Home
Scams
Unmasking the Ethereum Heist: $60M Pilfered Over Six Months

Unmasking the Ethereum Heist: $60M Pilfered Over Six Months

Scams

HANZO

Nov 14, 2023 at 08:00 am

Criminals have employed a code known as Create2 to elude security alerts during the process of users endorsing malicious signatures, allowing them to pilfer over $60 million in cryptocurrency within a span of six months, as disclosed by investigative entity ScamSniffer.

1/ Wallet Drainers are misusing Create2 to bypass security alerts in some wallets by generating new addresses for each malicious signature.

After a discussion with @SlowMist_Team, a group has employed the same technique in Address Poisoning to steal $3M since Aug. pic.twitter.com/yCdJs6Zke7
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) November 12, 2023

These malicious actors leverage Create2, a code utilized by platforms like Uniswap to forecast a contract's address before it becomes operational on the Ethereum network. Through the misuse of Create2, these perpetrators swiftly generate temporary wallet addresses for fund reception once a user engages with a deceitful signature. Users, when initiating fund transfers or interacting with smart contracts, are typically prompted to "approve" a signature. Hackers exploit this authorization process, embedding hidden permissions within the signature to compromise a user's wallet.

The ingenious use of Create2 serves to bypass the customary security alerts that would normally caution users before confirming such signatures. Research findings from ScamSniffer and SlowMist suggest that approximately $60 million has been siphoned from nearly 99,000 victims over the past half-year.

A specific group has harnessed the Create2 code to abscond with $3 million from 11 victims since August. The prevalence of cryptocurrency-related hacks and exploits has escalated in recent months, exemplified by the Poloniex exchange succumbing to a $114 million loss due to a hot wallet breach just last week. Additionally, victims of the LastPass breach experienced a staggering $4.4 million loss in a single day in October.