Bull Run Security: What Makes It Different? 

Protecting yourself in a bull run is difficult. Capital has a higher velocity, opportunities come and go in hours, and these key facts mean users are emotionally motivated to make quick decisions. Unfortunately, this heavily incentivizes scammers to innovate new techniques to take advantage of these heightened emotions. And the threat only becomes more significant with the introduction of new technology. While you’re excited to invest and show unfamiliarity with new technologies, the scammer is laying in wait—ready to strike at the opportune moment. 

So you might be wondering, how do I protect myself from these scams? How do I make sure I’m not the one caught out?

In this article, we will equip you with updated knowledge on how the landscape has changed, tools you can leverage, and frameworks you can use to minimize your risk of falling victim to anything that could sour your Web3 experience forever. 

The Stakes Are Higher

Bull runs often mean higher token values, and that money moves around quickly and freely compared to a bear market. Each new bull market brings with it new paradigms, new protocols, and new technologies. Staying educated on these changes and how they affect your wallet security is extremely important since technology you’re unfamiliar with is much more likely to mean falling victim to scams.

Incentives to Innovate (for Attackers)

Chainalysis reported that cryptocurrency scams resulted in over $7.7 billion in losses worldwide in the 2021 bull run, representing an 81% increase from 2020. More valuable tokens mean that bad actors are incentivized to take scams to the next level, bringing in co-conspirators and getting creative with their traps. 

Although many attacks are re-skinned versions of past iterations, higher valuations attract more cunning thieves to the space, including nation-state actors. Coupled with AI and LLMs that make crafting high-quality websites and marketing materials easy, differentiating scams from legitimate opportunities is only going to become more difficult as technologies advance.

New Vectors to Exploit

Typically, bull markets emerge through technological advancements that simultaneously provide attackers with new avenues to explore—especially when it comes to crafting a sophisticated phishing, malware, or social engineering attack. 

Understanding new attack vectors via EIP-7702

For example, with the Ethereum  Pectra upgrade completed,  smart accounts are now accessible to every user through EIP-7702. Unfortunately, the same upgrade also introduced the potential for a whole host of new scams. Many wallet providers have been cautious about implementing Smart Account features so far. The biggest reason being that, users can sign something without reading it, and have their entire wallet drained with one signature.

To explain further,  EIP-7702’s wallet delegation feature is in direct opposition with one of the Ethereum network’s core security features. While “Regular” (EOA) wallets needed approvals for each token in a separate transaction before they could be spent, thus preventing an entire wallet’s contents from being drained in a single transaction or signature, EIP-7702 allows for an entire wallet’s assets to be delegated to a smart contract.  That means a single transaction or message signature can steal all of your funds—yes, just one single signature!

You need to understand this possibility when delegating, since although it may be user-friendly, it may come at a heavy cost.

Avoiding EIP-7702 Scams

Since EIP-7702 is still yet to be fully implemented across the ecosystem, you’re best off following a few key security practices, including:

• Using a transaction simulator to see the potential outcome of a transaction before you sign
• Segregating your assets into multiple wallets and only delegating to a 7702 contract with an account containing minimal value.
• Leveraging Ledger’s clear signing standard when possible, so you know exactly what you’re signing. 
• Exercising caution when interacting with any 7702 contract that isn’t supported by your Ledger device or present on the list of audited contracts provided by the Ethereum Foundation.

Old Exploits, New Paint

However, 7702 isn’t the only new tech on the scene, and thus not the only new attack vector either. To explain, scams from previous cycles often resurface in new disguises to capitalize on new trends and metas. For example:

• Stolen Art or Low-Effort Copycats became AI art passed off as human-made.
• Fake job offers became Deep-Faked AI talking heads discussing partnership deals on video calls.
• Discord DM scams became Telegram trading bot scams.

And maybe in the future we’ll see:

• Permit & Permit2 scams become Malicious Smart Account Transaction Batch transactions. (Permit is a signature-based approval, which is only available on some tokens like stETH and USDC)
• Discord and Telegram scams may evolve into more sophisticated scams targeting the Metaverse and Game-verse.

We can never truly know where the cryptocurrency world will go, but we can be certain that the scam world will follow closely behind. Whether you’re a crypto-native pushing boundaries or simply curious about what’s next, one thing is clear: the bull run doesn’t just amplify gains, it amplifies risks. The scams are faster, slicker, and better disguised than ever.

Final Thoughts

Knowledge remains your best defense. In a bull market, everyone wants a piece, including the scammers. So if you’re in the game, stay sharp. New updates to protocols, wallets, or products will change the way users interact with the crypto landscape. It’s worth the extra time to learn about these things, especially if you’ve got skin in the game! The following modules aren’t just for learning, they’re for survival.