Beware, Hackers Are Using The Ethereum CREATE2 Opcode For Fraud
Latest News News

Beware, Hackers Are Using The Ethereum CREATE2 Opcode For Fraud

  • Hackers are utilizing the Ethereum network’s CREATE2 opcode, originally intended for pre-determining contract addresses.
  • This exploitation has led to substantial financial damages, with a notable case involving a user losing $927,000 in GMX tokens.
  • According to a security report, scams represented 28% of total investor losses in the first half of 2023, totaling $184.17 million.

In a recent but disturbing development in the cryptocurrency space, hackers have begun exploiting the Ethereum network’s CREATE2 opcode, circumventing security protections in certain wallets and causing considerable losses for investors. 

Blockchain security firm Scam Sniffer highlighted this issue, revealing a worrying trend among cybercriminals.

The CREATE2 opcode, which was originally intended to anticipate the address of a contract before deployment, has found an unforeseen usage in the hands of scammers. Notably, the popular decentralized exchange Uniswap uses this functionality to create pair contracts. However, fraudsters are now using this capability to generate new addresses with a bad signature, allowing them to avoid security checks.

Because of this security flaw, unknowing investors have signed off on transactions that permit unlawful fund transfers. Scam Sniffer provides an eye-catching example of a user, John Doe, who lost $927,000 in GMX tokens after unwittingly authorizing a “signal transfer” transaction. This event demonstrates how sophisticated these scams are becoming.

Read Also: Why Is Russia Coming After Coinbase Now?

Scam Sniffer’s investigations, supplemented by SlowMist’s blockchain security insights, have found frightening numbers. In just six months, the most common group of CREATE2 wallet drainers had collected roughly $60 million by attacking nearly 99,000 victims. Since August, another organization, discovered through address poisoning measures, has taken about $3 million from 11 individuals, with one individual losing $1.6 million.

These insights shed light on the constantly changing world of cryptocurrency risks. Indeed, the FootPrint x Boesin H1 2023 security report offers a bleak picture: scams accounted for 28% of overall investor losses in the first half of the year, totaling $184.17 million.

Scam Sniffer has reported two large scam instances in the last 48 hours, with victims losing $468,000. These incidents highlight the ongoing challenge of assuring cryptographic security and the need for bitcoin users to maintain constant awareness.

Scam Sniffer’s findings are a sharp reminder of the ongoing conflict between innovation and exploitation in the digital banking business, as the industry grapples with increasingly sophisticated challenges. The business finishes its study by asking the cryptocurrency community to exercise extreme vigilance and verify all transactions, recognizing that the cycle of discovery and countermeasures in bitcoin security is an ongoing and evolving challenge.

Disclaimer: The information provided is not trading advice. holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.