Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 

Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Brian Yue
Author Categories
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2's capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature. 
Source: Pixabay

Hackers stole more than $60 million worth of crypto in six months from Ethereum wallets with Create2, according to on-chain sleuth ScamSniffer.

On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2’s capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature.

When users send funds or engage with a contract, they are typically prompted to “approve” a signature. The hackers are exploiting this process by concealing unauthorized permissions within the signature, thereby gaining access to a user’s wallet.

The utilization of Create2 enables hackers to circumvent security alerts that would typically serve as a warning to users before they sign a signature.

Create2 is a code component employed by platforms such as Uniswap, allowing the prediction of a contract’s address before it is actually deployed on the Ethereum network.

Research conducted by ScamSniffer and SlowMist suggests that approximately $60 million has been pilfered from roughly 99,000 victims over the last six months. ScamSniffer additionally reported that another hacking group has been utilizing the Create2 code to abscond with $3 million from 11 victims since August, with one individual losing nearly $1.6 million.

By leveraging the address calculation method of Create2, attackers can proactively generate a significant number of addresses offline. Subsequently, they extract addresses that closely resemble the targeted ones, enabling them to initiate counterfeit transfers for the purpose of “address poisoning.”

Binance was almost another recent victim of address poisoning. In August, Binance sent $20 million to a fake address. However, the company noticed the error right after the transaction and was able to request the transferred USDT to be frozen in time, according to founder Changpeng Zhao.

Cryptocurrency-related hacks and exploits have witnessed a surge in recent months, exemplified by the recent hot wallet breach at Poloniex, resulting in a loss of $114 million. Additionally, victims of the LastPass breach experienced losses amounting to $4.4 million in a single day in October.

 

More Articles

Price Analysis
Shiba Inu Whale Moves 1.23 Trillion SHIB – Massive Rally Starting? 
Trent Alan
Trent Alan
2025-02-06 22:37:02
Finance News
Trump Media and Technology Group Files for ETFs, SMAs
Julia Smith
Julia Smith
2025-02-06 22:15:10
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors