Ethereum Hackers Exploit Create2 Code, Stealing $60M in Six Months

  • Ethereum’s security is compromised as hackers employ Create2 code to drain wallets undetected.
  • Over $60 million in crypto assets stolen, impacting nearly 100,000 users.
  • “An ingenious yet alarming use of Ethereum’s features,” reports on-chain investigation team ScamSniffer.

Investigation reveals a sophisticated Ethereum wallet drainer exploiting the Create2 code, successfully bypassing security alerts and leading to substantial losses for users.

The Mechanics of the Create2 Exploit

Ethereum-ETH

According to ScamSniffer, hackers have manipulated a piece of Ethereum code, known as Create2, to bypass traditional security measures. Create2, typically used in applications like Uniswap for predicting contract addresses, has become a tool for malicious activities. By creating temporary wallet addresses, these drainers transfer funds unnoticeably after users unknowingly approve malicious signatures.

Bypassing Security Protocols

The exploitation of Create2 enables hackers to circumvent the usual security alerts that warn users of suspicious activities. This stealth approach has facilitated the unauthorized access to private keys and the subsequent draining of wallets. The signature approval process, often a security checkpoint, is now a vulnerability exploited by these attackers.

Impact and Scale of the Exploit

Research by ScamSniffer and SlowMist highlights the magnitude of this exploit: approximately $60 million stolen from about 99,000 victims in just six months. A specific group using this method amassed $3 million from 11 victims since August, showcasing the exploit’s effectiveness.

Wider Context: Rising Crypto Hacks and Exploits

This incident is part of a larger trend of cryptocurrency hacks. Recently, Poloniex exchange suffered a $114 million loss due to a hot wallet breach, and LastPass users lost $4.4 million in a single day in October. These incidents underline the escalating challenges in crypto asset security.

Conclusion

The Create2 exploit on Ethereum poses significant challenges to the security of digital assets. As hackers devise more sophisticated methods to bypass security protocols, the need for enhanced protective measures becomes increasingly vital. This incident serves as a stark reminder of the ongoing vulnerabilities within the cryptocurrency ecosystem.

BREAKING NEWS

COINBASE.ETH ACQUIRES UPONLY NFT FROM COBIE FOR 25M USDC: ONCHAIN

COINBASE.ETH ACQUIRES UPONLY NFT FROM COBIE FOR 25M USDC:...

USDC Whale Moves 610 Million USDC to Aave, Borrows 66,000 ETH (~$265M) and Deposits ETH into Binance

According to LookIntoChain data cited by COINOTAG News on...

UK Regulator Eases Crypto Rules as BlackRock Launches Bitcoin-Linked iShares ETP on London Stock Exchange

Following the UK financial regulator's relaxation of crypto investment...

Whale Collateralizes $390M USDC to Borrow 42,000 ETH on Aave, Transfers to Binance

According to on-chain data analyst Yu Jin, a prominent...
spot_imgspot_imgspot_img

Related Articles

spot_imgspot_imgspot_imgspot_img

Popular Categories

spot_imgspot_imgspot_img