Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem

The introduction of smart accounts by EIP-7702 represents a major advancement for blockchain account abstraction, enabling externally owned accounts (EOAs) to be upgraded into programmable accounts while still preserving their original addresses. This advancement significantly enhances both account functionality and usability, but also redefines blockchain trust boundaries between EOAs and smart contract accounts (CAs), thereby altering security assumptions and creating opportunities for novel types of attack. To systematically examine these risks, we classify smart account-based risks into three categories according to the type of victim accounts: EOA-targeted, CA-targeted, and composite attacks. We then develop specialized detection tools that combine large-scale transaction analysis with cross-contract static analysis to identify malicious behaviors. Applying these tools across seven blockchains that support EIP-7702, we detect 924 malicious contract accounts, including several previously unreported zero-day cases. These attacks have led to more than 2.3 million in losses and exposed over 10 million to potential compromise. We uncover multiple key insights into attacker behaviors. Specifically, we find that over 63% of EIP-7702 authorization transactions are associated with malicious EOA-targeted attacks, and nearly half of the most frequently authorized contracts are controlled by attackers. In addition, we identify existing evasion tactics that attackers use to circumvent detection, attack impacts observed in real-world incidents, and potential risks that may emerge in future deployments, underscoring the urgency of addressing smart account security in blockchain ecosystems.