📢 @PX_Web3 users now tap into Fast execution by default. If you hold $PLR, you’re now eligible. No extra steps—just better swaps. Swap faster. Capture more. Earn Miles. ⚡ fastprotocol.io/

🧵 THREAD: I found a coordinated supply chain attack campaign targeting developers on GitHub. Three fake "demo" repos. All confirmed malicious. All actively stealing credentials and running remote code on developer machines. Please RT to warn others. 👇

This is exactly the direction Ethereum needs. EIL is the only the trustless interop solution that removes assumptions, not adds new ones.

- Trustless Ethereum interoperability is possible - UX and security don’t have to be tradeoffs - AA cryptoeconomics can replace trusted intermediaries

We’re hosting a Space on the Ethereum Interop Layer (EIL) next week. Join us to unpack EIL and its role in the intent-centric future. We’ll also break down how EOAs and EIP-7702 fit into this new landscape. 📆 Dec 18, 3 PM UTC 🔗 x.com/i/spaces/1ypKdqOjQwVGW…

The biggest concerns with implementing EIP-7702 at the wallet level fall into four buckets: 1. Phishing and wallet drains Most “7702 drain” fears are actually about something older and simpler: private key compromise. If an attacker already has the EOA’s key, they can sign any transaction type. That includes a plain ETH transfer, a token transfer, or a 7702 transaction that changes the delegation. The root failure is the same in all cases: the key was leaked or entered into a malicious app. So, at a protocol level, 7702 does not introduce a new way to steal funds from a compromised key. It only changes what a *single* malicious transaction could do once the key is gone. 2. Vulnerabilities in delegates This is the main 7702-specific risk. With 7702, an EOA forwards all calls through a “delegate” (implementation contract). If that delegate has bugs or bad upgrade logic, every EOA that points to it inherits those issues. Concrete risk areas: > Incorrect validation logic in the delegate (for example, missing checks around who can trigger certain paths). > Upgradeable proxies with weak admin controls, where a single compromised key can push a malicious implementation for all users. > No safe way to revert to basic EOA behavior if a delegate is bricked. Addressing this concern is mostly a contract-engineering problem: > Keep delegates small and focused. > Use strict access control and timelocks on upgrades. > Pin implementations by address and publish bytecode so wallets can verify they are talking to the expected code. > Expose a straightforward “reset 7702 delegation” path so users can go back to plain EOA behavior if something looks wrong. If the delegate contracts are robust and well-controlled, 7702 does not introduce a fundamentally new kind of risk beyond what we already face with upgradeable smart wallets. It just routes execution through code you must treat as critical. 3. Hard to set up your own infra On its own, 7702 is “just” a transaction type and delegation mechanism. In practice, most wallets that adopt 7702 for smart wallet UX will also want: > 4337-style validation flows > Batching and session logic > Sponsored gas via paymasters That implies running or integrating with: > One or more bundlers per chain > Paymaster services > RPC and mempool infrastructure tuned for account abstraction traffic Rolling all of this from scratch is a significant engineering and ops burden. For many teams, this is the actual blocker to shipping good 7702 UX, not the proposal itself. This is the piece Etherspot is designed to cover: > Ready smart account implementations compatible with 4337 and future 7702 usage > Production bundler infrastructure > Paymaster rails for sponsored and token-based gas So the “hard to set up infra” concern is real, but it is not unsolved. 4. Blind delegation to third-party implementations A separate risk is letting any 7702 delegation target be set by any dapp. If a wallet allowed arbitrary delegation: > A phishing site could ask the user to delegate their EOA to a malicious implementation contract. > One wallet could try to route users into another wallet’s implementation with different assumptions and upgrade policies. > Users could end up delegated to code their wallet does not understand or monitor. Most serious wallet implementations avoid this by design: > They only let users delegate to a small, audited set of implementations that the wallet ships or explicitly supports. > They keep 7702 delegation changes inside the wallet UI, instead of exposing a generic “set delegate” flow to random dapps. So the concern is “blind, open-ended delegation to unknown implementations.” The mitigation is to treat delegation as a wallet-controlled operation with a restricted target set, not as something every website can request on demand. 5. Lack of educational awareness A lot of current anxiety around 7702 comes from confusion, not from concrete failures. Common gaps: > Mixing early “ephemeral contract” ideas with the finalized design, which actually uses persistent delegation code on the EOA. > Not understanding that the delegation stub is just a forwarder, and the actual logic lives in a separate contract. > Not having clear mental models for “how do I reset this” or “what exactly does this delegate allow”. Because there are few clear resources and even fewer production implementations, most people only see fragments from research threads, talks, or half-correct summaries. That leads to vague worry instead of a precise risk model. Addressing this is mainly a documentation and UX job: > Precise technical docs for implementers aligned with the latest spec. > Example flows showing how an EOA enters and exits delegated mode. > UI copy that explains 7702 in simple terms (“you are updating how this address behaves; here is how to revert”). Once those exist, most of the “7702 is dangerous” discussion can shift to the concrete points above: delegate quality and infra, rather than vague concerns about the proposal itself. We have addressed 2 out of three above concerns. The docs: docs.erc4337.io/userops/quic… Example flow of 7702: youtube.com/watch?v=mCW_yT2C…

Algorithmic Insights are now live on PillarX 📈 Receive algorithmic event data including indicative entry, stop, and profit thresholds, all tracked automatically. Try the full experience with a 7-day free trial! Learn more: go.pillarx.app/p1FFYcN

Let's go!

