From Cointelegraph

May 11, 2025 09:10:00 AM:

1. Ethereum’s Pectra upgrade introduces new features for scalability and smart accounts, but also opens a dangerous attack vector. Attackers can drain funds from wallets using offchain signatures, posing a significant risk.
2. The new transaction type introduced by Pectra allows attackers to install arbitrary code on users’ wallets, turning them into programmable smart contracts. Wallets can now be modified with a simple offchain signature, increasing vulnerability to attacks.
3. Hardware wallets are no longer considered inherently safer, as they are now at risk of signing malicious messages. Users must be cautious and avoid signing messages they do not understand to prevent fund loss. Wallet developers should provide clear warnings for delegation messages.
4. Ethereum’s Pectra upgrade includes changes to validator staking limits and data blobs per block for better scalability. Multisignature wallets remain more secure under the upgrade, but single-key wallets must adopt new tools to prevent exploitation. Users need to be vigilant to protect their funds.

Read more at Cointelegraph: Pectra lets hackers drain wallets with just an offchain signature