BNB -2.36%
$570.84
BTC -1.00%
$65,429.99
DOGE -5.26%
$0.14
ETH -2.21%
$2,953.62
PEPE -1.32%
$0.000010
XRP -0.31%
$0.51
SHIB -3.27%
$0.000024
SOL -1.74%
$160.82
TG Casino
powered by $TGC
Cryptonews Blockchain News Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 

Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 

Brian Yue
Brian Yue
Last updated: | 1 min read
On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2's capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature. 
Source: Pixabay

Hackers stole more than $60 million worth of crypto in six months from Ethereum wallets with Create2, according to on-chain sleuth ScamSniffer.

On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2’s capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature.

When users send funds or engage with a contract, they are typically prompted to “approve” a signature. The hackers are exploiting this process by concealing unauthorized permissions within the signature, thereby gaining access to a user’s wallet.

The utilization of Create2 enables hackers to circumvent security alerts that would typically serve as a warning to users before they sign a signature.

Create2 is a code component employed by platforms such as Uniswap, allowing the prediction of a contract’s address before it is actually deployed on the Ethereum network.

Research conducted by ScamSniffer and SlowMist suggests that approximately $60 million has been pilfered from roughly 99,000 victims over the last six months. ScamSniffer additionally reported that another hacking group has been utilizing the Create2 code to abscond with $3 million from 11 victims since August, with one individual losing nearly $1.6 million.

By leveraging the address calculation method of Create2, attackers can proactively generate a significant number of addresses offline. Subsequently, they extract addresses that closely resemble the targeted ones, enabling them to initiate counterfeit transfers for the purpose of “address poisoning.”

Binance was almost another recent victim of address poisoning. In August, Binance sent $20 million to a fake address. However, the company noticed the error right after the transaction and was able to request the transferred USDT to be frozen in time, according to founder Changpeng Zhao.

Cryptocurrency-related hacks and exploits have witnessed a surge in recent months, exemplified by the recent hot wallet breach at Poloniex, resulting in a loss of $114 million. Additionally, victims of the LastPass breach experienced losses amounting to $4.4 million in a single day in October.

 

Most Popular

NFT News
Over One Million Pudgy Penguin Toys Sold in the Past Year
Blockchain News
What’s Happening In Crypto Today? Daily Crypto News Digest
Altcoin News
Tether CEO Calls Out Ripple Chief for Inciting Panic About USDT
Altcoin News
Financial Advisors Reluctant to Discuss Crypto with Clients Due to Legal Concerns, Survey Finds
Altcoin News
Philippines Central Bank Approves Trials for National Stablecoin Tied to Local Peso
Bitcoin News
Bitcoin Price Prediction as BTC Hits $60k After FED’s Rate Cut Comments – What’s Next?

Latest news

Bitcoin News
Bitcoin Price Prediction: BTC Above $65K Amid $100M Andrew Tate Investment and Supply Lows
Blockchain News
South Korean Police Arrest 34 in Swoop on Crypto-powered Drugs Smuggling Ring
Bitcoin News
Institutional Bitcoin Adoption Is Just Getting Started, Says Anthony Scaramucci
Blockchain News
Tether and TON Partner with Oobit for USDT-to-Fiat Transactions via Mobile App
Ethereum News
Community Launches Decentralized Memecoin To Take Anti-SEC Stance
Blockchain News
Mastercard’s Start Path Welcomes Five Startups to Develop Blockchain Use Cases
Blockchain News
India’s SEBI Open to Crypto Oversight, RBI Seeks Stablecoin Ban

Similar News