In a concerning development within the cryptocurrency space, hackers have begun exploiting the Ethereum network’s CREATE2 opcode, bypassing security features in some wallets and leading to significant losses for investors. Blockchain security firm Scam Sniffer highlighted this issue, revealing a worrying trend among cybercriminals.
The CREATE2 opcode, initially designed to predict a contract’s address before deployment, has found an unintended use in the hands of fraudsters. Notably, this feature is employed by the popular decentralized exchange Uniswap for creating pair contracts. However, cybercriminals now leverage this capability to generate new addresses with a malicious signature, circumventing security checks.
This security loophole has resulted in unsuspecting investors signing off on transactions that facilitate unauthorized fund transfers. A striking example provided by Scam Sniffer involves a user, John Doe, who lost $927,000 in GMX tokens after inadvertently authorizing a “signal transfer” transaction. This incident underscores the growing sophistication of these scams.
Scam Sniffer’s investigations, supplemented by blockchain security company SlowMist insights, have revealed alarming statistics. The predominant group of wallet drainers using CREATE2 has amassed around $60 million, targeting nearly 99,000 victims in just six months. Another group, identified through address poisoning tactics, has stolen approximately $3 million from 11 victims since August, with one individual losing $1.6 million.
These revelations highlight the evolving landscape of cryptocurrency threats. Indeed, the FootPrint x Boesin H1 2023 security report paints a grim picture: scams accounted for 28% of total investor losses, amounting to $184.17 million in the first half of the year alone.
In just the past 48 hours, Scam Sniffer has recorded two significant scam incidents, with victims losing $468,000. These events underscore the persistent challenge of ensuring cryptographic security and the need for continuous vigilance among cryptocurrency users.
As the industry grapples with these sophisticated threats, Scam Sniffer’s findings are a stark reminder of the ongoing battle between innovation and exploitation in the digital finance. The firm concludes its report by urging the crypto community to exercise heightened caution and verify all transactions, acknowledging that the cycle of discovery and countermeasures in cryptocurrency security is a constant and evolving challenge.
Source: https://www.cryptopolitan.com/hackers-misuse-ethereum-feature-for-fraud/