Hackers Are Using The Ethereum CREATE2 Opcode For Fraud

  • Hackers are utilizing the Ethereum network’s CREATE2 opcode, originally intended for pre-determining contract addresses.
  • This exploitation has led to substantial financial damages, with a notable case involving a user losing $927,000 in GMX tokens.
  • According to a security report, scams represented 28% of total investor losses in the first half of 2023, totaling $184.17 million.

In a recent but disturbing development in the cryptocurrency space, hackers have begun exploiting the Ethereum network’s CREATE2 opcode, circumventing security protections in certain wallets and causing considerable losses for investors. 

Blockchain security firm Scam Sniffer highlighted this issue, revealing a worrying trend among cybercriminals.

The CREATE2 opcode, which was originally intended to anticipate the address of a contract before deployment, has found an unforeseen usage in the hands of scammers. Notably, the popular decentralized exchange Uniswap uses this functionality to create pair contracts. However, fraudsters are now using this capability to generate new addresses with a bad signature, allowing them to avoid security checks.

Because of this security flaw, unknowing investors have signed off on transactions that permit unlawful fund transfers. Scam Sniffer provides an eye-catching example of a user, John Doe, who lost $927,000 in GMX tokens after unwittingly authorizing a “signal transfer” transaction. This event demonstrates how sophisticated these scams are becoming.

Read Also: Why Is Russia Coming After Coinbase Now?

Scam Sniffer’s investigations, supplemented by SlowMist’s blockchain security insights, have found frightening numbers. In just six months, the most common group of CREATE2 wallet drainers had collected roughly $60 million by attacking nearly 99,000 victims. Since August, another organization, discovered through address poisoning measures, has taken about $3 million from 11 individuals, with one individual losing $1.6 million.

These insights shed light on the constantly changing world of cryptocurrency risks. Indeed, the FootPrint x Boesin H1 2023 security report offers a bleak picture: scams accounted for 28% of overall investor losses in the first half of the year, totaling $184.17 million.

Scam Sniffer has reported two large scam instances in the last 48 hours, with victims losing $468,000. These incidents highlight the ongoing challenge of assuring cryptographic security and the need for bitcoin users to maintain constant awareness.

Scam Sniffer’s findings are a sharp reminder of the ongoing conflict between innovation and exploitation in the digital banking business, as the industry grapples with increasingly sophisticated challenges. The business finishes its study by asking the cryptocurrency community to exercise extreme vigilance and verify all transactions, recognizing that the cycle of discovery and countermeasures in bitcoin security is an ongoing and evolving challenge.

Disclaimer: The information provided is not trading advice. holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *