Hackers using a fragment of code to access the private keys of Ethereum addresses have stolen $60 million worth of cryptocurrency over six months, according to on-chain sleuth ScamSniffer.
1/ Wallet Drainers are misusing Create2 to bypass security alerts in some wallets by generating new addresses for each malicious signature.
After a discussion with @SlowMist_Team, a group has employed the same technique in Address Poisoning to steal $3M since Aug. pic.twitter.com/yCdJs6Zke7
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) November 12, 2023
According to him, the attackers use a portion of the Create2 code, which is often employed by major protocols like Uniswap to predict the contract address before its deployment on the network.
Using Create2, criminals can instantly create temporary addresses to receive stolen funds. The victim, during interaction with the compromised smart contract, receives a notification requesting signature approval.
When a signature permission request is sent, it is often masked. After approval, all funds are sent to the attackers.
Using Create2 enables bypassing the security warnings that usually prompt the user before signing.
According to researchers, over the past six months about 99,000 wallets fell victim to such manipulation.
In addition, experts highlighted a hacker group that since August has alone stolen $3 million by using the Create2 method.
Earlier, the damage from hacker attacks across 23 incidents fell to $51 million — 85.6% lower than a month earlier.
Later, analyst ZachXBT reported a hack of a crypto wallet worth $27 million.