Skip to main content

EIP-7702 Session Keys: How Ethereum's Biggest Wallet Upgrade Lets AI Agents Trade Without Touching Your Private Keys

· 9 min read
Dora Noda
Dora Noda
Software Engineer

An AI agent executes a $50,000 yield-farming rebalance at 3 a.m. while you sleep — and it never once holds your private key. Six months ago, that sentence was science fiction. Today, over 25,000 Ethereum wallets have already upgraded to EIP-7702 smart accounts, and session keys are turning autonomous DeFi trading from a custody nightmare into a scoped, time-limited, revocable reality.

The Custody Paradox: Why AI Agents Needed a New Key Model

The explosion of on-chain AI agents in 2026 — from Coinbase's Agentic Wallets processing millions of autonomous transactions to 30% of Polymarket volume generated by bots — exposed a fundamental tension. For an agent to trade on your behalf, it traditionally needed one of two things: your private key (catastrophic if compromised) or a separate wallet with pre-funded assets (capital-inefficient and hard to coordinate).

Neither option scaled. The $450K Lobstar Wilde incident in late 2025 demonstrated what happens when an autonomous agent holds unrestricted wallet access: a single misconfigured spending limit triggered a cascade of unintended purchases. And North Korean deepfake campaigns specifically targeted crypto founders by impersonating trusted contacts over Zoom — social engineering that could hand agent credentials to attackers.

The industry needed a mechanism that gave agents enough authority to act but narrow enough permissions to prevent disaster. EIP-7702 and session keys delivered exactly that.

What EIP-7702 Actually Does (In Plain English)

Activated on May 7, 2025, as part of Ethereum's Pectra upgrade, EIP-7702 introduces a new transaction type (Type 4) that lets any Externally Owned Account — the standard Ethereum wallet controlled by a private key — temporarily behave like a smart contract without changing its address.

Here is the mechanism in three steps:

  1. Authorization signing: The wallet owner signs an authorization tuple pointing to a specific smart contract (called a "delegate").
  2. Code delegation: The EVM stores a special prefix (0xef0100 + delegate address) in the EOA's code field. When any transaction targets this EOA, the EVM loads and executes the delegate contract's bytecode.
  3. Context preservation: The delegate code runs in the context of the original wallet — same address, same balance, same storage. It is functionally equivalent to delegatecall.

The result is that your MetaMask or Coinbase Wallet address gains smart contract superpowers — transaction batching, gas sponsorship, and crucially, programmable access delegation — without migrating to a new address or deploying a separate contract.

This stands in contrast to the earlier ERC-4337 approach, which required users to create entirely new smart contract wallets with different addresses. EIP-7702 lets you upgrade in place.

Session Keys: The Permission Scoping Layer

Session keys are the access control mechanism that makes EIP-7702 safe for autonomous agents. Think of them as valet keys for your crypto wallet — they start the car but cannot open the trunk or exceed a speed limit.

A session key is a temporary cryptographic key pair generated specifically for a limited interaction. When you delegate your EOA to a smart account via EIP-7702, the delegate contract can enforce granular permission policies on session keys:

  • Time limits: The key expires after 24 hours, one week, or any custom duration.
  • Spending caps: Maximum of $500 per transaction or $5,000 per session.
  • Function restrictions: The key can only call swap() on Uniswap or deposit() on Aave — nothing else.
  • Asset constraints: Only interact with USDC and ETH, ignoring all other tokens.
  • Rate limiting: Maximum 10 transactions per hour.

If an AI agent's session key is compromised, the attacker gains access only to the narrowly scoped permissions — not the full wallet. And the key automatically expires. ZeroDev, one of the leading smart account platforms, describes this as "privilege de-escalation": even a malicious dapp using a session key cannot steal everything from you.

How AI Agents Use Session Keys in Practice

The workflow for an autonomous DeFi agent using EIP-7702 session keys looks like this:

Step 1 — Setup (one-time) The user delegates their EOA to a smart account implementation (e.g., ZeroDev Kernel, Safe, or Coinbase Smart Wallet) via a Type 4 transaction.

Step 2 — Session creation (per-agent) The user creates a session key for their AI agent with specific permissions: "You may execute swaps on Uniswap V4 and deposit into Aave V4 lending pools, spending up to $10,000 USDC total, for the next 7 days."

Step 3 — Autonomous execution The AI agent uses its session key to sign transactions. The smart account validates each transaction against the session policy before execution. No human confirmation needed — the policy is the guardrail.

Step 4 — Expiration or revocation The session key expires automatically. The user can also revoke it at any time by updating the delegate contract's permission list.

This pattern enables a new class of DeFi strategies: dollar-cost averaging bots that buy ETH every 4 hours, yield optimizers that rebalance across lending protocols hourly, and arbitrage agents that operate 24/7 — all without the user ever sharing their seed phrase.

