November 13, 2023 at 04:46PM
Malicious actors have been exploiting Ethereum’s ‘Create2’ function to bypass wallet security alerts, resulting in the theft of $60 million worth of cryptocurrency from 99,000 individuals in six months. The ‘Create2’ function allows the creation of smart contracts on the blockchain and has introduced benefits but also security implications. Scammers can abuse this function to generate fresh contract addresses, bypassing security alerts and tricking users into sending their assets to the attackers. It is advised to thoroughly check the recipient’s address before approving any cryptocurrency transactions.
Based on the meeting notes, it has been reported by Web3 anti-scam specialists at ‘Scam Sniffer’ that malicious actors have been exploiting Ethereum’s ‘Create2’ function to bypass wallet security alerts and steal cryptocurrency. This abuse of the Create2 opcode allows attackers to generate new contract addresses without any history of malicious transactions, enabling them to trick victims into signing transactions and transferring their assets to the attacker’s address.
One method of abuse involves deploying a contract at a pre-calculated address when a victim signs a malicious transaction, leading to a non-reversible transfer of assets to the attacker. Another method, known as ‘address poisoning,’ involves generating addresses similar to legitimate ones owned by the recipient, tricking users into sending assets to the threat actor’s address.
Scam Sniffer has recorded multiple victims losing millions of dollars due to these exploits, with some cases catching the attention of the community. To increase the chances of victims making the payment, threat actors may even send small amounts of cryptocurrency to register their address in the wallet’s history.
It is important to thoroughly review the recipient’s address before approving any cryptocurrency transactions and not just rely on the first and last few characters. This helps in ensuring the integrity of transactions and prevents falling victim to these types of scams.