- Pin
- Dear Gate Post users, we’re excited to announce a brand-new upgrade to our user interface! The new version is simpler, smoother, and packed with many thoughtful new features. Update now and explore what's new! What do you think of the new Gate Post experience? Which features do you like most? Have you noticed any surprises or improvements? Share your experience now to split a $50 prize pool!
🎁 We'll select 5 users with outstanding posts, each winning $10!
How to participate:
1. Follow Gate_Post;
2. Create a post with the hashtag #MyGatePostUpgradeExperience# , sharing your feedback and experie
- 🚀 Gate.io #Launchpad# Initial Offering: #PFVS#
🏆 Commit #USDT# to Share 10,000,000 #PFVS# . The More You Commit, the More $PFVS You Receive!
📅 Duration: 03:00 AM, May 13th - 12:00 PM, May 16th (UTC)
💎 Commit USDT Now: https://www.gate.io/launchpad/2300
Learn More: https://www.gate.io/announcements/article/44878
#GateioLaunchpad#
- 🧧 Join Gate.io Chat Community to Grab Red Packet Airdrops Everyday!
⏰ Click the red packet icon as soon as the countdown ends. First come, first served.
🥳 Remember to claim your lucky red packet & do not miss out!
➜ Join Gate.io Chat Community:
Open Gate.io App » Click "Home" » Click "Post" at the bottom of the Home-"Chat" » Enter Gate.io Group or
➜ Click the Link to Enter: https://gateio.onelink.me/LHro/group?chatroom=group
- 👩 Gate Post User Experience Survey is Now Live! 💻
💙 We sincerely invite you to participate in our survey — your valuable feedback will help us continuously improve and grow!
💰 Complete and successfully submit the questionnaire for a chance to share a $200 points prize pool!
👉 Join Now: https://www.gate.io/questionnaire/6641
⏰ Event Period: May 8, 8:00 AM – May 18, 6:00 PM (UTC)
Ethereum’s Pectra Upgrade Opened a Dangerous Backdoor—Here’s What You Missed
Key Insights
Ethereum’s recent Pectra upgrade has been hailed for bringing several new features to the network.
These features were especially designed to support scalability and improve smart contract capabilities.
However, underneath these improvements was a security flaw that could allow hackers to drain funds from wallets:
Using only an off-chain signature.
Here are the details of this risk and what it could mean for security on the Ethereum network.
What Exactly Is the Pectra Upgrade?
For some context, the Pectra upgrade was activated on 7 May, at epoch 364032.
This upgrade introduced multiple Ethereum Improvement Proposals (EIPs), all of which were designed to boost the network’s performance.
Some of the most interesting of these included the EIP-7702, which allows for wallet delegation through off-chain signatures, and the EIP-7251, which increases the validator staking limit from 32 ETH to 2,048 ETH.
While the latter upgrade is largely seen as beneficial, EIP-7702 has become a lightning rod for critique in the crypto space because of a loophole that nobody saw coming.
EIP-7702 and SetCode Transactions
The EIP-7702 is a highly useful part of the Pectra upgrade, which allows Ethereum wallets to behave like smart contracts in themselves.
This means users can delegate control of their wallet to another contract by simply signing a message off-chain.
In theory, this is a powerful feature that makes smart accounts more usable. However, in practice, the story is very different.
Hackers can now reportedly trick users (via phishing, fake DApps, or Discord scams) into signing a seemingly harmless message.
That message, in reality, could include a request for permission for the attacker to install backdoor access into a user’s wallet.
Once control has been granted, the attacker in question can do anything from executing transactions sending tokens to even draining all of their victim’s ETH.
Even worse is how after the initial permission has been granted, the attacker needs no further on-chain signature from the victim.
Why Is This So Dangerous?
If the implications of this issue weren’t immediately obvious, it is worth mentioning that before Pectra, Ethereum users had to manually sign on-chain transactions to allow wallet modifications or fund transfers.
Put simply, a user had to sign every transaction before approval.
As it stands, simply signing a tampered-with off-chain message can give attackers full control over an account.
This, of course, changes everything about crypto wallet security because an action that was previously safe (signing an off-chain message) can now be highly risky.
Most current wallet interfaces aren’t built to detect this new kind of delegation request, and users won’t receive any adequate warnings before signing their tokens away.
Without these checks, phishing and social engineering scams are likely to skyrocket over the course of the year.
Can Multisig Wallets Help?
Since the vulnerability in question requires signatures at least once, hardware wallets are not inherently safer than software-based ones.
However, multi-sig wallets are.
These kinds of wallets require multiple private keys to approve transactions, and are stronger in terms of security.
On the other hand, single-key wallets, hardware or software must adapt quickly to parse signatures and detect red flags, or the security implications could be devastating.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.