A single phishing attack worth $1 million, involving 5 tokens, was executed using the EIP-7702 mechanism. It delegated the user's EOA address authorization to MetaMask: EIP-7702 Delegator, and then used its contract to execute (0xe9ae5c53) and call Uniswap's Universal Router functions to complete subsequent token transfer operations. From the perspective of the phished user, it looks like this: the user opens a phishing website, a wallet signature prompt pops up, the user clicks confirm, and with just that one action, all valuable assets in the wallet address are gone in an instant... The technical details might be a bit complicated for many, but that's roughly how it works…