Hackers Loot $60 Million From Ethereum Wallets With Create2 Code 

Last updated:
Author
Brian Yue
Author Categories
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2's capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature. 
Source: Pixabay

Hackers stole more than $60 million worth of crypto in six months from Ethereum wallets with Create2, according to on-chain sleuth ScamSniffer.

On Sunday, X user ScamSniffer claimed that the hackers were taking advantage of Create2’s capability to pre-calculate contract addresses, allowing them to generate new addresses for each malicious signature.

When users send funds or engage with a contract, they are typically prompted to “approve” a signature. The hackers are exploiting this process by concealing unauthorized permissions within the signature, thereby gaining access to a user’s wallet.

The utilization of Create2 enables hackers to circumvent security alerts that would typically serve as a warning to users before they sign a signature.

Create2 is a code component employed by platforms such as Uniswap, allowing the prediction of a contract’s address before it is actually deployed on the Ethereum network.

Research conducted by ScamSniffer and SlowMist suggests that approximately $60 million has been pilfered from roughly 99,000 victims over the last six months. ScamSniffer additionally reported that another hacking group has been utilizing the Create2 code to abscond with $3 million from 11 victims since August, with one individual losing nearly $1.6 million.

By leveraging the address calculation method of Create2, attackers can proactively generate a significant number of addresses offline. Subsequently, they extract addresses that closely resemble the targeted ones, enabling them to initiate counterfeit transfers for the purpose of “address poisoning.”

Binance was almost another recent victim of address poisoning. In August, Binance sent $20 million to a fake address. However, the company noticed the error right after the transaction and was able to request the transferred USDT to be frozen in time, according to founder Changpeng Zhao.

Cryptocurrency-related hacks and exploits have witnessed a surge in recent months, exemplified by the recent hot wallet breach at Poloniex, resulting in a loss of $114 million. Additionally, victims of the LastPass breach experienced losses amounting to $4.4 million in a single day in October.

 

More Articles

Altcoin News
Goldman Sachs Ramps Up Ether ETF Holdings by 2,000% as Bitcoin ETF Stash Surpasses $1.5B in Q4 2024
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-12 07:27:13
Altcoin News
IRS Urges Appeals Court to Dismiss Crypto Founder’s Challenge to Tax Summonses
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-12 06:02:14
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors