Exploiting CREATE2: Wallet Drainers Leverage Ethereum Opcode to Steal $60 Million
According to blockchain security company Scam Sniffer, hackers are finding a way to leverage the CREATE2 opcode on the Ethereum network to bypass security measures in select wallets. The CREATE2 opcode is designed to allow the prediction of a contract address before deployment, and it is being used by decentralized exchange Uniswap to create pair contracts.
However, cybercriminals are using this feature to generate momentary new addresses with a malicious signature, which, when signed by unsuspecting investors, allows hackers to deploy a contract at the predicted address and carry out an unauthorized transfer of assets. This method has allowed them to siphon $60 million from an estimated 99,000 victims over the last six months.
“Here is a real case happened 9 hours ago. A victim lost $927k worth of $GMX after signing a ‘signalTransfer(address receiver)’ transaction to the GMX Reward Router on Arbitrum.”
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer)
Scam Sniffer disclosed that in a particular incident, a victim lost $927,000 worth of GMX after inadvertently authorizing a “signalTransfer” transaction that allowed hackers to withdraw assets to a pre-computed contract address.
Another prominent blockchain security firm, SlowMist, revealed that a separate group of hackers has been using the same technique for address poisoning, stealing nearly $3 million worth of assets from 11 victims since August, with $1.6 million taken from a single victim.
The Continued Threat of Crypto Scams
In addition to hacks, crypto scams remain a significant concern for investors. According to FootPrint x Boesin’s H1 2023 security report, scams in the first half of the year resulted in a total asset loss of $184.17 million, accounting for 28% of recorded losses by investors.
Scam Sniffer has reported two major scam incidents in the last 48 hours, resulting in a combined $468,000 worth of asset loss. These incidents highlight the ongoing need for enhanced security measures in the cryptocurrency ecosystem.
Total crypto market valued at $1.382 trillion on the daily chart | Source: TOTAL chart on Tradingview.com
Featured image from iStock, chart from Tradingview
❗Follow us on Twitter to get all the latest crypto news as soon as they're out! 🚀