Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 

Watch Icon
News
Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 
Source: Pixabay

Hackers stole more than $60 million worth of crypto in six months from Ethereum wallets with Create2, according to on-chain sleuth ScamSniffer.

On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2’s capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature.

When users send funds or engage with a contract, they are typically prompted to “approve” a signature. The hackers are exploiting this process by concealing unauthorized permissions within the signature, thereby gaining access to a user’s wallet.

The utilization of Create2 enables hackers to circumvent security alerts that would typically serve as a warning to users before they sign a signature.

Create2 is a code component employed by platforms such as Uniswap, allowing the prediction of a contract’s address before it is actually deployed on the Ethereum network.

Research conducted by ScamSniffer and SlowMist suggests that approximately $60 million has been pilfered from roughly 99,000 victims over the last six months. ScamSniffer additionally reported that another hacking group has been utilizing the Create2 code to abscond with $3 million from 11 victims since August, with one individual losing nearly $1.6 million.

By leveraging the address calculation method of Create2, attackers can proactively generate a significant number of addresses offline. Subsequently, they extract addresses that closely resemble the targeted ones, enabling them to initiate counterfeit transfers for the purpose of “address poisoning.”

Binance was almost another recent victim of address poisoning. In August, Binance sent $20 million to a fake address. However, the company noticed the error right after the transaction and was able to request the transferred USDT to be frozen in time, according to founder Changpeng Zhao.

Cryptocurrency-related hacks and exploits have witnessed a surge in recent months, exemplified by the recent hot wallet breach at Poloniex, resulting in a loss of $114 million. Additionally, victims of the LastPass breach experienced losses amounting to $4.4 million in a single day in October.

 

The post Hackers Loot $60 Million From Ethereum Wallets With Create2 Code  appeared first on Cryptonews.

 
More News

Polygon Nearly Matches Ethereum in Crypto ...

Watch Icon
Last updated

Layer-2 scaling network Polygon (MATIC) came close to matching Ethereum (ETH) in terms of crypto user acquisition in 2023. According to blockchain analytics firm Flipside, Polygon acquired an impressive 15.24 million users during the year, falling just shy of Ethereum’s 15.4 million users. To define an “acquired” user, Flipside considered individuals who conducted at least The post Polygon Nearly Matches Ethereum in Crypto User Acquisition in 2023 appeared first on Cryptonews.

ESMA Unveils Plan to Address Crypto Risks ...

Watch Icon
Last updated

The European Securities and Markets Authority (ESMA) is actively preparing for the implementation of the Markets in Crypto-Assets (MiCA) regulation, marking a significant milestone in bringing comprehensive oversight to the digital asset space. As the ESMA prepares for the enforcement of the MiCA regulation, it has devised a comprehensive plan to address risks associated with The post ESMA Unveils Plan to Address Crypto Risks Ahead of MiCA Regulation Implementation appeared first on Cryptonews.

BIS Proposes More Bank Supervision After 2...

Watch Icon
Last updated

The Bank for International Settlements (BIS) cited the concentration of crypto assets in banks as one of the reasons for the 2023 banking crisis. At the end of June 2022, banks had $4.2 billion in direct exposure to crypto assets. Signature Bank, the BIS argues, failed to perceive the risks of relying on crypto industry […]

Back to Top