Ethereum Wallet Drainer Steals $60M in Six Months đ„đ„đ„
Hackers are using a piece of code called Create2 to bypass security alerts when users sign malicious signatures.
Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.
The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.
By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to "approve" a signature, hackers often disguise permissions within this signature to gain access to a user's wallet.
The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.
Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.
One group has been using the Create2 code to steal $3 million from 11 victims since August.
â Please Beware Guys đ and start Safe đ
đ„Follow me đ„