The @EFDevcon / Ethereum World’s Fair was a good checkpoint for where Account Abstraction really is today. The event moved past “wallets and DeFi only” into consumer apps that can sit next to tradfi products in daily life, and AA showed up as a default part of that conversation instead of a side topic. For us, it was also a stress test of AA appetite: we hosted three AA workshops, all of them had full attendance. Key takeaways: > The “World’s Fair” name fit. The floor was full of consumer facing apps, not just financial primitives. > Privacy was one of the strongest themes. Agentic payments and zk based approaches came up repeatedly in talks and side events, sitting next to AA in most forward looking conversations. > x402 and EIL were already being treated as future anchor topics. Many people framed them as two of the main areas to watch for 2026 when talking about AA, intents and cross L2 flows. > Participants came in with context and wanted to go straight into concrete plan of actions, instead of basic explainers. > In the DeFi and Wallet districts, projects were running real flows all week. @joinpeanut had steady queues, with people customising merch, and had a delightful payment experience, while the @aave corner stayed busy most of the week. >In the Hardware and Wallet district, @useburner handing out physical burner cards was one of those small things people kept pulling out of their pockets to show others. > Most teams did not ask “what is AA” any more. They asked how to connect AA to products they already have, and how to bring better UX to existing EOAs. > @erc4337 and EIP-7702 were a central topic in those discussions. The focus was on using 7702 style infra to give EOAs smart wallet level behaviour while keeping addresses stable, and on how to roll that out safely. > There was broad agreement that the Ethereum Foundation has listened to feedback. The work from the Founder Success team ( @binji_x and @KhanAbbas201) and the EF After Hours event were examples of higher quality support and networking. What’s next from the Etherspot: The practical demand is for solid 7702 infrastructure, clear paths to upgrade existing EOAs, and integration support rather than new slogans. Our focus after Buenos Aires is to keep turning those AA pieces into dependable rails that consumer apps can plug into, so users get better UX without having to think about “Account Abstraction” at all. Till then, adios, see you next year in Mumbai 🫡

Our final rerun of the workshop

mempool --> censorship resistance --> trustlessness @etherspot has been at the forefront of advancing the UserOp mempool. @mm319 & @Nikhil_1612 will guide you through integrating the censorship-resistant and free EIP-7702 infrastructure SDK, created with a grant from @EF_ESP

PillarX 🤝 @Coinbase Onramp Start in fiat, get onchain in the same app. Buying crypto shouldn’t mean multiple tabs and redirects. With Coinbase Onramp in PillarX, you can purchase crypto directly inside the app using your preferred payment method. This means support for 60 fiat currencies and 100 crypto assets, so new users can get started in a few steps. This makes onboarding smoother (and faster): > Buy crypto instantly inside PillarX > Funds land in PillarX, then swap across chains in one action > Fewer steps from first buy to first action Try it now: go.pillarx.app/onramp

7702 offers a great opportunity for an improved EOA user experience, but it makes total sense to do it while avoiding centralisation risk, please attend the worksop and we will go through some of the details!

EIP-7702 ERC-4337 = Magic Account Abstraction has always promised a better wallet experience on Ethereum. Instead of dealing with seed phrases, gas, or failed approvals, users could have wallets that act more like apps: flexible, programmable, and simple to use. Two standards make this vision possible: ERC-4337 and EIP-7702. Each solves a different part of the problem, but together they make Account Abstraction usable for everyone. ERC-4337 introduced the foundation. It made it possible for wallets to exist as smart contracts rather than fixed key pairs. These smart wallets can define their own logic, bundle multiple actions into one step, and even pay gas in tokens or have it sponsored by the app. ERC-4337 added new roles to the system. Bundlers collect user operations and submit them to the EntryPoint contract, which verifies and executes them. Paymasters cover gas or handle token payments. The result is a programmable wallet model that gives developers more control over user experience. But it came with one big limitation: users had to switch from EOAs, the regular wallets controlled by a single private key, to new smart contract wallets. That is where EIP-7702 comes in. It upgrades EOAs so they can temporarily behave like smart contract wallets during a transaction. After the transaction, they revert to normal. Users keep their same address and private key, but can now access features like batching and token-based gas without creating a new account. Together, ERC-4337 and EIP-7702 bridge the old and new worlds of Ethereum accounts. ERC-4337 provides the infrastructure: the EntryPoint contract, bundlers, and paymasters, while EIP-7702 extends that logic to EOAs. Developers can build one flow that works for both types of accounts. Apps can bring Account Abstraction features to millions of existing wallets. Users get smoother transactions without worrying about migrations or compatibility. EIP-7702 and ERC-4337 are not competing approaches. They complete each other: one defines the system, the other extends it to everyone already using Ethereum today.

Unfortunate this compromise happened, although not caused by EIP-7702 delegation, it still remains that we have a lot to educate the public and wallet implementors on how avoid attack vectors. We will run a workshop @EFDevconnect in showcasing the free 7702 infra offered by @erc4337 & @ethereumfndn, delivered by @etherspot, join us.

Very good insight on how EOAs can leverage most of the advantages of Smart Accounts via EIP-7702 in just a few steps!

Redunduncy of service achieved through the use of the @erc4337 shared mempool! A UserOp is shared among many bundlers hence eliminating a single point of failure. Very useful in today's servie demands of 99.9% uptime. Obviously Censorship Resistance is achieved too!

Essential to maintain a decentralised ecosystem!!

EIP-7702 is opening new opportunities for EOAs. Join us as we dive into what the infra enables, how it works, and where it fits in the bigger Account Abstraction picture. 👉 Set a reminder now: x.com/i/spaces/1nAJEEDDWVRJL

I loved the panel in that our experiences covered a large chunk of the ecosystem and offered interesting varied takes on the ecosystem at times.