- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Careful when signing messages in Ethereum Pectra
By: bitcoin ethereum news|2025/05/08 03:30:02
0
Share
The Ethereum blockchain forked today for its Pectra code change and introduced a suite of new features, upgrades, and vulnerabilities. However, within an hour of the changeover, concerned users were warning about a new threat vector: message signing. “Be careful what you sign... It is enough to drain all tokens,” posted one user to Telegram. Another Ethereum user echoed the warning, saying, “You only have to sign a message to get completely drained!” Many other warnings flagged similar risks . Ethereum’s Pectra upgrade included Ethereum Improvement Proposal (EIP) 3074, which has introduced new AUTH and AUTHCALL Ethereum operation codes. These opcodes allow the holder of an Ethereum private key to delegate authorization to a smart contract. Developers called it an important step in achieving account abstraction. However, critics say it has introduced new phishing attacks that allow theft of all assets in a user’s wallet once they delegate control of their keys. pectra pros: >approve spend then swap is dead pectra cons: >signing messages just got a whole lot spicier — sloth (@0xSloth) May 7, 2025 Careful signing Ethereum transactions and messages EIP-3074’s co-authors tried to calm fears with a post published on Binance claiming to be “unaware” of any wallet that allowed signing of improperly prefixed messages without a user warning. Transactions use the prefix 0x04, and the authors of the EIP hope that all major Ethereum wallets will flag 0x04 messages with prominent warnings to inform the user about their expansive power to authorize multiple withdrawals, including possible theft. “The caller field in the EIP-3074 signature is very important,” they wrote solemnly. “A bad caller could steal your funds.” Read more: Seneca Protocol hack highlights dangers of Ethereum’s token approval mechanism Today’s Pectra fork also added EIP-7702, raising the stakes even higher. With the power of EIP-7702, a single malicious signature can temporarily delegate someone’s entire account to a third-party smart contract . If that contract is malicious, it could potentially drain all assets (ETH, tokens, NFTs) in one go. As opposed to pre-Pectra Ethereum transactions, the possible attack surface for victims is broader with EIP-7702 because externally owned accounts (EOAs) are now exposed to third-party temporary smart contract vulnerabilities. This temporary delegation of executable code was not a concern before Pectra. Although warnings are proliferating across social media, there are no reports yet of a successful theft of funds using the new Pectra-enabled attack vector. Most wallet providers like MetaMask were prepared for Pectra and added prominent warnings for EIP-3074 message signings. Got a tip? Send us an email securely via Protos Leaks . For more informed news, follow us on X , Bluesky , and Google News , or subscribe to our YouTube channel. Source: https://protos.com/careful-when-signing-messages-in-ethereum-pectra/
You may also like
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
Old Indicator Fails, Three Major New Signals Emerge: BTC True Bottom May Still Be Below $60K
When the grocery shopping auntie on the subway, or Tony the hairdresser, start asking you about BTC, crypto, and cryptocurrency investments, selling immediately will be the only best option.
Meeting OpenClaw Founder at a Hackathon: What Else Can Lobsters Do?
Imperial College London MetaGame: AI Agent × Web3 Landing Three Major Directions.
Huang Renxun's Latest Podcast Transcript: NVIDIA's Future, Embodied Intelligence and Agent Development, Soaring Demand for Inferencing, and AI's PR Crisis
The future of competition is not only about whose model is bigger, whose computing power is stronger, but also about who understands the industry better, who can more deeply integrate AI into real processes, and who can organize these capabilities into a set of executable, scalable systems
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Crypto_Trade shows how structured inputs and controlled adaptability can build a more stable and reliable AI crypto trading bot within the WEEX AI Trading Hackathon, highlighting a practical path toward scalable AI trading systems.
AI Starts to Devour the Manufacturing Industry | Rewire News Morning Edition
When Bezos starts using AI to buy factories instead of building data centers, it shows that he believes the next wave of AI's value is not inside the box.
When Scaling Meets Speed, Ethereum Foundation Introduces "Hardness" to Safeguard the Base Layer
Hardness is a protocol-level commitment to Ethereum core properties, including censorship resistance, privacy, security, and permissionlessness.
Google, Circle, Stripe Flock Together to Let AI Spend Money: Payment Giants' Joys and Worries in 2026 Q1
The real enemy is no longer each other, but zero cost itself
$100 Billion Factory Purchase: Bezos and Middle Eastern Capital Shift AI Money from Cloud to Shop Floor
Bezos doesn't invest in a new model; he invests in a supply chain.
Xiaomi and MiniMax both unleash their ultimate moves, signaling the start of the Agent Pricing War.
No brand, no marketing, let developers vote with their feet in 8 days
Predicting markets has taken the spotlight, but the Perp DEX has been quietly waging war on traditional exchanges.
During a weekend of relentless volatility, while traditional financial markets were closed, another wave of investors was busy trading gold, oil, and silver on a blockchain platform.
Is the Market Slump Still Making Millions a Day? Is pump.fun's Revenue Real?
If it's really that profitable, what's keeping $PUMP's price down?
Understanding x402 and MPP in One Article: The Two Paths of Agent Payments
x402 for in-protocol payments, MPP for off-chain payments
Quick Look at the Latest 18 Graduation Projects from Alliance: Who's the Next Pump.fun?
The project's core innovation areas include stablecoin payments, AI applications, prediction markets, and RWA tokenization.
It's not just the prediction market that profits from the Iraq War
Always maintaining the ambiguity of regulation with "offshore" may be the consensus of the perp DEX.
The "bank card" of AI has caught the attention of the giants
AI has not learned how to spend money yet, and the people who fix banks for it have already arrived.
Morning News | U.S. SEC approves tokenized trading on Nasdaq; Animoca Brands announces investment in AVAX tokens; Algorand Foundation completes strategic integration
Overview of Important Market Events on March 19
$70 trillion wealth transfer, the financial gateway is being rewritten | Interview with Robinhood CEO Vlad Tenev
The next key competition in the financial sector may revolve around where the "intergenerational wealth transfer" of up to $90 trillion will ultimately flow.
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
Old Indicator Fails, Three Major New Signals Emerge: BTC True Bottom May Still Be Below $60K
When the grocery shopping auntie on the subway, or Tony the hairdresser, start asking you about BTC, crypto, and cryptocurrency investments, selling immediately will be the only best option.
Meeting OpenClaw Founder at a Hackathon: What Else Can Lobsters Do?
Imperial College London MetaGame: AI Agent × Web3 Landing Three Major Directions.
Huang Renxun's Latest Podcast Transcript: NVIDIA's Future, Embodied Intelligence and Agent Development, Soaring Demand for Inferencing, and AI's PR Crisis
The future of competition is not only about whose model is bigger, whose computing power is stronger, but also about who understands the industry better, who can more deeply integrate AI into real processes, and who can organize these capabilities into a set of executable, scalable systems
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Crypto_Trade shows how structured inputs and controlled adaptability can build a more stable and reliable AI crypto trading bot within the WEEX AI Trading Hackathon, highlighting a practical path toward scalable AI trading systems.
AI Starts to Devour the Manufacturing Industry | Rewire News Morning Edition
When Bezos starts using AI to buy factories instead of building data centers, it shows that he believes the next wave of AI's value is not inside the box.
App