader with EIP-7702 because externally owned accounts (EOAs) are now exposed to third-party temporary smart contract vulnerabilities. This temporary delegation of executable code was not a concern before Pectra. Although warnings are proliferating across social media, there are no reports yet of a successful theft of funds using the new Pectra-enabled attack vector. Most wallet providers like MetaMask were prepared for Pectra and added prominent warnings for EIP-3074 message signings.

The growth of AI-driven tools and community collaboration in Web3 has created new opportunities for developers worldwide. As a community partner and sponsor of the WEEX AI Trading Hackathon, Fluxor's mission to unify hackathon experiences and foster creative partnerships aligns with this spirit of collective innovation.

Houthi Deadline Countdown Begins | Rewire News Morning Brief

Trump's 48-Hour Ultimatum was issued on Saturday and expires on Monday night

Middle East Conflict Escalation and Rate Hike Expectation Trigger Worst Gold Sell-Off in 43 Years

The key reasons for the sharp decline include heightened oil prices due to Middle East conflict, suppressed interest rate cut expectations, and intensified selling pressure triggered by tightening USD liquidity.

The Largest Oil Reserve Release in History: Why Is the Oil Price Still Above 100?

4 billion barrels per day production, only covering 17% of the gap

AI Agent Can't Kill SaaS

The true moat is the singularity of data

This viral Beijing high school teacher, Jiang Xueqin, predicted America's downfall in advance

Jiang Xueqin's latest viewpoint in an interview with Carlson: The era of global cheap energy is coming to an end.

Interview with Bill, Head of Bitget AI: In the AI Trading Era, How Far Are We from "Earning While Lying Down"?

Bitget launches a three-tier AI product: GetAgent (Chatbot Assistant), Agent Hub (Developer Tool), GetClaw (One-Click Product), covering users from geeks to newbies.

Privacy Infrastructure and the WEEX AI Trading Hackathon

A privacy-first Web3 ecosystem using masternodes, encrypted messaging, and confidential payments to protect traders and AI strategies on-chain.

Meme Culture, Community Energy, and the WEEX AI Trading Hackathon

A community-driven meme token built around one of the internet's most recognizable characters.

RGAI: Exploring AI Agent Trading and Advancing the WEEX AI Trading Hackathon

A Solana-based AI agent project connecting automated trading strategies with on-chain token dynamics in AI-driven Web3 markets.

ForeGate: Bringing Decentralized Forecasting to the WEEX AI Trading Hackathon

A decentralized prediction market platform enabling users and builders to gauge probabilities and make informed decisions around future events in AI-enhanced Web3 environments.

Apello: Automating Web3 Community Management and Partnering with the WEEX AI Trading Hackathon

A community toolkit enabling builders to streamline engagement and participation as Web3 ecosystems evolve with AI and decentralized innovation. As a community partner and sponsor of the WEEX AI Trading Hackathon, Apello reflects the growing fusion of community-driven participation and technical creativity in the Web3 space. The platform's commitment to empowering community interaction and meaningful engagement aligns with this shared vision of innovation.

RootData: Delivering Structured Web3 Intelligence and Sparking the WEEX AI Trading Hackathon

A Web3 data platform enabling investors and builders to uncover market insights and informed decision-making in AI-powered trading.

As a community partner and sponsor of the WEEX AI Trading Hackathonm RootData has a shared focus on transparency, data integrity, and insight-driven innovation across AI trading and market research.