Wintermute’s “CrimeEnjoyor” Flags Malicious Ethereum Contracts Exploiting EIP-7702

Crypto market maker Wintermute has introduced a new tool, “CrimeEnjoyor,” aimed at enhancing user protection on the Ethereum network.

Written by: Sophia Cruz • Monday, June 2, 2025 • 1 min read

• Last updated: Monday, June 2, 2025

Quick overview

Wintermute has launched a new tool called 'CrimeEnjoyor' to enhance user protection on the Ethereum network.
This initiative addresses the rise of malicious smart contracts exploiting the Ethereum Improvement Proposal-7702 (EIP-7702).
Over 97% of current EIP-7702 delegations are linked to harmful contracts that drain ETH from wallets.
'CrimeEnjoyor' injects on-chain alerts into these contracts, warning users against sending funds to potentially dangerous transactions.

Crypto market maker Wintermute has introduced a new tool, “CrimeEnjoyor,” aimed at enhancing user protection on the Ethereum network.

This initiative comes in response to the recent surge in malicious smart contracts exploiting the Ethereum Improvement Proposal-7702 (EIP-7702), a new feature implemented in Ethereum’s latest Pectra upgrade.

EIP-7702 enables Ethereum users to temporarily delegate control of their wallets to smart contracts, unlocking capabilities like batched transactions and spending limits. However, this flexibility has introduced security vulnerabilities. Wintermute’s research indicates that over 97% of current EIP-7702 delegations are linked to malicious contracts with identical code that instantly drains ETH from wallets upon receipt.

To counter this threat, “CrimeEnjoyor” works by injecting on-chain alerts directly into these harmful contracts. The warnings, written in human-readable Solidity code, inform users that the contract automatically sweeps all ETH and advise them not to send funds. By publicly verifying this code, Wintermute ensures that platforms and users can see the red flags before interacting.

The scale of this problem is significant. One particular bytecode variant now dominates the EIP-7702 delegation space, copied and reused by attackers across the ecosystem. This replication amplifies the risk for unsuspecting users who may unknowingly authorize dangerous contracts.

The real-world implications are alarming. In one reported case, an Ethereum user lost $146,550 by interacting with a malicious batched transaction. Incidents like these underscore the necessity for robust user-side protection tools.

Wintermute’s proactive approach demonstrates a vital evolution in crypto security. “CrimeEnjoyor” not only highlights the risks tied to EIP-7702 but also empowers users to protect themselves through greater contract transparency. As Ethereum continues to develop, innovations like this will be crucial in maintaining trust and ensuring a safer DeFi environment for all participants.

Check out our free forex signals
Follow the top economic events on FX Leaders economic calendar
Trade better, discover more Forex Trading Strategies
Open a FREE Trading Account

ABOUT THE AUTHOR See More

Sophia Cruz

Financial Writer - Asian & European Desks

Sophia is an experienced writer, reporter and newsdesk member, mostly on the financial sectors. For the past 5 years Sophia has covered a wide variety of topics such as the financial markets, economics, technology, fin-tech and trading. Sophia has been a part of the FX Leaders team since 2017 and works on producing valuable content and information for traders of all levels of experience.