Following the activation of Ethereum’s EIP-7702 upgrade on May 7, many users have been eager to enable smart accounts for enhanced user experience. However, this move has exposed users to a new security threat – a phishing scam targeting the top 7702 delegator address. 8k+ addresses have been utilizing this feature according to GoPlus Security findings, but it appears they’ve fallen prey to malicious actors. The scammer utilizes a sophisticated method of redirecting ETH from victim’s accounts to their own wallet (0x000085bad). 1) The culprit exploits user trust in the Pectra upgrade and then uses contract decompilation techniques to gain access. 2) GoPlus Security, through on-chain data analysis, identified that once authorized, all ETH is automatically redirected to the scammer’s address after authorization. This was confirmed by analysis of the code’s behavior 3) Users are urged to exercise caution when using external links or emails for smart account upgrades. 4) Although the EIP-7702 promises a significant boost in user experience and transaction flexibility, it’s crucial to prioritize security measures and avoid authorizing through external links. Experts like Yehor Rudytsia at Hacken stress that even hardware wallets, previously seen as safer, are now equally vulnerable. The risk of malicious delegation messages remains high, regardless of wallet type. 5) While users can take steps to mitigate risks by verifying contract source code and being vigilant about the addresses they authorize with, the vulnerabilities within EIP-7702 highlight the need for greater awareness and secure practices.