Ethereum Wallet Drainer Steals $60M in Six Months
Hackers are using a piece of code called Create2 to bypass security alerts when users sign malicious signatures.
Nov 13, 2023 at 3:56 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/V42AF25WPBFHBNZBV6YQB4E224.jpg)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.
The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.
By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to "approve" a signature, hackers often disguise permissions within this signature to gain access to a user's wallet.
The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.
Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.
One group has been using the Create2 code to steal $3 million from 11 victims since August.
Cryptocurrency-related hacks and exploits have become prevalent in recent months with exchange Poloniex losing $114 million in a hot wallet breach last week. Victims of the LastPass breach also lost $4.4 million in a single day in October.
:format(webp)/www.coindesk.com/resizer/fczAGHsWLFXiMV23oZZmkW19Ots=/arc-photo-coindesk/arc2-prod/public/D4HEG34XFVFVJHPXEEJAEFZ3SI.jpg)
Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.