A worrying trend has seen hackers—wallet drainers in particular—start using the Ethereum network’s CREATE2 opcode to circumvent security safeguards in some wallets. This development was made public on Sunday by blockchain security company Scam Sniffer through an X post.
The purpose of the CREATE2 opcode was to enable contract address prediction prior to deployment. Most notably, Uniswap, a well-known decentralised exchange, uses it to make pair contract generation easier.
Cybercriminals have discovered a method around security checks with relation to investor wallets, nevertheless, by utilising this functionality. According to Scam Sniffer, hackers can easily create temporary new addresses with harmful signatures by using CREATE2.
When unsuspecting investors sign this crafted signature, the hackers deploy a contract at the predicted address and process an unauthorized transfer of assets. Using this technique, these bad actors have been able to operate undetected, siphoning large amounts of funds from innocent victims.
Scam Sniffer describes a sample event in which a victim lost $927,000 in GMX on Sunday as a result of unintentionally approving a “signalTransfer” transaction that gave hackers access to withdraw the funds to a contract address that had already been calculated.
According to Scam Sniffer, the primary wallet drainer organisation that has been taking use of the CREATE2 function has taken $60 million from an estimated 99,000 victims in the last six months.
Meanwhile, Scam Sniffer discovered that a different set of hackers has been employing the same method for address poisoning during a conversation with SlowMist, a well-known blockchain security company.
Results show that this second group has stolen assets worth around $3 million from 11 individuals since August, with $1.6 million coming from just one victim. Scam Sniffer concludes its research by advising cryptocurrency users to remain vigilant and double-check every transaction because there is probably no end in sight to the ongoing cycle of detection and counter-detection in the field.
Similar to cyberattacks, many investors continue to view cryptocurrency scams as a serious cause for concern. Scams caused a total asset loss of $184.17 million, or 28% of investor losses in the first half of the year, according to FootPrint x Boesin’s H1 2023 security report.
Notably, during the past 48 hours, Scam Sniffer has recorded two significant scam events in which the victims lost a total of $468, 000 in assets. The bitcoin ecosystem’s ongoing need for improved security measures is further highlighted by these attacks.