Fake EIP-7702 (Pectra May 2025) account abstraction delegation drainer — "sign authorization tuple to delegate your EOA via setCode" / "approve delegation to enable account abstraction features" targeting Web3 wallet users; signed authorization gives delegate full write access to every token + NFT in the EOA, draining the wallet within minutes (irreversible on-chain). Distinct from generic web3-wallet-drainer-signature-lure (broad signApprovalForAll/permit) — this signal is EIP-7702 / setCode / authorization-tuple specific. Source: GC1 R7 multiagent council top-5 (S4 crypto specialist).

Fake EIP-7702 (Pectra hardfork, May 2025) account-abstraction delegation drainer targeting Web3 wallet users with a request to "sign authorization tuple to delegate your EOA via setCode," "approve account-abstraction delegation," or "authorize ERC-4337 entry-point delegation within 24 hours to migrate your wallet." EIP-7702 introduced a brand-new attack surface: an externally-owned account (EOA) can now temporarily delegate its execution to a smart-contract via the new `setCode` opcode plus a signed authorization tuple. A maliciously-crafted authorization gives the attacker contract full write authority over every ERC-20 token, ERC-721 / ERC-1155 NFT, and DeFi position the EOA holds — drained within minutes of the signature, irreversible because the chain treats the authorization as the EOA's own intent. The attack is potent because (1) EIP-7702 is BRAND NEW (Pectra mainnet May 2025), so the user-facing UX vocabulary is unfamiliar — users can't pattern-match "this looks wrong" the way they can with permit / approve, (2) wallet vendors began rolling out 7702-aware UIs through 2025-2026 with mixed UX maturity, so legitimate "review your delegation" prompts are happening for the first time, lending credibility to the phish, (3) the gas savings narrative ("delegate to enable batched transactions / sponsored gas / passkey signing") creates a compelling "do this to upgrade your wallet" framing. Wallet drainers across Q3 2025 - Q1 2026 already pivoted from permit/approve drainers to 7702-authorization drainers per Chainalysis Q4 2025 + Slowmist Q1 2026 reporting. Distinct from the broader `fake-web3-wallet-drainer-signature-lure` (general signApprovalForAll / permit) — this signal is specifically EIP-7702 / setCode / authorization-tuple / Pectra-hardfork-vocabulary. Fires when body references EIP-7702 / setCode / authorization tuple / account abstraction / ERC-4337 / Pectra hardfork / delegated EOA AND contains sign / approve / authorize / delegate-eoa / connect-wallet urgency. Excludes metamask.io, consensys.io, rainbow.me, safe.global, coinbase.com, ledger.com, trezor.io, ethereum.org, eips.ethereum.org, erc4337.io. Auto-classified as danger via the `-lure` suffix. Source: GC1 R7 multi-agent council top-5 (S4 crypto specialist).