The latest Ethereum network upgrade, Pectra, introduced significant improvements like smart account features and better scalability. it also introduced a serious security flaw via EIP-7702, allowing hackers to drain user wallets using only an off-chain signature, without needing the private key or an on-chain transaction.
Key issues:
 
EIP-7702 introduces a new transaction type (SetCode) that lets users delegate wallet control to a smart contract via just an off-chain signature.
 
If a hacker obtains this signature (e.g., via phishing), they can overwrite the wallet's code with a malicious proxy and steal funds.
 
Hardware wallets are no longer inherently safe, since they can also sign malicious off-chain messages unknowingly.
 
These signatures bypass traditional warnings, and many wallets can’t detect or display the risks tied to the new transaction type (0x04).
 
EIP-7702 allows chain-agnostic replay (with chain_id = 0), meaning signed messages could be reused across different Ethereum-compatible chains.