Malicious Ethereum contracts designed to surreptitiously drain funds from vulnerable wallets are failing to reap the anticipated rewards, according to revelations by crypto market maker Wintermute. On Friday, Wintermute identified these predatory contracts, branded as “CrimeEnjoyors,” that have emerged in the aftermath of Ethereum’s Pectra upgrade, which went live in May 2025.
The Pectra Upgrade and Its Unintended Consequences
The Pectra upgrade, notably through Ethereum Improvement Proposal (EIP)-7702, was aimed at enhancing user experience by allowing regular Ethereum addresses to temporarily function as smart contracts. This advancement has enabled batched transactions, password authentication, and spending limits, but also inadvertently opened the door for opportunistic exploits. By delegating wallet control to smart contracts, users have unwittingly exposed themselves to potential fund drainage. For more insights into the vision behind the Pectra upgrade and its broader implications, see Vitalik Buterin’s vision for Ethereum: Pectra, Glamsterdam and beyond.
Wintermute’s analysis reveals a staggering statistic: over 80% of delegations executed via EIP-7702 involve recycled, copy-and-paste contracts. These contracts, notably the “CrimeEnjoyors,” are engineered to sniff out and exploit weak wallets. “Our research found that over 97% of all EIP-7702 delegations were authorized to multiple contracts using the same exact code,” Wintermute stated on X, drawing attention to the vast scale of this phenomenon.
Unsuccessful Swindles: Why CrimeEnjoyors Aren’t Profiting
Despite their pervasive nature, these CrimeEnjoyor contracts haven’t turned out to be the cash cows their creators might have hoped for. Wintermute notes that the attackers have expended approximately 2.88 ETH to authorize around 79,000 addresses. One primary address—0x89383882fc2d0cd4d7952a3267a3b6dae967e704—has been responsible for more than half of these permissions, handling a staggering 52,000 authorizations.
In a twist that underscores the inefficacy of these cyber heists, the destination address for the stolen ETH—0x6f6Bd3907428ae93BC58Aca9Ec25AE3a80110428—had not recorded any inbound ether transfers as of Friday. Wintermute’s researchers highlight this peculiar pattern across other CrimeEnjoyor contracts, noting that despite their malicious intent, the expected ether transfers are conspicuously absent.
Real-World Impacts and a Cautionary Tale
The implications of these findings are not just academic. Scam Sniffer, a diligent anti-scam tracker, highlighted a notable instance where a wallet hemorrhaged nearly $150,000 through orchestrated malicious batched transactions. Yet, the widespread attempts to capitalize on weak security measures have not translated into the expected financial windfall for the perpetrators.
The case of the CrimeEnjoyors serves as a cautionary tale for cryptocurrency users. As the crypto landscape evolves, so too does the sophistication of threats targeting it. The Pectra upgrade was designed to streamline user interactions with Ethereum, but it has also underscored the persistent vulnerabilities that can arise with new innovations. This is particularly relevant as multi-wallet usage has increased, a trend we explored in Multi-wallet usage up 16%, but AI may address crypto fragmentation gap.
What Lies Ahead for Ethereum Users?
Looking forward, Ethereum users and developers are faced with the challenge of balancing innovation with security. The recent wave of CrimeEnjoyor contracts serves as a stark reminder of the critical need for robust security measures. The crypto community must stay vigilant, continually adapting to the ever-changing threat landscape.
As the Ethereum network continues to evolve, users are urged to exercise caution when delegating wallet control and to remain informed about potential vulnerabilities. The ongoing developments in blockchain technology promise exciting prospects, but they also demand an equal measure of caution and preparedness from those who engage with them.
The broader question remains: as Ethereum and other blockchain platforms continue to innovate, will security measures keep pace with the creativity of would-be exploiters? This remains an open-ended challenge, beckoning the crypto world to devise solutions that ensure safety without stifling innovation.
Source
This article is based on: Post Pectra ‘Malicious’ Ethereum Contracts Are Trying to Drain Wallets, But to No Avail: Wintermute
Further Reading
Deepen your understanding with these related articles:
- Restaking can make DeFi more secure for institutional traders
- AI-Powered Court System Is Coming to Crypto With GenLayer
- AI Crypto Agents Are Ushering in a New Era of ‘DeFAI’
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