Adoption: 25,000 Wallets and Counting

The numbers tell the story of EIP-7702's traction since the Pectra upgrade:

  • 25,000+ smart accounts upgraded across chains — 13,013 on Ethereum, 5,588 on Optimism, 5,261 on BSC, 2,851 on Base, and 229 on Gnosis.
  • 11,000+ authorizations within the first week of Pectra's launch alone.
  • ~1,000 daily interactions as of early 2026, with steady growth.
  • OKX Wallet leads adoption with 3,100 delegations, followed by MetaMask with 1,300 authorizations (though MetaMask holds more ETH in delegate contracts).

Infrastructure providers have moved fast. Pimlico offers bundler and paymaster services for EIP-7702 accounts. ZeroDev provides a complete SDK supporting both ERC-4337 and EIP-7702, with session key permissions built in. Circle highlighted how EIP-7702 unlocks gasless USDC transactions — a critical feature for AI agents that should not need to hold ETH just to pay gas fees.

Coinbase's Agentic Wallets, launched in February 2026, use Trusted Execution Environments (TEEs) to secure agent keys while leveraging EIP-7702 smart account capabilities for permission scoping. The architecture ensures AI agents never see or store the user's primary private key — they only operate through session keys with enforced ceilings and time limits.

EIP-7702 vs. ERC-4337: Complementary, Not Competing

A common misconception is that EIP-7702 replaces ERC-4337. In practice, the two standards work together:

FeatureERC-4337EIP-7702
Requires hard forkNo (application layer)Yes (protocol level)
Account addressNew smart contract addressSame EOA address
Gas overheadHigher (bundler + EntryPoint)Lower (native execution)
Infrastructure maturityProduction since 2023Production since May 2025
Session key supportVia smart account modulesVia delegate contracts
msg.sender preservationNo (EntryPoint is sender)Yes (EOA remains sender)

The optimal approach in 2026 is to use EIP-7702 to upgrade an existing EOA into a smart account that is also compatible with ERC-4337 infrastructure — getting native msg.sender preservation while plugging into established bundler networks and paymasters.

The Dark Side: Phishing and Delegation Attacks

EIP-7702 is not without risks, and the security landscape has been sobering.

Within months of the Pectra upgrade, phishing groups including Inferno Drainer and Pink Drainer weaponized EIP-7702 delegations. Their approach is deceptively simple: trick a user into signing a delegation authorization that points to a malicious contract, and the attacker's code now executes in the context of the victim's wallet.

The numbers are alarming. Research published in late 2025 found that over 90% of EIP-7702 delegations observed on-chain were linked to malicious contracts. Phishing attacks exploiting the delegation mechanism drained an estimated $12 million from 15,000+ wallets. In one high-profile case, a single victim lost $1.54 million after approving what appeared to be a routine swap but was actually a sweeping logic contract.

The fundamental vulnerability is that a single malicious authorization converts an EOA into a persistent proxy under attacker control. Unlike a token approval (which only exposes one asset), a malicious delegation gives the attacker control over the entire account — including future incoming funds.

Key Security Practices

For developers building on EIP-7702:

  • Validate delegate contract addresses against known registries before presenting authorizations to users.
  • Implement human-readable authorization summaries that clearly show what permissions are being granted.
  • Treat unknown delegations as evidence of a fully compromised wallet — revocation alone may not be sufficient.

For users:

  • Never sign EIP-7702 authorizations on unfamiliar sites, especially those disguised as free mints or airdrops.
  • Verify the delegate contract address independently before signing.
  • Use hardware wallets (Ledger has updated firmware for Pectra compatibility) for high-value accounts.

What Session Keys Mean for the Future of DeFi

Session keys represent something bigger than a technical convenience — they are the permission layer that makes agentic finance viable at scale.

Consider the trajectory: in 2024, AI agents needed full wallet access to trade. In 2025, EIP-7702 introduced scoped delegation. By 2026, platforms like ZeroDev, Pimlico, and Openfort offer production-ready session key infrastructure with policies that rival traditional financial authorization systems.

The implications extend beyond DeFi trading:

  • Subscription payments: Session keys with monthly spending caps enable recurring on-chain payments without repeated approvals.
  • Gaming: Players authorize session keys for in-game transactions, eliminating the friction of signing every action while preventing exploits beyond the game's scope.
  • Enterprise treasury management: Corporate wallets delegate scoped access to department-specific agents — procurement bots, payroll systems, yield management — each with distinct permission boundaries.
  • Cross-chain operations: Session keys can authorize agents to operate across multiple chains via chain abstraction layers, enabling multi-chain DeFi strategies from a single wallet.

The combination of EIP-7702's in-place account upgrade and session keys' granular permissions creates a security model where the user's primary key never leaves cold storage, while agents operate with exactly the authority they need — no more, no less.

For an ecosystem where $17 billion was lost to hacks and scams in 2025, and where AI-enabled fraud is 450% more profitable than traditional methods, session keys are not a luxury. They are the minimum viable security model for a world where autonomous agents handle real money.

Building on Ethereum, Sui, Aptos, or other chains with AI agents? BlockEden.xyz provides enterprise-grade RPC and API infrastructure designed for the high-throughput, low-latency demands of autonomous DeFi strategies. Explore our API marketplace to power your next agentic application.

Share on Twitter